Want to know the 3 WORST settings you may have in your O365 email? These are easy to check and if set, they are putting your O365 email at risk. We HIGHLY recommend checking these settings and changing them to the recommended settings (and we'll explain why).
1. Having domains listed on your Safe Sender list.
There is no reason anyone should ever trust an entire domain. This means that any email that comes from or even pretends to come from that domain will bypass anti-spam/anti-phish features and it will be delivered to your inbox.
We've been hit hard with phishing emails from Gmail. Phishers get free Gmail accounts and send out phishing emails by the thousands and if you have gmail.com on your Safe Sender list, even if Microsoft knows it is phishing and everyone else who gets that same phishing email - it goes into their junk folder, it will go into your inbox because you trust gmail.com Bad idea.
We've been hit by people pretending to be admin accounts at Blackboard - they made the emails appear to be from @blackboard.com and if you have blackboard.com on your Safe Senders list, you will get it in your inbox and could click a maliciuos link thinking it was from Blackboard Administration.
We also don't recommend enabling 2 Safe Sender features: "Trust e-mail from my Contacts" and "Automatically add people I email to the Safe Sender list" for this same reason. It means anyone can impersonate anyone on your contact list or anyone you've emailed and it will always be sent to your inbox - even if it's a phishing email pretending to be them.
Our recommendation: Review what is on your Safe Sender list and remove all domains listed. Actually, remove anything that you don't think specifically has been sent to junk - don't just put someone on your Safe Senders list because you want to receive emails from them - as when an entry is on your Safe Senders list - it means you also receive email from people who impersonate them. Cleaning out your Safe Sender list is a good task to do every once in a while. A large Safe Sender list is risky. Here's how to manage your Safe Senders list: https://supportcenter.ct.edu/service/Office365_emailFAQ.asp#blockallow
2. Having O365 Junk Filtering disabled.
You may not realize it - but O365 Junk Filtering could be disabled in your account. Or, maybe you disabled it on purpose because you thought that it was sending stuff to your junk that it shouldn't be. Typically, when email is sent to your junk that shouldn't be - it's due to the content of the sending email. It could be that they are impersonating a CCC address when it shouldn't be - or the content is "spammy". It's not being sent there just because O365 Junk Filtering is flaky and it should be disabled.
You should check to make sure that you have O365 Junk filtering enabled otherwise, any junk/phish/spam that O365 would filter - would be delivered to your inbox. For the few emails that are "missed" my Microsoft and land in your inbox, there are thousands that are filtered that you never see.
Note that there is a legacy Outlook junk filter that if enabled, could send legit email to your junk folder - and we recommend that be disabled but NEVER disable O365 Junk Filtering (set from the O365 Portal).
Our recommendation: Verify that O365 Junk Filtering is enabled for your account and the legacy Outlook junk filtering is disabled. If you don't know where to go - check out this FAQ that shows how to confirm that Outlook filtering is disabled and O365 Junk filtering is enabled: https://supportcenter.ct.edu/service/Office365_emailFAQ.asp#enablespamfiltering
3. Forwarding your CCC email to a personal email address
Forwarding your mail to your personal email address seems like it couldn't be much harm - but there are some things to consider as to how you are putting yourself and others at harm by doing so:
--> If a phishing email is sent to your CCC address and is supposed to go to your junk folder, if you forward it - it will go to your personal email's inbox and if you didn't recognize it as a phish, you then could be at risk if the link wasn't blocked and you visited the site because you found it in your inbox.
--> You are hindering cleanup from a dangerous phishing campaign if you enabled forwarding and have disabled "Keep a copy of forwarded messages". Analyzing the content of a phishing email and identifying the URLs or attachments in the phishing email cannot occur if no copy is left in user's mailbox. Since one phishing campaign that hits 100 users could result in 10 different URLS being used, we may miss a URL that was used and leave it unprotected.
--> One of the features we use during the cleanup of a dangerous phising campaigns, removes all occurences of the phish from everyone's mailboxes even if Microsoft let it slip by and sends it to the inbox. We can't do this if you've forwarded it to your personal email. Therefore, you're at risk by having it in your personal email inbox even after we've identified it as dangerous and cleaned it up from all CCC maiboxes.
--> Some major mail servers like AOL.com, reject some of the forwarded mail when it is set by "Auto forwarding" vs an inbox rule. So you may not get all your mail if you auto-forward. When you auto-forward your mail, the mail that is received at AOL.com appears to be from the original sender (i.e. not from your CCC user with the FW in the subject). That is called spoofing and AOL could reject spoofed mail. If you reply to an auto-forwarded mail from your personal mailbox, that too may be rejected because you are sending from AOL.com but as your CCC address. The only reliable method is to send/receive CCC mail from O365 and do NOT forward.
