Forum Discussion
Microsoft To Do Flagged Email List has Created a New Attack Surface for Junk Email
Outlook and Microsoft To Do are being exploited by spammers to turn our Flagged email list into a cesspool of junk email. Outlook allows any outgoing email to be flagged and To Do will display any flagged email—including those in Outlook's Junk folder. Clearly To Do should filter out anything from the Junk folder.
I've reported this on Twitter and other feedback channels with zero response. Microsoft developers may never encounter this issue because they're behind enterprise-grade firewalls and SPAM filters.
- Update: On January 29, I finally got a response directly from a support engineer on the To Do team! He acknowledged that the issue was being addressed and asked me to keep in touch with any updates. Since then, I'm happy to report that the To Do Flagged and Important smartlists have been SPAM free. The only exception was a temporary, regression on Feb 19 that was repatched within 24 hours.
Now we can enjoy SPAM free To Do smartlists. Note: Any junk mail that made its way into To Do before this issue was fixed will have to be removed manually.
18 Replies
- I just ran into this on 6/20/23. Couldn't believe the list of sewage that suddenly showed up both in my "Important" and Flagged email. When I did a search on "Spam email showing up in Microsoft Todo" I found this thread and another.
I've always used the "Flagged email" feature and now the only "solution" is to turn that feature off completely in Todo, or set up my Junk Email settings to automatically delete suspicious emails. This is not a great solution either. Sorry to see here that this has been going on for some time.same. How do we delete these spam tasks en-masse? I have hundreds in my Microsoft To Do now that I want to start using it.
I Never found a way to delete them enmasse, but it certainly helped to first sort everything 'by importance' since the spammers typically sent them as 'High importance' (which shows up as 'starred' in Microsoft To Do) This can be done either in the phone app (via sort options) or Outlook desktop. Then, I chose to actually 'delete' them (vs just checking as 'done' since I didn't want them to still be listed if I chose to view my 'completed' tasks) Meanwhile, things seem to have greatly improved recently! i.e. some days no new ones added, so there's hope if you're willing to wade through all of the old 'garbage'
- Read through entire thread. Thanks for your diligence! and yes, it's still happening... I get 'flagged' emails appearing on my 'task list' that are so obviously spam that they don't even make it into my junk mail folder!! Since I do truly want to be able to benefit from my outlook flagged emails/task lists (primarily on my iPhone) I've so far just been deleting them daily - easiest if the flagged emails are sorted by 'importance' since most of the spam comes through as 'starred'
Very frustrating since it can't be that difficult to fix because the same messages clearly don't make it through the standard Outlook email filters! - I think this is what is happening for me; if I delete specific items from my Junk folder, from Outlook on my phone, they get sent to Deleted items instead of being permanently deleted.
Emails which have been sent to Deleted items are surfacing in the To-Do app,
Don't know if it's that folder or something about the interaction on the phone (Outlook app) which is causing it. Mike GlennI have the same issue continuing. It is really frustrating and a huge time waster. If this can't be resolved it really takes away any value ToDo could bring. couldn't temporarily you set up a way that ToDo doen't create, or automatically deletes tasks created by email in the JunkMail folder?
As soon as the issue occurred it disappeared again (probably after an update - certainly on my android device)... I noticed that an email in junk had the "important" and "flagged" markers BUT it was NOT showing in my task list. My issue last week was that items identified as junk where still appearing in Task List (so I'm happy that the issue is resolved).
definedrisk I believe you are correct. After being free of junk email in my Flagged and Important smartlists for about a year, it suddenly started appearing again on April 9th, then suddenly stopped again two days ago (April 11). I also see junk emails marked as important and/or flagged on April 12 and 13 (today) and none appear in my To Do smart folders.
Hopefully it won't happen again. Meanwhile, three days of junk mail getting into To Do has left quite a mess behind for us to clean up. Having to delete 30-40 (in my case) junk tasks one-at-a-time while being careful not to delete legitimate tasks is a royal PITA! Deleting all the junk emails from Outlook still leaves all the tasks behind. 😞
My guess is someone forgot to include the patch for this issue in the previous update, then noticed and patched it again a couple days ago.
Mike Glenn I just noticed the same issue today. I went on the desktop app to manually delete the tasks. I also noticed some of the tasks were there despite the email being deleted from the junk file. If I have to go do this on a regular basis it will make the to do app experience very bad. I hope someone from Microsoft can provide input. Thanks for posting this.
DRFLNY Thank you for taking the time to validate that I'm not the only person in the world seeing this issue. I discovered the Important task smartlist is also impacted by this Junk folder flaw.
I've reported this to Microsoft via multiple channels including here in Tech Community, Feedback Hub and social media such as Twitter and Facebook. So far, it's been completely ignored by Microsoft except for one resource on FB who suggested that I report it to the Outlook team! Despite the fact that it makes zero sense to try and blame this To Do flaw on Outlook, I went ahead and reported it to them as well. The result? No response. I'm starting to wonder if it will take an article in one or more of the large tech publications to get thier attention.
Anyway, there are much bigger issues in the world that need attention. Let's hope for a brighter and healthier 2021 for all of us!
- Update: On January 29, I finally got a response directly from a support engineer on the To Do team! He acknowledged that the issue was being addressed and asked me to keep in touch with any updates. Since then, I'm happy to report that the To Do Flagged and Important smartlists have been SPAM free. The only exception was a temporary, regression on Feb 19 that was repatched within 24 hours.
Now we can enjoy SPAM free To Do smartlists. Note: Any junk mail that made its way into To Do before this issue was fixed will have to be removed manually.
Dead silence. What kind of community is this?
Is anyone from Microsoft still around? Even if no one else is seeing this issue, perhaps someone could share that feedback?
