CSCU IT Policy specifically covers the use of private email addresses for faculty/staff and students:
- Employees are not allowed to conduct official CSCU business via private (unofficial) email accounts unless specifically authorized.
- Students who choose to have their emails auto-forwarded to private (unofficial) email addresses, do so at their own risk. The college/university is not responsible for any difficulties that may occur in the transmission of the emails.
All official college email communications including email sent from within the Blackboard learning management system, are sent to your college Office 365 email account. Employees and Students are expected to check their official email accounts on a frequent basis. Refer to the IT Policy on Electronic Communication.
Also in compliance with IT Policy on Electronic Communication, Faculty and staff should not forward their college email to another personal or business account, or send email to students from a personal account. Faculty who use Blackboard should set their Preferred Email in Banner Self Service as their college accounts, not to a personal or business account. This ensures that the Blackboard Email tool sends the messages from students to your college account. (See video on how to do this.)
- Students: Forwarding emails to personal accounts is not recommended and is not supported.
If you do choose to forward your email, be sure to set up your forwarding using the "Inbox and Sweep Rules, Forward action" rather than the "Accounts - Forwarding" settings. This is because the Office 365 "Accounts - Forwarding" setting actually redirects email rather than forwards it, which can cause problems as described below.
What is the difference between Forwarding and Redirecting?
How do I forward using Inbox and sweep rules and verify that I don't have redirecting enabled?
- Forwarded messages (using Inbox and Sweep rules - Forward action) appear as messages that are forwarded by your college email with FW: in subject and coming from your college email address. You can clearly see that email was forwarded from your college email and only emails from your inbox - not junk, spam or phishing emails are forwarded.
- Redirected messages (using Accounts - Forwarding) appear as though they came from the original sender directly to your personal email even though they were sent to your college email address and redirected. WARNING: Some email systems (i.e. AOL) use very strict rules and will not accept some "redirected" messages at all and you'll see undeliverable errors in your college inbox letting you know that your personal email's mail server rejected your redirected email. More importantly, when you redirect, you redirect everything sent to your email address - spam, phishing emails and junk mail - not just email from your inbox.
- When in OWA mail, click the Settings (gear) icon in the top right corner of the window and click the Mail link:
- In the left-side menu that will display, click Inbox and sweep rules.
- Click the + sign to create a new rule.
- In the "When the message arrives..." field, select the "apply to all messages" option from the dropdown list:
- In the "Do all of the following" field, select "Forward, redirect, or send">Forward the message to...":
- You will be prompted to enter an email address you wish to forward to (or select it from your Contacts).
- Enter your personal email address, and then click "Save."
- Click "OK" to save the rule (it will automatically be named):
- 13.Finally, if you had previously setup forwarding (i.e. actually redirects), please follow the steps below to turn off that setting. Otherwise, your messages may still be redirected instead of forwarded:
Students may report that they are receiving the following Undeliverable error back when they are attempting to email their professor:
This means the student is emailing the incorrect email address for the faculty member. The student is sending to Blackboard's do-not-reply address and not to the faculty member's actual email address as seen in the error message.
The instructions in the error message are meant to help the student locate the actual email address of the faculty members when using their college email account or Outlook. The included link: http://bit.ly/2mZeHHu shows how to do that also from within the college email account.
The problem arises because Blackboard sends emails to students from a "do-not-reply" address but have the faculty member's name set as the "from" address. This makes it appear that the email is coming from the faculty member. If the student clicks "Reply" to the Blackboard email, everything is fine because the email from Blackboard contains a correct reply-to address. The problem comes in when the student decides to create a new email to the faculty and types the name into the To field and selects the do-not-reply address that has the faculty member's name as the "name" - yet the email address is actually Blackboard's do-not-reply address.
The student needs to be aware that they are in fact attempting to email the do-not-reply address (which doesn't go anywhere) and NOT the faculty member.