Our recommendation: If you've enabled auto-forwarding in the O365 portal, disable it. If you have an inbox rule that forwards all your mail to your personal email, remove it. Instead, read your CCC mail from O365 Portal or from an official Microsoft app on your phone. Exactly how to do this is found in this FAQ: https://supportcenter.ct.edu/service/Office365_emailFAQ.asp#forwarding/
You may be told either that your O365 account was potentially compromised or is known to have been compromised. Or you simply suspect your account might get compromised (such as you provided your username/password on a website and then you question that it might not have been a valid site later).
In any case, you should take the following precautions:
- Change your password immediately. Your local IT may have already done this for you if your account was known to have been compromised (i.e. they saw evidence it was logged into by someone else or was sending phishing emails). If you suspect you may have entered your username/password into a website that you are now questioning - it could protect your account from being compromised if you change it before they have a chance to use it.
- If you have not already been working with your local IT, contact them to let them know you provided your username/password. They may need to know the email and link you clicked on.
- If you use the same password (not recommended) for other accounts, we recommend you change those to something else. For example, if you use the same password for your Amazon account and you have an Amazon email in your O365 mailbox, the person accessing your account could potentially have access now to your Amazon account. Therefore, we recommend never using the same password for multiple accounts. If you have trouble rememembering them - use a secure password safe (i.e. passwd safe).
- If you spot the phishing email that caused you to provide your username/password to someone else, report it as a phish so that Microsoft can learn it and start blocking it before it reaches others' inboxes. Do not respond/antagonize the phisher or lead them on.
- VERY IMPORTANT! Check out any inbox rules (Outlook or OWA) to make sure there isn't something listed that you don't recognize. Disable any rules that looks suspicious and let IT know in case they need the information. They may recommend to simply delete them if they are not needed. Here is a common example of an inbox rule setup in a compromised account:
- Check out your forwarding settings to make sure it is not something that was set by someone else accessing your account. Often, the phisher will setup a gmail/aol account to receive a copy of everyone of your emails. You need to make sure no forwarding is enabled on your account.
- Are your safe sender settings allowing spoofed emails to go right to your inbox? We highly suggest reviewing the FAQ article for safe senders and disabling the settings that automatically trust any email from those on your contact/safe sender lists as well as review what is on your safe sender list regularly. You should never have a whole domain in your safe sender list. If you have them listed, remove them. Take the time now to cleanup your safe sender by checking out that FAQ.
- After you have provided information to IT if needed, go through your inbox, sent and drafts folders and delete any remnants of the phishing campaign. If your account was used to send out phishing emails, you may see 100s of undeliverable errors messages that can also be deleted.
- Educate yourself about phishing emails to avoid becoming a victim again by visiting the FTC's phishing page or the Anti-Phishing Working Group. Or visit our SupportCenter page that lists recent phishing emails.
- You may also report a scam through the FTC's reporting page (i.e. if you receive a fake check, rip-off, imposter emails, etc).
If you clicked on a link in a phishing email that brought you to a site that looked like another one (O365 login page, Blackboard login page, Google login page, etc) and you entered your CCC username and password into that fake site, you are at risk for your account to be compromised.
The most important thing to to is to change your password as soon as possible. If it's been a while since you visited the link and entered your username/password, then the risk is greater that the phisher used your credentials to login to your account and is using it to send phishing emails from your account. The best advice is to change your password as soon as you realize you may have entered your credentials into a phishing site and alert your local college IT department that you did so.
You may or may not see anything going on in your account even if they are using it. Phishers can hide their tracks quite well creating inbox rules that send replies or undeliverable errors to your deleted items folder, depending on how sophisticated the phisher is. Or you may see 100s of undeliverable messages appear in your inbox.
Refer to the FAQ item on what to do if your account is compromised.
To avoid this in the future when you click any link from an email that sends you to a page that prompts you to login, check the URL to make sure that it is what you expect:
You have been redirected to this web page as a recent message you opened was part of a Phishing awareness test being run.
Why is this important to me?
This is a good thing actually, because you didn't respond to an actual phish and didn't provide your credentials to a malicious third party who within a few hours would be using your account from Norway to send 100s of 1000s of emails out to more people. Now, hopefully you can be more educated as to why you fell for this simulated phish and how you can prevent this from happening again.
Phishing attacks are becoming more frequent and sophisticated. They gather knowledge
Know your phishing red flags:
Did you look at the email address that sent the email? Not just the name presented as the "from" address? Is it what you expected?
Are you reading email on your phone? Typically phones only show you the name portion, not the email portion of the sender. Please make sure when you are reading mail from your phone, that you view the sender's email address and not rely on just the name portion of the sender. This is VERY easy to alter to make emails appear to come from any name.
Was it generically addressed "To User"? Was it addressed to your email address "To email@example.com"
How is the grammar in the email? Were there spelling errors?
Were you expecting an email of this type?
Was it using urgency or warnings? For example, if you don't do x, then this will happen. Was it threatening?
