Do not click any hyperlinks in incoming emails. That’s the best way to combat against spam and phishing emails.

Not even links in emails from your trusted ones. Because those emails can also be fake.

The best approach is to disable the ability to click the links.

There are different ways in disabling hyperlinks in outlook emails. Each has its pros and cons. My favorite approach is to use Windows group policy.

  1. Outlook build in Junk E-mail filter
  2. Use Junk E-mail folder
  3. Set Windows group policy
  4. Extra Q&A: What to do when I really want to access the link?

1. Outlook build in Junk E-mail filter

Pros: use outlook as usual

Cons: only outlook identified spam/phishing emails will have hyperlinks disabled. You can still click the hyperlinks on your normal emails.

  • Click on Home > Junk > Junk E-mail Options
Outlook junk email options
  • select Disable links and other functionality in phishing messages and click Apply
Outlook junk email disable links

IMPORTANT: Each email account has its own Junk E-mail options. You need to set it for all email accounts.

2. Email rules and Junk E-mail folder

This method sends all emails to Junk E-mail folder and check your emails at Junk E-mail folder first. All hyperlinks are disabled in Junk E-mail folder by default.

You can optionally maintain Safe Senders list for their emails to go to Inbox

Pros: All hyperlinks are disabled

Cons: All emails in Junk E-mail folder are displayed in plain text, not HTML.

  • Click on Home > Junk > Junk E-mail Options
Outlook junk email options
  • select Safe Lists Only
Outlook Safe Lists Only
  • click on Safe Senders tab
  • uncheck Also trust email from my Contacts and click Apply
Outlook do not trust contacts
  • optionally add email addresses as safe sender to deliver their emails to Inbox instead

IMPORTANT: Each email account has its own Junk E-mail options. You need to set it for all email accounts.

3. Set Windows group policy

This method disables the default browser. My preferred method.

So when you click on a hyperlink, the link won’t be activated but instead gives you the following popup message.

Operation cancelled message

Internet Explorer is a thing in the past. Microsoft has moved on to Edge. We should stop using Internet Explorer anyway, especially for security reasons.

Therefore, we will disable Internet Explorer and use it as the default browser.

Pros: use outlook as usual and all hyperlinks are disabled.

Cons: disabling default browser affects the entire Windows. That means double click on a HTML file will not work. You would need to launch your preferred browser and then drag the file to the browser.

Set Internet Explorer as default browser

  • go to Settings > Apps > Default apps
default browser
  • click on Web browser and select Internet Explorer
set Internet explorer as default browser

Disable Internet Explorer for Windows 10 Pro

Note: If you are using Windows 10 Home, please go to the next section

  • click Windows Start button, type Edit group policy and hit enter
launch group policy
  • At Group Policy Editor screen, select User Configuration > Administrative Templates > System
  • then double click on Don’t run specified Windows applications
group policy to disable app
  • select Enabled
  • click Show button
group policy disable app
  • enter iexplore.exe and click OK
disable internet explorer
  • click OK on Don’t run specified Windows applications

Disable Internet Explorer for Windows 10 Home

Unfortunately, Windows 10 Home does not come with Group Policy Editor.

To disable Internet Explorer, we need to modify the registry keys directly.

  • run regedit.exe
  • go to HKEY_CURRENT_USER > Software > Microsoft > Windows > CurrentVersion > Policies
  • right click on Policies, then select New > Key and enter Explorer
registry add Explorer policy
  • right click Explorer, then select New > DWORD and enter DisallowRun
  • set DisallowRun‘s value to 1
registry adds DisallowRun value
  • right click on Explorer, then select New > Key and enter DisallowRun
registry adds DisallowRun key
  • right click on DisallowRun, select New > String Value
  • enter 1 as name
  • enter iexplore.exe as value
registry disable Internet explorer

That’s it. Restart your computer and hyperlinks in outlook emails should be disabled.

You can right click on the hyperlink and copy it. Then paste it to the browser.

It’s even better to run the browser in a separate virtual machine for safer web browsing. To find out more, check out Safer web browsing with vm on windows 10 hyper-v.

This Post Has 6 Comments

  1. I dont have the Disable links and other functionality in phishing messages” check box

    1. That’s strange. Maybe your version needs to setup differently?
      I tested these settings using Outlook for Microsoft 365

  2. Doesn’t work for me in Outlook 2013. Not neither with gpedit nor with registry. Hyperlinks in e-mails remain as clickable as ever.

    It’s been a wierd story though. Once, suddenly, links in 2013 went unclickable, with URL in flat text below. After some thought I decided this was safer and always went with copy paste into browser where necessary. Then I went to 2007, where the links had always been clickable, and suddenly they weren’t. Instead a failure message came up. But after a while I thought, “that’s probably safer”. Now, back in 2013 the links are suddenly clickable again. And nothing seems to be able to make them not clickable again.

    What’s going on?

    1. Sorry, the writeup was based on Outlook 2016. It’s not clear why it isn’t working for Outlook 2013.

  3. Mujhe apni image ko disable karna hai

  4. Great ideas. No clickable links and ransomware becomes a historical reference. Thanks for sharing your ideas.

Leave a Reply

Close Menu