If the student is using their college email account, they can use Ctrl-K after typing in the faculty member's name to search the college's address book for the faculty member's address:
This is very important to know when adding email addresses to your Safe Sender list: If you add an email address or domain to your Safe Sender list, you actually are also allowing spoofed email from someone pretending to be someone on your Safe Senders list! So because you added an email address to your Safe Sender, that means anyone on the Internet can now pretend to be that person and it will go into your inbox! You are bypassing anti-fraud/anti-spam and anti-phishing security features by adding email addresses to your Safe Senders list. It is recommended to be wary of email even in your inbox due to this.
When using Office 365, refer to Microsoft's article on managing your safe/block senders.
When using Outlook, refer to Microsoft's article for an overview of the junk mail feature.
If you use both Outlook and Office365 portal to access your email, the safe/block senders are the same.
We are aware that mailing lists sometimes are not easy to add to your Safe Senders list as sometimes mailing lists use different behind-the-scenes sender addresses that are different each time. So if you see an email from a mailing list and your try to add it to your Safe Senders list, if you then go look at what was added to your Safe Senders list it may look like this: email@example.com and not who the mailing list appears to send the mail from for example something.org.
Do you continue to receive email from senders that you believe you already added to your block list? This may be because the email is not really coming from the same sender. Some spammers change the sender address each time making it nearly impossible to block their email or just like with mailing lists, they may make the behind-the-scenes sender address different but display a different email address to you.
Note that if you are using public folders, they do not support the Junk Mail feature so you can't block/allow a sender from sending mail to a public folder. Junk mail sent to a public folder will arrive in the Public Folder inbox.
If you use the "Not Junk" option on an email in your Junk folder - it will add the email address to your Safe Senders list. This may not be what you intended as you will bypass anti-spam/phishing/fraud security features for that email from now on.
We do not recommend enabling either of the "automatically trust" options for the same reason.
In Outlook, they are at the bottom of Safe Senders tab:
In the Office365 portal, they are on the Settings - Mail - Block or Allow page:
If the email is landing in your junk folder, you don't have to do anything as that's the proper place for junk/phishing email to be placed. If you are perusing your junk folder for potential legit mail that may have ended up in your junk folder, you may encounter inappropriate images/content that you may not want to see. In this case, you can review senders/subjects and just empty your junk folder once you are sure nothing legit has been placed there. You do not have to report junk mail or inappropriate mail ending up in your junk folder to anyone.
Your email may have been "harvested" from another source, something beyond your control and you are now receiving lots more junk than you ever did before. Letting Microsoft spam protection filter your email by using the "not junk" or "this is junk" features will tell Microsoft that they either let a junk mail through to your inbox (you then report it as junk from your inbox) or that a real mail was falsely categorized as junk (you then report it as not junk from your junk folder) and they will adjust their spam engine over time to hopefully categorize email correctly. Something that looks legit to you may look like junk to Microsoft.
Make sure you understand settings that may cause mail to not go where you expect it to go. We have other FAQ items about these situations:
- Have Clutter or Focused Inbox enabled? This may cause legit email to go to these locations instead of your inbox.
- Have the legacy Outlook client junk filtering enabled ? This may cause legit email to go to your junk folder.
- Have users on your Safe Senders list or do you trust email from your contacts? This may cause junk mail to go to your inbox.
- Do you continue to receive email from users you believe you already added to your block list?
- Other situations where legit mail may go to your junk folder...
There are actually two different Microsoft spam/junk filtering features. One is a legacy spam/junk filtering that is available from your Outlook client under Junk - Junk E-mail Options on the Options tab. This one can and should be disabled (by setting to "No automatic Filtering" as it was deprecated in 2016 by Microsoft and may cause email to end up in your junk folder that shouldn't:
However, note that the Safe and Blocked Senders tabs on the Junk E-mail Options page is still where you would control your personal Safe and Blocked Senders when using Outlook:
The new Office365 junk filtering is only available from the Office365 portal and not in the Outlook desktop application. You would want it enabled in order to have anti-spam/anti-phishing/anti-fraud protections. You should not disable this junk filtering - even if mail is ending up in your junk folder since it may be one of many other things that could be moving legit mail to your junk folder. By disabling this - you have NO protection from harmful phishing emails and your inbox will certainly fill with unwanted email. Instead, if legit email is ending up in your junk folder, work with your local IT to determine why.