Was it asking you to login to your O365/Google/bank account? If the email passed all of the above red flags and you did click on the link - before you ever enter your credentials look at the URL you are at - is it what you expect? For example, if you clicked a link to reset your password, then when you got to the site - the site was: https:/proplusincwhatever.com/wp-info/help - even though the page itself looks like
To better protect against phishing emails, starting in March 2018, Microsoft enabled a strict security feature that causes mail that typically would go to your inbox, to instead be sent to your junk folder. This change affects mail from specific mail domains that are not using proper authentication measures for mail sent from their mail domain. This means mail from their mail domain is at risk for being used for phishing email attacks. This isn't the only reason that legit mail would end up in your junk folder, refer to the FAQ article for other reasons legit mail may end up in your junk folder.
Because they implemented this change to protect the email recipient, you, from receiving phishing emails that could be used to compromise your account, they do not recommend whitelisting or adding those email senders to safe sender list. This is because it doesn't fix the problem, it will only send that email sender's email to your inbox (not anyone else's) AND it allows you to receive phishing emails from anyone on your safe senders list. Refer to the FAQ article related to the safe senders list and the risk associated with adding senders to your safe sender list.
What can you do? You can help them out by letting them know their mail admin may need to address this by sending them this information about the change that Microsoft implemented:
"We are a Microsoft O365 customer and Microsoft recently implemented a change that is sending any emails from your domain to junk folders unless changes are made to your mail sender's domain (implement valid SPF/DKIM records.) Here is information for your mail admins as to what Microsoft implemented: https://products.office.com/en-US/business/office-365-roadmap?filters=&featureid=27049 and why email from your domain is going to O365 customer's junk folders."
In the meantime, check your junk folder for mail that may have been placed there that typically would have gone to your inbox. We do not recommend opening emails found in your junk folder as this is the location for phishing emails so please use caution when opening mail found in your junk folder. If you find phishing emails while looking in your junk folder, know that you do not have to report them as this is the proper location for where phishing emails are placed.
There are good ways and not good ways to send bulk mail (mail to 100's or 1000's of email recipients at one time). Some methods may be rejected by Microsoft and never make it to the recipient's inbox. Because our email is hosted by Microsoft, it is subject to their mail policies and they have a policy against sending bulk email to external recipients (i.e. non CCC or System Office).
If you attempt to send an email to a lot of external recipients, at some point, Microsoft will classify you as an outbound spammer and start blocking all your external email. When that happens, you will start receiving errors when you send to external addresses: "Access denied, bad outbound sender" and won't be able to send external email until the block is lifted from your account. If you do this too many times, it becomes more difficult to lift the block and will require special action to remove the block. NOTE: You will continue to be able to send to internal (i.e. CCC or System Office) recipients.
Due to Microsoft's requirement that bulk mail is not supported, Faculty/Staff are advised to send email to student's Office365 account as email to student's Office365 account is not external (as long as the user is not forwarding their mail to an external email address). Be aware that there is also a 500 recipient limit per single email.
If you need to send bulk email to external recipients (i.e. Yahoo, AOL, etc.), a 3rd party mailer such as Constant Contact or Mail Chimp will need to be used. Sending email from a 3rd party mailer may require additional configuration if it needs to be sent to appear to be from your CSCU email address. Contact your local IT if this is needed.
CSCU IT Policy specifically covers the use of private email addresses for faculty/staff and students:
- Employees are not allowed to conduct official CSCU business via private (unofficial) email accounts unless specifically authorized.
- Students who choose to have their emails auto-forwarded to private (unofficial) email addresses, do so at their own risk. The college/university is not responsible for any difficulties that may occur in the transmission of the emails.
All official college email communications including email sent from within the Blackboard learning management system, are sent to your college Office 365 email account. Employees and Students are expected to check their official email accounts on a frequent basis. Refer to the IT Policy on Electronic Communication.
Also in compliance with IT Policy on Electronic Communication, Faculty and staff should not forward their college email to another personal or business account, or send email to students from a personal account. Faculty who use Blackboard should set their Preferred Email in Banner Self Service as their college accounts, not to a personal or business account. This ensures that the Blackboard Email tool sends the messages from students to your college account. (See video on how to do this.)
- Students: Forwarding emails to personal accounts is not recommended and is not supported.
If you do choose to forward your email, be sure to set up your forwarding using the "Inbox and Sweep Rules, Forward action" rather than the "Accounts - Forwarding" settings. This is because the Office 365 "Accounts - Forwarding" setting actually redirects email rather than forwards it, which can cause problems as described below.
What is the difference between Forwarding and Redirecting?
How do I forward using Inbox and sweep rules and verify that I don't have redirecting enabled?
- Forwarded messages (using Inbox and Sweep rules - Forward action) appear as messages that are forwarded by your college email with FW: in subject and coming from your college email address. You can clearly see that email was forwarded from your college email and only emails from your inbox - not junk, spam or phishing emails are forwarded.
