Add a Report Phishing Button in Outlook

Add a ‘report phishing’ button in Outlook; forward spam and phishing emails to your internal security team the right way!

    • NOTE:  This article has been updated with an additional easier option for building an enterprise-wide phishing button.  Check it out here.  

PhishMe offers a great solution for the enterprise with its anti-phishing training and phishing simulations.   The service also provides an easy way for end-users to report the messages to their IT department and use for statistical tracking.  Their solution for end-user reporting is an add-in in Outlook, providing a simple way for the end-user to click a button to report messages.   I wanted the same thing for my security program, but we didn’t contract with PhishMe,  so I needed another solution.   I didn’t want to enlist a developer to create an Outlook add-in button, so  I came up with a relatively easy solution.   If you are good at scripting or have some workstation management tools this should be no problem to implement across the enterprise.   Below are the steps you can use to reproduce a  ‘report phish’ button in Outlook that automatically sends your security or IT department a full copy of the phishing emails.   It also does much more that forwards the email, it sends the junk mail as an attachment in an email, preserving the message headers that will be needed for forensics.


  1. Install the Microsoft Junk Email reporter add-in for Outlook 2010 or 2013. The download can be retrieved at


  1. Open Outlook and verify you now see the junk options in the ribbon.

Outlook phish button






  1. phishing outlook button 3Right click a blank space in the ribbon and choose ‘Customize Ribbon’. On the right side, under “Customize the Ribbon” select Main Tabs, and expand the Home (Mail) tab.  Click the ‘New Group’ button and rename it to be something useful “report junk” or “report phish”.


4. Next, select the  ‘report junk’ button on the left side, and add it to the ‘report phish’ group you just created by clicking the ‘add>>’ button.    Rename it and give it an icon of your choice.  Now you should have a new icon in your main mailbox view that you can use to report junk.  By default, the add-in will only report the junk to Microsoft, however with a registry hack you can blind-copy  (bcc) an email address of your choice.  the full junk mail message will be sent as an attachment, with all the header information that is missing from a forwarded message.   This works great for sending to an IT department or a security operations center (SOC).

outlook phish 4





Your Outlook ribbon should now look similar to this:

outlook phish button toolbar


How to report phishing to your IT department across the enterprise.  If you want the junk email reporter to forward to your IT department, add the destination email address to the registry using the following registry key.  (Typical registry hack warning here, don’t do this if you don’t know what you are doing…)  You can also copy the following lines and create your own .reg file, I’ll leave that up to you.   Replace the email address in the code with the address that will get a copy of the message.

“Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Junk E-mail Reporting\Addins]”BccEmailAddress”=””



  1. (Optional) Open up an email in outlook.  Since Outlook uses a new ribbon for this view, you have the option of putting the new button in the mail-read view too.  Now repeat steps 3-6 to create a button in the mail-read view if you choose.


  1. Now that you have created the new buttons, test them to make sure they work using an email address of your choice.


  1. If you want to apply this to multiple computers across the enterprise, there are several ways you can do it. Use a script, SCCM or a workstation admin tool of your choice.  Make sure the following three requirements are met on your PC’s and you should be good to go:
    1. Verify that the junk email reporting add-in is installed.
    2. Copy the .reg key from step 7 to all computers, or manually edit the registry with the email address you want the junk email to be forwarded to.
    3. From your working, test computer, find the files called olkexplorer.officeUI and olkmailread.officeUI  in C:\Users\%username%\AppData\Local\Microsoft\Office\     These files contain the ribbon info that you just created.  You can copy them to the user’s profiles, overwriting the files that are currently there.   *note, this may delete previously created custom ribbons if they exist.   It may be a good idea to rename the old files first.
    4. Restart outlook

I’ve noticed that this does not work in 64bit Office installs, I assume this has something to do with the junk email reporting add-in.  These instructions will work with Windows 7 and office 2010, and 2013.    It takes a little effort to get this working enterprise-wide, but when combined with security training and phishing simulations it gives you some great information on how end-users react to phishing emails.  It also empowers the end-user.  They are now becoming part of the solution, instead of part of the problem.

I really like to hear from you!  Let me know if you try this, or if you have any other solutions to make life a little better while fighting spam and phish attacks!

If you want to better understand the adversary, Brian Krebs has a great book called Spam Nation.  I highly recommend a read through.  The book is available through Amazon and the affiliate link is below.

NOTE:  This article has been updated with an additional easier option for building an enterprise-wide phishing button.  Check it out here. 



  1. Pingback: How to Manage Spear Phishing Threats -

  2. Pingback: 3 Ideas to Help Create Phishing Awareness

  3. Rocky - Reply

    Seeing as it was a function implemented to send phishing mails to Microsoft, it the mail also actually bcc’d to them ? Or is it limited to the registry key configured mail account ?

    Great work btw,


    • Spencer - Reply

      I believe it IS actually sending to some “abuse@microsoft” account AND to who ever you specified in the BCC registry key..

        • Jef - Reply

          If you have a mail gateway, capable of blocking outgoing mail based on mail address and subject, you can have your gateway drop this mails to MS. (probably best AND condition : to: AND subject [Contains: “Whatever notification generated”]

    • David - Reply

      My company uses PeopleSec, they are the only solution I have seen actually stop our networks from getting malware. The only downside is that it actually works too good and some of the IT security people have been laid off…

  4. Tom Beck - Reply

    Instead load EdgeWave TheatTest button. Doesn’t send suspicious emails to IT, it sends to it’s own SOC to analyze and remove if needed. Easy peasy

  5. Marshall - Reply

    The article is very informative and helpful.
    I have tried to get this to install using SCCM on Win7 x64 running Office365 x32 as an app and it always fails to install the phishing option. Used the msi and correct command to install. Detection is set automatically using the msi. I tried to change to detect the Junk Mail folder in C:Program Files(X86)\Microsoft Junk Mail… , tried to use the registry setting to detect. In Appdiscoverylog I receive Performing detection of app deployment type Microsoft Junk E-mail Reporting Add-in – Windows Installer (*.msi file)(ScopeId_77ACFF9A-BD48-4751-B9FD-57EA754880E7/DeploymentType_ef111237-ab94-4d9a-aa53-cf52287f31ca, revision 3) for user. AppDiscovery 7/17/2018 1:36:51 PM 1936 (0x0790)
    +++ Application not discovered. [AppDT Id: ScopeId_77ACFF9A-BD48-4751-B9FD-57EA754880E7/DeploymentType_ef111237-ab94-4d9a-aa53-cf52287f31ca, Revision: 3] AppDiscovery 7/17/2018 1:36:51 PM 1936 (0x0790)
    +++ Did not detect app deployment type Microsoft Junk E-mail Reporting Add-in – Windows Installer (*.msi file)(ScopeId_77ACFF9A-BD48-4751-B9FD-57EA754880E7/DeploymentType_ef111237-ab94-4d9a-aa53-cf52287f31ca, revision 3) for S-1-5-21-842925246-1482476501-725345543-56229. AppDiscovery 7/17/2018 1:36:51 PM 1936 (0x0790)

  6. Craig Lawrence - Reply


    I know this is an old thread but I was wondering is there a way that I can make the message just be deleted instead of going to the end users junk e-mail folder?

  7. Pingback: Updated: Using the 'Report Message' add-in as phishing button in Outlook -

  8. Pingback: Top ways to protect your business against phishing attacks

Leave Comment

Your email address will not be published. Required fields are marked *