Email Security - General Information

Contents

Some of these topics have more detailed information available. Click on a link below to be taken to an in-depth article page or continue reading for a brief overview of each subject.

Best Practices (more details page in progress)
Email Security Portal
Email Digest
Reporting Phishing Emails
Quarantine Email
Graymail
Spam/Junk
Safe Senders/Trusted Senders
Smart Banners
URL Rewrites

Best Practices

There are many cybersecurity best practices to follow when using email. The three most impactful rules that will do the most to keep your account safe are:

Always double check an email before interacting with it, especially if anything seems odd or out of place. Verify with the sender (using another method than email in case it is compromised), send a screenshot of the message (do not forward) to a colleague for validation, hover over links to make sure they lead to well-known and trusted websites are very helpful when deducing if an email is phishing or not. Submit any suspicious emails via PhishNotify.
Be aware of the URL when a site asks for you to sign in to view a document, page, cloud drive, pdf, or any kind of material. If the URL does not start with "login.microsoftonline.com/", it is a phishing website waiting for you to enter in your credentials to steal them.
Just because you know a sender does not mean the email is safe. Every day people get their email compromised and attackers will send out emails from those accounts to try to take over more accounts. Take steps 1 and 2 into consideration before proceeding with emails from known senders if they send you anything that is not normal for them to send.

Email Security Portal

The Email Security Portal allows you to view your quarantine email and request release for any of them that you believe are not malicious.

There is also a section in the portal to manage your Trusted Senders. Use Trusted Senders to allow emails from certain senders to bypass graymail, spam, and junk filtering.

Access the Email Security Portal by using the link on an email digest, or by clicking here: Email Security Portal. Use the "Sign in with Microsoft" button for a quick and easy sign in. If you are trying to view a shared mailbox in the portal, you must use "Enter your email address". It will send an OTP code to the shared mailbox to enable you to log in as the shared mailbox.

Email Digest

The email digest lists all the emails you received that were either sent to quarantine or junk (but not graymail). Provided you received any of these types of email in the last 24 hours, you will get receive an email digest at 6 AM. Links to visit the Email Security Portal, preview a quarantine email, and adding a Trusted Sender are all on the digest.

There is also a link at the bottom of each digest to generate another email digest. Clicking it will generate a brand-new digest that will show you a new 24-hour window of applicable emails that have arrived from the time you click it. This means if you want to view any emails that were quarantined between 6 AM and now, they will show up in the new digest.

Reporting Phishing Emails

If you come across a suspicious email, please report it using the PhishNotify button (the red fish icon; not available on cell phone Outlook apps). This will send the email to our security software to rescan the email. Within 30 minutes the security software will email you a report back letting you know if the email is either clean or malicious. Please note that results from the security software that are inconclusive may not return a report. Please use the link in the analysis report to submit a ticket if you believe the security software's analysis is incorrect, or if you have additional concerns or questions with an email.

Please do not forward suspicious emails as this spreads the risk to others. If you want to ask a colleague for a second opinion about an email you think could be malicious, send them a screenshot instead so no links or attachments are forwarded to them.

Quarantine Email

Emails that the security software deems to have a high likelihood of being malicious are sent to quarantine. Always use extra caution when dealing with any email that has been labeled as quarantine.

Quarantine emails can now be viewed before requesting them to be released. Please visit the Email Security Portal to view and manage quarantine emails.

Graymail

Graymail is solicited email that you opted in to at one point but are typically unwanted and unimportant. A common way you opt in to receiving graymail is when you sign up for newsletters, events, and other such things online.

Graymail is forwarded to a folder called Promotions that the system automatically creates for you. If you receive email labeled as graymail but wish for it to be treated as regular email and be delivered to your inbox, please add the sender to your safe senders or trusted senders list. Questionable emails quarantined by the system will always end up in quarantine regardless of other settings.

Spam/Junk

Spam/junk email is unsolicited email that you never signed up for or consented to. Spam/junk are often harmless, but not always. Use caution when viewing and interacting with email in your spam/junk folder.

Spam/junk email is forwarded to your Junk folder. If you receive email labeled as spam/junk but wish for it to be treated as regular email and be delivered to your inbox, please add the sender to your safe senders or trusted senders list. Questionable emails quarantined by the system will always end up in quarantine regardless of other settings.

Safe Senders/Trusted Senders

Safe Senders and Trusted Senders do the same thing but are ran by Microsoft and Check Point, respectively. Either of these will allow you to exempt emails coming from the senders you choose from being classified as graymail and spam/junk so that they arrive to your inbox. However, if a sender's email on either list is classified as phishing by the security system, that email will still go to quarantine.

Smart Banners

Informational alerts added by the email security software to the top of certain incoming messages. Smart banners serve to caution users to pay close attention to that email because it contains more risk than other "regular" emails.

Smart banners do not tell users if an email is malicious or not. Instead, it warns that there are certain elements about the email that are more risky than usual. This is because some phishing attacks are not able to be discerned by security software. A good example of this is when an email contains an invoice or purchase order. The email could be a fake vendor trying to receive payment for a service they never provided, or it could be a legitimate vendor that provided a service that you asked for. Either way, the email security software is not aware of all the context surrounding such events to make a determination if the email is phishing or not. It can only alert the user to pay close attention to the email to make sure it is genuine.

URL Rewrites

URLs are rewritten by the email security software so that when clicked, they can be checked using real-time threat intelligence. The user redirected on to the original page if the site is considered safe.

The original URL is still visible so the user can verify the website before visiting it. It shows up between three underscores "___" on both sides of it. It will almost look like it is in the middle of a gap, sandwiched in between another URL created by the security software, as shown in the example screenshot below.

(Highlighting is not part of URL rewrites; inserted into screenshot to help show the original URL)