- Redirected messages (using Accounts - Forwarding) appear as though they came from the original sender directly to your personal email even though they were sent to your college email address and redirected. WARNING: Some email systems (i.e. AOL) use very strict rules and will not accept some "redirected" messages at all and you'll see undeliverable errors in your college inbox letting you know that your personal email's mail server rejected your redirected email. More importantly, when you redirect, you redirect everything sent to your email address - spam, phishing emails and junk mail - not just email from your inbox.
- When in OWA mail, click the Settings (gear) icon in the top right corner of the window and click the Mail link:
- In the left-side menu that will display, click Inbox and sweep rules.
- Click the + sign to create a new rule.
- In the "When the message arrives..." field, select the "apply to all messages" option from the dropdown list:
- In the "Do all of the following" field, select "Forward, redirect, or send">Forward the message to...":
- You will be prompted to enter an email address you wish to forward to (or select it from your Contacts).
- Enter your personal email address, and then click "Save."
- Click "OK" to save the rule (it will automatically be named):
- 13.Finally, if you had previously setup forwarding (i.e. actually redirects), please follow the steps below to turn off that setting. Otherwise, your messages may still be redirected instead of forwarded:
Students may report that they are receiving the following Undeliverable error back when they are attempting to email their professor:
This means the student is emailing the incorrect email address for the faculty member. The student is sending to Blackboard's do-not-reply address and not to the faculty member's actual email address as seen in the error message.
The instructions in the error message are meant to help the student locate the actual email address of the faculty members when using their college email account or Outlook. The included link: http://bit.ly/2mZeHHu shows how to do that also from within the college email account.
The problem arises because Blackboard sends emails to students from a "do-not-reply" address but have the faculty member's name set as the "from" address. This makes it appear that the email is coming from the faculty member. If the student clicks "Reply" to the Blackboard email, everything is fine because the email from Blackboard contains a correct reply-to address. The problem comes in when the student decides to create a new email to the faculty and types the name into the To field and selects the do-not-reply address that has the faculty member's name as the "name" - yet the email address is actually Blackboard's do-not-reply address.
The student needs to be aware that they are in fact attempting to email the do-not-reply address (which doesn't go anywhere) and NOT the faculty member.
If the student is using their college email account, they can use Ctrl-K after typing in the faculty member's name to search the college's address book for the faculty member's address:
When using Office 365, refer to Microsoft's article on managing your safe/block senders.
When using Outlook, refer to Microsoft's article for an overview of the junk mail feature.
This is very important to know when adding email addresses to your Safe Sender list: If you add an email address or domain to your Safe Sender list, you actually are also allowing spoofed email from someone pretending to be someone on your Safe Senders list! So because you added an email address to your Safe Sender, that means anyone on the Internet can now pretend to be that person and it will go into your inbox! You are bypassing anti-fraud/anti-spam and anti-phishing security features by adding email addresses to your Safe Senders list. It is recommended to be wary of email even in your inbox due to this.
We highly suggest regularly reviewing what is on your Safe Sender list and never adding a domain to your Safe Sender list.
NOTE: If you use both Outlook and the O365 portal to access your email, the safe/block sender list is the same.
Note about Mailing Lists: We are aware that mailing lists sometimes are not easy to add to your Safe Senders list as sometimes mailing lists use different behind-the-scenes sender addresses that are different each time. So if you see an email from a mailing list and your try to add it to your Safe Senders list, if you then go look at what was added to your Safe Senders list it may look like this: firstname.lastname@example.org and not who the mailing list appears to send the mail from for example something.org.
Do you continue to receive email from senders that you believe you already added to your block list? This may be because the email is not really coming from the same sender. Some spammers change the sender address each time making it nearly impossible to block their email or just like with mailing lists, they may make the behind-the-scenes sender address different but display a different email address to you.
Note that if you are using public folders, they do not support the Junk Mail feature so you can't block/allow a sender from sending mail to a public folder. Junk mail sent to a public folder will arrive in the Public Folder inbox.
If you use the "Not Junk" option on an email in your Junk folder - it will add the email address to your Safe Senders list. This may not be what you intended as you will bypass anti-spam/phishing/fraud security features for that email from now on.
We highly recommend disabling the "automatically trust" options shown below. This is because if you are automatically trusting your contacts/Safe Senders, it means you can also receive spoofed emails from phishers that pretend to be them when they simply change the "from" address to be a contact or Safe Sender. This means even mail that is flagged as junk but "from" a contact/safe sender will not be delivered to your junk folder, but will show up in your inbox. This is highly dangerous.
In Outlook, they are at the bottom of Safe Senders tab:
In the Office365 portal, they are on the Settings - Mail - Block or Allow page:
If the email is landing in your junk folder, you don't have to do anything as that's the proper place for junk/phishing email to be placed. If you are perusing your junk folder for potential legit mail that may have ended up in your junk folder, you may encounter inappropriate images/content that you may not want to see. In this case, you can review senders/subjects and just empty your junk folder once you are sure nothing legit has been placed there. You do not have to report junk mail or inappropriate mail ending up in your junk folder to anyone.
