Malicious emails often use HTML code to hide phishing links or trigger harmful scripts. Viewing these messages in plain text strips away the formatting and code, revealing only the raw text. This neutralizes many common email-based threats. This article explains how to configure Outlook to display all messages in plain text by default.
You will also learn how to view individual emails in plain text when needed. These steps apply to Outlook for Microsoft 365 and Outlook 2021 on Windows 11 and Windows 10.
Key Takeaways: Blocking HTML Threats in Outlook
- File > Options > Trust Center > Trust Center Settings > Email Security: Enables the global setting to read all standard mail in plain text.
- Message tab > HTML dropdown > Plain Text: Converts a single open email to plain text format for safe viewing.
- Trust Center > Automatic Download: Blocks external content, which works alongside plain text mode for layered security.
Why Plain Text Mode Blocks Email Threats
HTML emails can contain active elements like web beacons, embedded scripts, and disguised hyperlinks. These elements are used to track you, deliver malware, or steal credentials through fake login pages. When Outlook displays an email in plain text, it does not render any HTML, CSS, or JavaScript.
The email body shows only readable characters. Links appear as full URLs, making suspicious addresses easier to spot. Images are not downloaded or displayed, preventing triggers that alert a sender an email was opened. This setting provides a strong defense against many automated attacks.
What You Lose with Plain Text
Plain text mode removes all formatting. You will not see different fonts, colors, company logos, or embedded images. Bulleted lists and tables may appear as simple text. Most marketing emails and newsletters will look broken. However, for security purposes, this trade-off is often worthwhile, especially when handling emails from unknown senders.
Steps to Read All Emails in Plain Text by Default
Configure Outlook to automatically display every incoming and existing email in plain text. This is the most secure approach.
- Open Outlook Options
Click the File tab in the top-left corner of the Outlook window. Select Options from the left-hand menu. - Navigate to the Trust Center
In the Outlook Options dialog box, click Trust Center in the left pane. Then, click the Trust Center Settings button on the right. - Access Email Security Settings
In the Trust Center window, select Email Security from the left-hand list. - Enable the Plain Text Setting
In the Read as Plain Text section, check the box labeled Read all standard mail in plain text. For higher security, also check the box for Read all digitally signed mail in plain text. Click OK to close the Trust Center, then click OK again to close Outlook Options.
How to View a Single Email in Plain Text
You can convert one suspicious message to plain text without changing the global setting.
- Open the Email
Double-click the email you want to inspect to open it in its own window. - Change the Format
On the Message tab of the open email window, locate the Format group. Click the dropdown menu that likely says HTML. Select Plain Text from the list. - Confirm the Change
A dialog box will appear warning that formatting will be removed. Click Yes to confirm. The email will immediately refresh, showing only plain text.
Common Mistakes and Limitations
Plain Text Setting Does Not Apply to Existing Open Emails
If you enable the global plain text setting, emails already open in a separate window may still display HTML. Close and reopen those email windows for the new setting to take effect. The setting applies immediately to emails in the main reading pane.
Hyperlinks Are Still Active
Plain text mode shows the full URL, but you can still click it. A malicious link in plain text is just as dangerous if clicked. Always hover over a link first to see the destination in the status bar, even in plain text view. Never click links in emails from untrusted sources.
Blocked External Content Can Cause Confusion
If you also have settings to block external content, some emails may show a red X or blank space where an image should be. This is normal and indicates the security feature is working. It is not a sign that plain text mode is broken.
Security Feature Comparison: Plain Text vs. Other Protections
| Item | Read in Plain Text | Block External Content |
|---|---|---|
| Primary Defense | Removes all HTML, CSS, scripts | Blocks images and media from external servers |
| Impact on Email Appearance | Severe; all formatting is lost | Moderate; images are replaced with placeholders |
| Protection Against Scripts | Complete | None; HTML and scripts still run |
| Protection Against Web Beacons | Complete | Complete |
| Best For | Maximum security with unknown senders | Daily use where safety of sender is known |
You can now configure Outlook to display emails in plain text, significantly reducing the risk from HTML-based threats. Use the global setting in the Trust Center for continuous protection. For individual suspicious messages, use the Plain Text option on the Message tab. As a next step, review the Automatic Download settings in the Trust Center to block external content. An advanced tip is to create a custom Outlook rule that automatically forwards emails from unknown senders to a separate folder where you always read them in plain text.