To make sure Office365 junk filtering is enabled, once logged into the Office365 portal, click the settings icon in the top menu:
Then at the bottom of the Settings menu under "Your app settings", click Mail:
An Options menu will open on the left. Under Mail, Accounts, select "Block or Allow":
Make sure "Automatically filter junk email" is enabled:
Mail from blocked senders will still be sent to your Junk folder regardless if junk filtering is enabled or not. You'll also see your personal Safe and Blocked Senders on that same page.
NOTE: Even with "Automatically filter junk email" enabled, junk email can still appear in your inbox if you have users on your Safe Senders list. When you add email addresses or domains to your Safe Senders list - you are bypassing anti-fraud, anti-spam and anti-phishing features for those email addresses. Refer to the FAQ item about adding Safe Senders for precautions you need to be aware of.
Once you are done, you can click the left arrow next to Options to return to your inbox.
For most junk that ends up sneaking into your inbox, simply reporting them using your Junk Filter to Microsoft will suffice, however with phishing emails, if the email is well crafted enough to fool recipients to believe it is a legit email, it would benefit the CSCU system to open a ticket with the System Office to report that you received it. We can then perform additional steps to report and to block future emails as well as any URLs that were in the phishing email. We often aren't aware when dangerous phishing emails bypass security measures and make their way into our user's inboxes, so we do ask that you open a ticket for phishing emails, even to ask if it is legit or not.
For phishing messages, we will often need information in the original message to track down and block the sender or the URL. If needed, we'll request it once you open the ticket, but including the message's body in the ticket and copying and pasting the message headers (File - Properties, copying everything in Internet Headers and pasting into the ticket) is suggested when you open the ticket.
Microsoft does provide you the ability to report phishing emails if you use the Office365 portal to read your email (they do not provide a similar feature if you use Outlook) - but this deletes the email and does not provide us with what we need if you do this before you report the phish to us. If we suggest you report it to Microsoft from the Office365 portal, you can use the feature. Or if you are using Outlook, you can compose an email directly to Microsoft: firstname.lastname@example.org. Then, from your inbox, drag the potential phishing email into the new email as an attachment and send.
NOTE: Junk/phishing emails may end up in your inbox from email addresses/domains in your Safe Senders list. When you add email addresses or domains to your Safe Senders list - you are bypassing anti-fraud, anti-spam and anti-phishing features for those email addresses. It is recommended to first check to see if you have the email address on your Safe Senders list before you report that a malicious email ended up in your inbox. As this is the reason it bypassed Anti-Spam/Anti-Phishing security checks. Refer to the FAQ item about adding Safe Senders for precautions you need to be aware of when using the Safe Senders List.
The cause of why legit mail ends up in your Junk folder is not clear cut. However, we are aware of several situations where legit email may end up in your Junk folder:
1) It may not be legit at all - just appearing to be legit - maybe from a real person you'd expect mail to come from, but instead it is a phishing email masqueraded to appear to be legit and that's why it was in your junk folder to begin with. You should not assume it was a mistake and move it out of your Junk folder into your inbox because you happen to recognize the sender's name. Instead, take caution with an email that was originally found in the Junk folder before following any links or opening any attachments as it may be malicious. You can open a ticket with the BOR-SupportServices@ct.edu.
2) The sender or domain (what appears after the @ in an email address) could be on your Blocked Sender list and even if the email itself is legit, it would be delivered to your Junk folder because it was on your blocked senders list. Check your Blocked Senders list to see if the sender is listed.
3) You could have an inbox rule that is moving certain emails to your Junk folder. Check your inbox rules to see if an inbox rule may have caused it to be placed in your junk folder.
4) If you have configured a device (i.e. a smart phone) to read your email - that device may have anti-spam features that move email to a junk folder. Samsung phones have been known to do this and even if you manually move the email to the inbox, if the phone is on, the email continues to move back to the junk folder. Check your phone settings and check your phone's spam list to see if the phone is the culprit.
