Advanced Filtering Rules for Outlook - Delete Emails With Specific Destination Hyperlink in Body?

Copper Contributor

Hello everyone!

New user here, but very excited to be surrounded by a passionate group of folks of varying backgrounds and skills- (well beyond my scope). Admittedly, I am a rather "green" user when it comes to anything programming-related or automation, but here is my best attempt at formulating my question.

I recently have decided to combat spam a little harder than usual and have been wondering if it is possible- (via Outlook's integrated built-in rules, or developer VBA scripts), to automatically delete (or outright refuse) an email with a certain body hyperlink?

I am aware of text-related rules, but the spammer has rather gracefully hijacked a few sender domains (ie: Costco, Dyson, etc.) and has fairly regular body text which could be easily mistaken from a genuine sender, so it's more body content--chiefly the destination links, themselves which most certainly redirects to phishing forms and are hard to distinguish as these can be buried in photos, footers or links with seemingly innocent descriptors- (ie: "Claim your Prize now!").


Furthermore, because of scammers changing links all the time, I would like to perhaps create a rule that filters out a specific sub-domain with maybe a wildcard ie:* <== (which would filter out everything *after* the asterisk: ie:;; etc.). I think this could prove effective as I do receive a fair amount of spam from this domain thief who by filtering them by sender isn't effective, nor are specific words, alone as they do often go through a fair bit of trouble using similar terminology as the company their mimicking would.


I was reading that Windows PowerShell (a scary blue screen to me) could run specific queries relating to "types" of instances and being able to action them as a result:


ie: Search-Mailbox ... -SearchQuery '(kind:email) AND received<#Date in MM/dd/yyyy format#' -DeleteContent <==Of course, I'd have to embed a search link with wildcard here somewhere..


I understand that PowerShell is outside of Outlook and being able to run this automatically upon receipt of every email wouldn't be practical, but I have heard that the developers edition of Outlook does, indeed run Visual Basic Scripts as "enhanced rules" for those that are nitpicky like myself.


Would it essentially be possible to:


-Enable Developer Mode for Outlook;

-Create a VBA-enabled rule;

-Enable a search query that searches the message body for specific destination links (truncated with a wildcard for generalize the spammers links), and;

-to delete or otherwise reject the email, despite the sender (as they domain hop all the time).


My knowledge of programming is fairly essential, but I am quite savvy and good at problem-solving. If anyone here is able to help me get the most out of my Outlook and stick it to the spammer, I would be forever grateful. It's one thing to have stuff land in my junk, but I'd like to clear the eye sore for good!


Kind regards,



4 Replies
it seems you have to create a Power Automate flow to do that.
Hello there,

Thank you kindly for your response! I have done a bit of reading on Automate (there also seems to be a fair amount of flows bundled with the standard business suite too).

forgive me as I'm quite "green" with Automate.. Might you know a good reference tool to pick out emails based on body links or contents mentioned above? I know there are built-in flows for simpler things, but I suspect this one might take a whole new level of geekery to get working!

Looking forward to sticking it to spam! Thank you kindly for your help in advance,



Hi @Cory-D,

Power Automate flow will work in the cloud even  when your Outlook is not running.

If you are interested in commercial development of such  thing, please email me directly.



@Cory-D  I'm seeing the same phenomenon - Sender's email address is bogus or a company's real email address.  Yet, the links' domain names are the same ( t[.]co  , sht[.]moe , rb[.]gy , etc ).  I'd like to see a outlook rule that searchs for a specified HREF domain name in an email then moves/deletes if found.