Your email may have been "harvested" from another source, something beyond your control and you are now receiving lots more junk than you ever did before. Letting Microsoft spam protection filter your email by using the "not junk" or "this is junk" features will tell Microsoft that they either let a junk mail through to your inbox (you then report it as junk from your inbox) or that a real mail was falsely categorized as junk (you then report it as not junk from your junk folder) and they will adjust their spam engine over time to hopefully categorize email correctly. Something that looks legit to you may look like junk to Microsoft.
Make sure you understand settings that may cause mail to not go where you expect it to go. We have other FAQ items about these situations:
- Have Clutter or Focused Inbox enabled? This may cause legit email to go to these locations instead of your inbox.
- Have the legacy Outlook client junk filtering enabled ? This may cause legit email to go to your junk folder.
- Do you continue to receive email from users you believe you already added to your block list?
There are actually two different Microsoft spam/junk filtering features. One is a legacy spam/junk filtering that is available from your Outlook client under Junk - Junk E-mail Options on the Options tab. This one can and should be disabled (by setting to "No automatic Filtering" as it was deprecated in 2016 by Microsoft and may cause email to end up in your junk folder that shouldn't:
However, note that the Safe and Blocked Senders tabs on the Junk E-mail Options page is still where you would control your personal Safe and Blocked Senders when using Outlook:
Options to configure the Office365 junk filtering is only accessible from the Office365 portal. You would want it enabled in order to have anti-spam/anti-phishing/anti-fraud protections. You should not disable this junk filtering - even if mail is ending up in your junk folder since it may be one of many other things that could be moving legit mail to your junk folder. By disabling this - you have NO protection from harmful phishing emails and your inbox will certainly fill with unwanted email. Instead, if legit email is ending up in your junk folder, work with your local IT to determine why.
To make sure Office365 junk filtering is enabled, once logged into the Office365 portal, click the settings icon in the top menu:
Then at the bottom of the Settings menu under "Your app settings", click Mail:
An Options menu will open on the left. Under Mail, Accounts, select "Block or Allow":
Make sure "Automatically filter junk email" is enabled:
Mail from blocked senders will still be sent to your Junk folder regardless if junk filtering is enabled or not. You'll also see your personal Safe and Blocked Senders on that same page.
NOTE: Even with "Automatically filter junk email" enabled, junk email can still appear in your inbox if you have users on your Safe Senders list. When you add email addresses or domains to your Safe Senders list - you are bypassing anti-fraud, anti-spam and anti-phishing features for those email addresses. Refer to the FAQ item about adding Safe Senders for precautions you need to be aware of.
Once you are done, you can click the left arrow next to Options to return to your inbox.
Please always report junk/phish using the Microsoft tools shown below, when they accidently make their way to your inbox. If you simply delete the emails, the anti-phish/anti-spam engine is not trained that it miscategorized the email and future emails will continue to be miscategorized. Reporting junk/phish using the Microsoft tools helps both us and Microsoft to learn about what was marked incorrectly and in the case of harmful phishing emails, to take further actions to protect others that the phishing email may have been sent to.
You may also report to your local IT that a particularly harmful phishing email was received in your inbox so they are also aware of the phishing campaign.
In Outlook, use the Report Message feature to report messages in your inbox as Junk or Phishing:
In the O365 portal, use the drop down to report as Junk or Phishing:
NOTE: Junk/phishing emails can end up in your inbox if the email addresses/domains they are spoofing are in your Safe Senders list. When you add email addresses or domains to your Safe Senders list - you are actually bypassing anti-fraud, anti-spam and anti-phishing features for those email addresses. For example, if you have email@example.com in your Safe Senders List - that means if someone spoofs that email address and sends you a phishing email - it will not go to junk - it will go to your inbox. This is very dangerous! It is recommended to first check to see if you have the email address on your Safe Senders list before you report that a malicious email ended up in your inbox. As this is the reason it bypassed Anti-Spam/Anti-Phishing security checks. Refer to the FAQ item about adding Safe Senders for precautions you need to be aware of when using the Safe Senders List.
The cause of why legit mail ends up in your Junk folder is not clear cut. However, we are aware of several situations where legit email may end up in your Junk folder:
1) A change in March of 2018 made by Microsoft that sends email from mail domains that do not implement proper authentication and puts you at risk of receiving phishing/spoofed emails from them. This has been done to better protect you from receiving phishing emails. Refer to the FAQ item about this change.
2) It may not be legit at all - just appearing to be legit - maybe from a real person you'd expect mail to come from, but instead it is a phishing email masqueraded to appear to be legit and that's why it was in your junk folder to begin with. You should not assume it was a mistake and move it out of your Junk folder into your inbox because you happen to recognize the sender's name. Instead, take caution with an email that was originally found in the Junk folder before following any links or opening any attachments as it may be malicious. You can open a ticket with the BOR-SupportServices@ct.edu.