5) You could have an Outlook plug-in trying to manage your spam moving what it believes is junk to the junk folder. Talk with your local IT department to see if there are any Outlook plug-ins enabled in Outlook. We have seen where the legacy Outlook Junk Filter (Outlook - Junk - Junk E-mail Options) moves legit email to the Junk folder. We recommend disabling this and only use the Office365 junk filtering.
6) And of course, it could very well be a legit email that was mistakenly marked as spam. If the email doesn't look fishy at all (i.e. no questionable attachment or a link to reset your password) then mark the email as Not Junk and it will move to your inbox - using "Not Junk" also tells Microsoft they may have made a mistake and it trains the spam engines for next time. However, be cautious of doing this as it could potentially be phishing (see #1 above).
We are using Advanced Threat Protection (ATP) for Faculty/Staff Office365 accounts to protect from malicious attachments. In order to do this it needs to scan the attachment which takes time (approx 4-10 minutes). To not delay the delivery of the rest of your message, Office365 replaces the original attachment(s) with an "ATP Scan in Progress" attachment letting you know it is in the process of scanning the attachment(s) to allow you to read the body of the message:
When the attachment has been scanned, the "ATP Scan in Progress" attachment will be replaced with either the original attachment(s) if they are safe or if it was identified as being malicious, it will be replaced with an "Unsafe Attachments Blocked" message and you will not have access to the malicious attachment.
NOTE: If you are auto forwarding/auto redirecting your mail to a private email account, you may not receive the attachment after scanning. As per the Electronic Communication policy section 6 Provisions, "Employees are not allowed to conduct official ConnSCU business via private (unofficial) email accounts unless specifically authorized." If there is a need to be excluded from having Dynamic Delivery applied to an account, open a ticket with the BOR-SupportServices@ct.edu.
To protect you from malicious attachments, email attachments may be scanned upon receipt. Therefore, emails with attachments may be delayed on average between 5-10 minutes yet not longer than 30 minutes. This is to protect you from receiving a malicious attachment.
If an email arrives that fails email authentication, the subject will contain [CSCU Unverified Sender] and the body will contain the following notice:
A common tactic used to "phish" for personal information is to send an email making it appear as if it came from our network (i.e. the sender's email address ends in commnet.edu or ct.edu) and asks you to provide personal information (username, password) or click a link to fix a problem (mailbox is full, account was changed, etc). To alert you not to be fooled in cases where email is intentionally trying to trick you into providing personal information, we added this warning to these emails. If you see this on an email you believe to be legitimate, either verify the sender sent the email by using other means (i.e. phone or text) or contact your IT Staff.
Can this be a legitimate email?
Yes, in certain circumstances, email is sent from external services (surveymonkey, Constant Contact, etc.) or outside services may be used by certain departments to send email to their users. The email is made to appear to have come from a CSCU email address (i.e. <address>@ct.edu). These types of emails are expected and you can open them. However, be cautious when you see this warning when an email asks you to provide personal information or click on a link to resolve an issue as described above as you know it came from outside our network. Be vigilant and ask your local IT before providing personal information like username or passwords when you receive a request via email with this warning on it.
Note that this message will also appear on emails from a mailing list or a listserve when you or anyone from CSCU sends an email to the list.
Mail you expect to receive could have been moved to another folder rather than finding it in your inbox (i.e. bulk or spam could be in your Junk Folder). Also, look to see if you have any inbox rules in effect that would have moved them to another location or performed an action on them (i.e. delete). Microsoft also has features to help clean up your inbox by moving mail for you to other folders, check to see if you have a clutter and if mail is appearing in there, we recommend you disable Clutter (see FAQ item on Clutter/Focused Inbox).
Add senders you wish to receive email from to your safe sender list so that mail from those senders is not classified as spam. Remember to check your block list to make sure email addresses are not in your block list. Once the user is in your safe senders list, have them resend the email to see if you receive it. Read the precautions about adding email addresses to your Safe Senders list as you can receive spoofed email from others pretending to be users on your Safe Senders list.
Remember to think about the malware protections if the expected email contained an attachment. The email could be delayed or the attachment could have been blocked due to inherit risk with the attachment type.
