Users are increasingly urging Microsoft to revise how Outlook displays sender email addresses, citing the feature’s potential to aid phishing and scamming efforts. The issue has been a growing concern, with over 100 votes on Microsoftās support forums, where users and administrators argue that the current system, which prioritizes showing a senderās “friendly name” over the actual email address, poses significant security risks.
The problem lies in how Outlook presents emails in the inbox. Instead of displaying the full email address, Outlook often shows only the friendly name. While some versions of Outlook allow users to see the full email address by hovering over the name, others require the email to be opened to view this critical information. This makes it easier for phishing emails to appear legitimate, as users might not recognize a scam when only the friendly name is visible.
One user, frustrated by multiple instances of staff falling victim to phishing attempts, emphasized that even intelligent and tech-savvy individuals can be misled by the friendly name feature, especially when under stress or time pressure. The user argued that the option to disable sender aliases entirely should be available, as it would eliminate a significant security risk.
Another user echoed these sentiments, expressing disbelief that Microsoft has not yet addressed what they see as a well-known and easily fixable issue. They pointed out that while companies invest heavily in advanced security products like Microsoft Defender, this fundamental flaw in email display remains unaddressed, leaving organizations vulnerable to phishing attacks.
Despite workarounds available for older versions of Outlook, these are not practical solutions for most users. The issue is particularly problematic given Microsoft’s prominence in enterprise environments, where the productivity suite is widely used.
A reader contacted The Register, highlighting that enterprises are effectively forced to use the format dictated by Microsoft, which does not allow for displaying the true email address if an alias or friendly name exists. The reader expressed frustration that even Microsoft resellers acknowledge the problem but feel powerless to influence change.
Microsoft has yet to respond to inquiries about whether they plan to introduce a setting that would allow users to display the actual email address of senders by default. Users continue to call for a solution, stressing that the current feature not only creates financial risks for companies but also has severe implications for the mental health of individuals affected by phishing scams.