3) The sender or domain (what appears after the @ in an email address) could be on your Blocked Sender list and even if the email itself is legit, it would be delivered to your Junk folder because it was on your blocked senders list. Check your Blocked Senders list to see if the sender is listed.
4) You could have an inbox rule that is moving certain emails to your Junk folder. Check your inbox rules to see if an inbox rule may have caused it to be placed in your junk folder.
5) If you have configured a device (i.e. a smart phone) to read your email - that device may have anti-spam features that move email to a junk folder. Samsung phones have been known to do this and even if you manually move the email to the inbox, if the phone is on, the email continues to move back to the junk folder. Check your phone settings and check your phone's spam list to see if the phone is the culprit.
6) You could have an Outlook plug-in trying to manage your spam moving what it believes is junk to the junk folder. Talk with your local IT department to see if there are any Outlook plug-ins enabled in Outlook. We have seen where the legacy Outlook Junk Filter (Outlook - Junk - Junk E-mail Options) moves legit email to the Junk folder. We recommend disabling this and only use the Office365 junk filtering.
7) And of course, it could very well be a legit email that was mistakenly marked as spam. If the email doesn't look fishy at all (i.e. no questionable attachment or a link to reset your password) then mark the email as Not Junk and it will move to your inbox - using "Not Junk" also tells Microsoft they may have made a mistake and it trains the spam engines for next time. However, be cautious of doing this as it could potentially be phishing (see #2 above).
We are using Advanced Threat Protection (ATP) for Faculty/Staff Office365 accounts to protect from malicious attachments. In order to do this it needs to scan the attachment which takes time (approx 4-10 minutes). To not delay the delivery of the rest of your message, Office365 replaces the original attachment(s) with an "ATP Scan in Progress" attachment letting you know it is in the process of scanning the attachment(s) to allow you to read the body of the message:
When the attachment has been scanned, the "ATP Scan in Progress" attachment will be replaced with either the original attachment(s) if they are safe or if it was identified as being malicious, it will be replaced with an "Unsafe Attachments Blocked" message and you will not have access to the malicious attachment.
NOTE: If you are auto forwarding/auto redirecting your mail to a private email account, you may not receive the attachment after scanning. As per the Electronic Communication policy section 6 Provisions, "Employees are not allowed to conduct official ConnSCU business via private (unofficial) email accounts unless specifically authorized." If there is a need to be excluded from having Dynamic Delivery applied to an account, open a ticket with the BOR-SupportServices@ct.edu.
To protect you from malicious attachments, email attachments may be scanned upon receipt. Therefore, emails with attachments may be delayed on average between 5-10 minutes yet not longer than 30 minutes. This is to protect you from receiving a malicious attachment.
If an email arrives that fails email authentication, the subject will contain [CSCU Unverified Sender] and the body will contain the following notice:
A common tactic used to "phish" for personal information is to send an email making it appear as if it came from our network (i.e. the sender's email address ends in commnet.edu or ct.edu) and asks you to provide personal information (username, password) or click a link to fix a problem (mailbox is full, account was changed, etc). To alert you not to be fooled in cases where email is intentionally trying to trick you into providing personal information, we added this warning to these emails. If you see this on an email you believe to be legitimate, either verify the sender sent the email by using other means (i.e. phone or text) or contact your IT Staff.
Can this be a legitimate email?
Yes, in certain circumstances, email is sent from external services (surveymonkey, Constant Contact, etc.) or outside services may be used by certain departments to send email to their users. The email is made to appear to have come from a CSCU email address (i.e. <address>@ct.edu). These types of emails are expected and you can open them. However, be cautious when you see this warning when an email asks you to provide personal information or click on a link to resolve an issue as described above as you know it came from outside our network. Be vigilant and ask your local IT before providing personal information like username or passwords when you receive a request via email with this warning on it.
Note that this message will also appear on emails from a mailing list or a listserve when you or anyone from CSCU sends an email to the list.
What if these emails are legit? If this is coming from a legitimate external service that hosts CCC services, a CCC contact needs to work with their IT department to open a ServiceDesk ticket. The System Office IT will work with them to provide the needed configuration to authenticate the emails.
Mail you expect to receive could have been moved to another folder rather than finding it in your inbox (i.e. bulk or spam could be in your Junk Folder). Also, look to see if you have any inbox rules in effect that would have moved them to another location or performed an action on them (i.e. delete). Microsoft also has features to help clean up your inbox by moving mail for you to other folders, check to see if you have a clutter and if mail is appearing in there, we recommend you disable Clutter (see FAQ item on Clutter/Focused Inbox).