If you still cannot find an expected email, contact your local IT department.
We have documented the process you need to folllow to import mail from a locally stored Outlook Archive file (*.pst).
If people are telling you that mail you are sending is being flagged as [CSCU Unverified Sender] and is ending up in their Junk folder, it could be because you are sending mail from an unauthorized 3rd party mail server, for example a personal mail account (cox.net, godaddy, etc.). Mail from a CSCU account should not be sent from unauthorized mail servers otherwise it will be flagged as being unverified and may end up in recipient's junk folder.
You may also be sending mail using your other CSCU domain. Users have the ability to receive email from one of two different domains: a *.commnet.edu domain and another domain specific to the college (i.e. @asnuntuck.edu or @nvcc.edu). However, only one of them is your primary email address that you can send mail as. If you send mail as the one that is not your primary email address domain, your mail may end up in other user's Junk Email folders. To avoid this, find out what is your primary email address and only use that when sending out email.
You may also be posting to a mailing list on the Internet that other CSCU faculty/staff are members of. When you post to the mailing list and they receive your post, it looks to them like it came directly from your CSCU email address when in fact it came from the mailing list making it look like it came from you. There isn't that much you can do about it. If they add you to their Approved Sender's list, the email will be delivered to their inbox but the email may still be flagged as [CSCU Unverified Sender].
In the past, you may have been able to send email to a large number of users (i.e. bulk email) from your CSCU account. We are now hosted by Microsoft servers and Microsoft has a strict policy against sending bulk email. Your mail may at first be sent to a few recipients, but if Microsoft classifies you as a bulk sender, your mail may not be received at all by the recipient. You may also start to get Non Delivery Reports (an error message) sent back to you letting you know that Microsoft has indeed blocked you from sending any more outbound mail until your account is unblocked by an admin.
If this happens, you will need to contact your local IT department to unblock your account. You will still be able to receive email and you should be able to send internal mail, but you will not be able to send email to a recipient outside our organization. It may take up to 12 hours to unblock your account.
If you continue to send bulk email and Microsoft blocks you again, your local IT may need to work with Microsoft to unblock your account.
If you are sending email to CSCU students, Faculty/Staff are advised to send email to student's Office365 account. This avoids being classified as an outbound bulk mailer as mail to CSCU students does not leave Microsoft's environment.
If you need to send bulk mail to non-CSCU email addresses from your CSCU address, please contact your local IT department. If you use a 3rd party service (i.e. a mailing list) and you make the email appear to come from your CSCU account, it may be sent to junk folders or rejected.
We are using URL protection for Faculty/Staff Office365 accounts to protect you from known malicious URLs. In order to do this, Office365 rewrites all links found in your email so that if you click on a URL, before it sends you to the site, it is checked against their database of known malicious URLs (those that bring you to a malicous website). If it is known to be malicious, it won't allow you to go to the site. It will look something like this:
That link was in a phishing email designed to make you think the link you were clicking on was to Microsoft. In fact, the link was malicious and would have taken you to a malicious site if we weren't using the URL protection.
If you hovered over the link before you clicked on it - you would have seen the rewritten link - it contains "na01.safelinks.protection.outlook.com" and then contains the rest of the link. If you get this block page, you know it was malicious. Just delete the original email.
Note that for some types of URLs you may see the rewritten link right in the body of the email like this:
This is OK too, it just means that the person who sent the email did not make the link "pretty" and just included a link like this: http://www.target.com right in their email. It is safe to click on links that have "safelinks.protection.outlook.com" in them as you see above because they will first be checked to see if they are malicious before you can visit the link.
If you want to forward a link to someone outside our organization, click the rewritten link first to verify that it is not a known malicious site, then copy the real URL from the browser and send that link. Then you are not sending the
Faculty/Staff email uses URL protection by Microsoft called SafeLinks. If you clicked on a link in an email and you were taken to an Office365 block page, it means the link was a known malicious link. See the above FAQ for Why do the links in my emails look different?.
Faculty/Staff email uses URL protection by Microsoft called SafeLinks. One of the features of SafeLinks is to scan links to downloadable content (i.e. a Word doc or PDF file) to make sure it is not a malicious document. If you clicked on a link in an email and you were taken to an Office365 "This link is being scanned" page:
This page means the linked content is currently being scanned for malware and you need to wait for the scanning to complete. It should take on average between 4 and 10 minutes to scan. After the document is scanned, if it not malware, you will be able to visit the link. However, if the linked content is indeed malware, access to the link will be blocked. See the above FAQ for I clicked on a link in an email and it told me it was blocked. Why?.
When asked to provide a message's Full Internet Headers:
Follow these simple steps for Outlook 2010 and later.
1. From Outlook, double click the email so that it opens the email content in it's own separate window.
2. In the separate window that opened showing your message content, make sure you are on the Message tab and then look in the Tags section - click the arrow icon in the lower right hand corner to open the message's Properties window.
3. At the bottom of the Properties window, you'll see an Internet Headers field. Click anywhere inside that field, press Ctrl-A to select all the text, then press Ctrl-C to copy. You may close the Properties window.
4. Now simply forward the message with the included Internet headers by first clicking Forward on the selected message, then click inside the body of the forwarded message and press Ctrl-V to paste the Internet Headers that were copied in the previous step. Forward that message to BOR-SupportServices@ct.edu
Follow these steps when in Office365:
1. Select the message by either double clicking the message or viewing the message in the message preview.
2. To the right of the message's information (Sender, Date, Recipients) you'll see a thumbs up icon and a drop down to the right of Reply options. Click the drop down arrow and select "View Message Details"
3. Wait for the Message Detail page to populate then click inside the window. Copy the Message Headers and using Ctrl-A to select all and Ctrl-C to copy. Click Close.
4. Click the down arrow again and this time select Forward, click Ctrl-V to paste the headers you just copied into the body of the forwarded message. Forward that message to BOR-SupportServices@ct.edu
Attachments identified as malware, large attachments as well as certain file types that are known to be inherently insecure or are commonly used to spread viruses are stripped from emails. Most of the file types are not commonly used in typical email communications for sending pictures, videos, etc. They are typically system files such as .exe, .jar, .dll, or .scr files so stripping these files most likely will not effect everyday email communication. But you may run into certain file types that are used in classroom settings that are also stripped due to their inherent risk.
For security reasons, we do not list all the file types that will be stripped, yet you will know if it was stripped because a footer will be added to the message body similar to this text:--------CSCU Notice-------------------------------------------------
NOTE: This email included an attachment <various reasons listed here> For more information, visit: http://supportcenter.ct.edu/Service/Office365.asp
If a compressed archive (.zip, .rar) contains files that will be stripped, the entire archive will be removed so compressing them will NOT allow it to pass the filter.Use another method to transport these files such as FTP or HTTP. NOTE: The software will strip these files based on the type of file that it is, not just the extension used to name the file. Therefore, renaming the files to another extension will NOT allow it to pass the filter.
You may have seen or heard about an Office365 feature currently available called Clutter. Clutter aimed to help clean up your inbox by sorting low-priority messages into a separate Clutter folder.
How to disable Clutter from Outlook:
Right click the Clutter folder and click Manage Clutter. A browser window will launch prompting for your NetID and password:
Once logged in, uncheck "Separate items identified as clutter" and click Save.
NOTE: Even with Clutter disabled, the Clutter folder will still be visible until they decommission the feature. If there were any emails left in the Clutter folder, they will remain in there until you move them out manually.
So what is Focused Inbox?
Focused Inbox helps you focus on the most important items in your inbox and moves "other" mail to a separate folder. What appears in your Focused Inbox is based on an understanding of the people you interact with often and the content of the email. You can fine tune messages as well by moving email to the Focused folder or the Other folder.
Microsoft is in the process of rolling the feature out to all of their customers, so you may not yet have the feature available to you. This Focused Inbox link includes information on how to enable/disable it once it is rolled out to you, as well as an FAQ that will answer your questions on Focused Inbox and Clutter that you may have.