Add senders you wish to receive email from to your safe sender list so that mail from those senders is not classified as spam. Remember to check your block list to make sure email addresses are not in your block list. Once the user is in your safe senders list, have them resend the email to see if you receive it. Read the precautions about adding email addresses to your Safe Senders list as you can receive spoofed email from others pretending to be users on your Safe Senders list.
Remember to think about the malware protections if the expected email contained an attachment. The email could be delayed or the attachment could have been blocked due to inherit risk with the attachment type.
If you still cannot find an expected email, contact your local IT department.
Remember that you need to follow state retention guidelines for email. Refer to the state's Records Management Program (there is a section for Email) for information about retention and proper destruction of email messages.
We have documented the process you need to folllow to import mail from a locally stored Outlook Data file (*.pst).
IMPORTANT: After you have imported mail from your Outlook Data files into your O365 mailbox, you need to confirm the mail was imported and then delete the Outlook Data File (*.pst).
If people are telling you that mail you are sending is being flagged as [CSCU Unverified Sender] and is ending up in their Junk folder, it could be because you are sending mail from an unauthorized 3rd party mail server, for example a personal mail account (cox.net, godaddy, etc.). Mail from a CSCU account should not be sent from unauthorized mail servers otherwise it will be flagged as being unverified and may end up in recipient's junk folder.
However, if you are receiving email flagged as [CSCU Unverified Sender] because you receive email from an external service that hosts CCC services (like a WordPress site or a form that collects info and sends you the results), then you need to work with your IT department to open a ServiceDesk ticket. The System Office IT will work with you to provide the needed configuration to authenticate the emails. NOTE: Sometimes web forms like these are used by spammers and you end up receiving spam flagged as [CSCU Unverified Sender] and appears to come from you - this means your form needs to add form protection to protect itself from spamming robots (i.e. captcha).
You may also be sending mail using your other CSCU domain. Users have the ability to receive email from one of two different domains: a *.commnet.edu domain and another domain specific to the college (i.e. @asnuntuck.edu or @nvcc.edu). However, only one of them is your primary email address that you can send mail as. If you send mail as the one that is not your primary email address domain, your mail may end up in other user's Junk Email folders. To avoid this, find out what is your primary email address and only use that when sending out email.
You may also be posting to a mailing list on the Internet that other CSCU faculty/staff are members of. When you post to the mailing list and they receive your post, it looks to them like it came directly from your CSCU email address when in fact it came from the mailing list making it look like it came from you. There isn't that much you can do about it. If they add you to their Approved Sender's list, the email will be delivered to their inbox but the email may still be flagged as [CSCU Unverified Sender].
In the past, you may have been able to send email to a large number of users (i.e. bulk email) from your CSCU account. We are now hosted by Microsoft servers and Microsoft has a strict policy against sending bulk email. Your mail may at first be sent to a few recipients, but if Microsoft classifies you as a bulk sender, your mail may not be received at all by the recipient. You may also start to get Non Delivery Reports (an error message) sent back to you letting you know that Microsoft has indeed blocked you from sending any more outbound mail until your account is unblocked by an admin.
If this happens, you will need to contact your local IT department to unblock your account. You will still be able to receive email and you should be able to send internal mail, but you will not be able to send email to a recipient outside our organization. It may take up to 12 hours to unblock your account.
If you continue to send bulk email and Microsoft blocks you again, your local IT may need to work with Microsoft to unblock your account.
If you are sending email to CSCU students, Faculty/Staff are advised to send email to student's Office365 account. This avoids being classified as an outbound bulk mailer as mail to CSCU students does not leave Microsoft's environment.
If you need to send bulk mail to non-CSCU email addresses from your CSCU address, please contact your local IT department. If you use a 3rd party service (i.e. a mailing list) and you make the email appear to come from your CSCU account, it may be sent to junk folders or rejected.
Update: As of May 31, 2019, CCC student accounts will also be protected by ATP Safe Links.
We are using URL protection to protect you from known malicious URLs. In order to do this, Office365 rewrites the links found in emails so that when you click on the link, before it sends you to the site, it is checked against their database of known malicious URLs (those that bring you to a malicious website). If it is known to be malicious, it won't allow you to go to the site. It will look something like this:
That link shown above was in a phishing email designed to make you think the link you were clicking on was to Microsoft. In fact, the link was malicious and would have taken you to a malicious site if we weren't using the URL protection.
If you hovered over the link before you clicked on it - you would have seen the rewritten link - it contains "na01.Safe Links.protection.outlook.com" and then contains the rest of the link. If you get this block page, you know it was malicious site. Just delete the original email.
Note that for some types of URLs you may see the rewritten link right in the body of the email like this:
This is OK too, it just means that the person who sent the email did not make the link "pretty" and just included a link like this: http://www.target.com right in their email.
More information is found in our O365 ATP Safe Links User Guide.
If you want to forward a link to someone outside our organization, click the rewritten link first to verify that it is not a known malicious site, then copy the real URL from the browser and send that link. Then you are not sending the rewritten link that is protected by O365 Safe Links.
You can also use this tool to decode the rewritten URL by pasting in the rewritten link. You can then send the decoded link directly to someone.
Update: As of May 31, 2019, CCC student accounts will also be protected by ATP Safe Links.
We use URL protection by Microsoft called Safe Links. If you clicked on a link in an email and you were taken to an Office365 block page, it means the link was a known malicious link found in a phishing/malicious email. See the above FAQ for Why do the links in my emails look different?.
We utilize O365's URL protection called Safe Links. One of the features of Safe Links is to scan links to downloadable content (i.e. a Word doc or PDF file) to make sure it is not a malicious document. If you clicked on a link in an email and you were taken to an Office365 "This link is being scanned" page:
This page means the linked content is currently being scanned for malware and you need to wait for the scanning to complete. It should take on average between 4 and 10 minutes to scan. After the document is scanned, if it not malware, you will be able to visit the link. However, if the linked content is indeed malware, access to the link will be blocked. See the above FAQ for I clicked on a link in an email and it told me it was blocked. Why?.
When asked to provide a message's Full Internet Headers:
Follow these simple steps for Outlook 2010 and later.
1. From Outlook, double click the email so that it opens the email content in it's own separate window.
2. In the separate window that opened showing your message content, make sure you are on the Message tab and then look in the Tags section - click the arrow icon in the lower right hand corner to open the message's Properties window.
3. At the bottom of the Properties window, you'll see an Internet Headers field. Click anywhere inside that field, press Ctrl-A to select all the text, then press Ctrl-C to copy. You may close the Properties window.
4. Now simply forward the message with the included Internet headers by first clicking Forward on the selected message, then click inside the body of the forwarded message and press Ctrl-V to paste the Internet Headers that were copied in the previous step. Forward that message to BOR-SupportServices@ct.edu
Follow these steps when in Office365:
1. Select the message by either double clicking the message or viewing the message in the message preview.
2. To the right of the message's information (Sender, Date, Recipients) you'll see a thumbs up icon and a drop down to the right of Reply options. Click the drop down arrow and select "View Message Details"
3. Wait for the Message Detail page to populate then click inside the window. Copy the Message Headers and using Ctrl-A to select all and Ctrl-C to copy. Click Close.
4. Click the down arrow again and this time select Forward, click Ctrl-V to paste the headers you just copied into the body of the forwarded message. Forward that message to BOR-SupportServices@ct.edu
Update: As of May 31, 2019, CCC student accounts will also be protected by ATP Safe Attachments.
Emails with attachments are protected by O365 ATP Safe Attachment. Attachments identified as malware, large attachments as well as certain file types that are known to be inherently insecure or are commonly used to spread viruses are stripped from emails. Most of the file types are not commonly used in typical email communications for sending pictures, videos, etc. They are typically system files such as .exe, .jar, .dll, or .scr files so stripping these files most likely will not effect everyday email communication. But you may run into certain file types that are used in classroom settings that are also stripped due to their inherent risk.
For security reasons, we do not list all the file types that will be stripped, yet you will know if it was stripped because a footer will be added to the message body similar to this text if you receive an email with a stripped attachment:--------CSCU Notice-------------------------------------------------
NOTE: This email included an attachment <various reasons listed here> For more information, visit: http://supportcenter.ct.edu/Service/Office365.asp
If a compressed archive (.zip, .rar) contains files that will be stripped, the entire archive will be removed so compressing them will NOT allow it to pass the filter.
Use another method to transport these files (i.e. OneDrive cloud attachments, share it via OneDrive for Business) For security reasons a notification is not sent to the sender of the email with the stripped attachment, just the recipient.NOTE: The software will strip these files based on the type of file that it is, not just the extension used to name the file. Therefore, renaming the files to another extension will NOT allow it to pass the filter.
You may have seen or heard about an Office365 feature currently available called Clutter. Clutter aimed to help clean up your inbox by sorting low-priority messages into a separate Clutter folder.
How to disable Clutter from Outlook:
Right click the Clutter folder and click Manage Clutter. A browser window will launch prompting for your NetID and password:
Once logged in, uncheck "Separate items identified as clutter" and click Save.
NOTE: Even with Clutter disabled, the Clutter folder will still be visible until they decommission the feature. If there were any emails left in the Clutter folder, they will remain in there until you move them out manually.
So what is Focused Inbox?
Focused Inbox helps you focus on the most important items in your inbox and moves "other" mail to a separate folder. What appears in your Focused Inbox is based on an understanding of the people you interact with often and the content of the email. You can fine tune messages as well by moving email to the Focused folder or the Other folder.
Microsoft is in the process of rolling the feature out to all of their customers, so you may not yet have the feature available to you. This Focused Inbox link includes information on how to enable/disable it once it is rolled out to you, as well as an FAQ that will answer your questions on Focused Inbox and Clutter that you may have.