Connecticut State Colleges & Universities
IT Support Center

Office 365 - Email FAQ

IMPORTANT! We are moving FAQ items from this list to Service Now.

You need to be logged into Service Now to see internal KB articles. Click 'Log In' in upper right corner to login to Service Now if you are not logged already or if you see the "you do not have privileges" error:

REMINDER: Auto-forwarding is not allowed to external addresses

Are you receiving continuous delivery failure messages? It may be that you have have a mailbox rule that forwards/redirects your CCC mail to an external address or your account has been blocked by outbound mail policies. Refer to these Service Now KB articles for more info.

Questions:

Answers:

  •  I was told my O365 account was compromised! What do I do now?
  • You may be told either that your O365 account was potentially compromised or is known to have been compromised. Or you simply suspect your account might get compromised (such as you provided your username/password on a website and then you question that it might not have been a valid site later).

    In any case, you should take the following precautions:

    • Change your password immediately if not done already by IT. Your local IT may have already done this for you if your account was known to have been compromised (i.e. they saw evidence it was logged into by someone else or was sending phishing emails). If you suspect you may have entered your username/password into a website that you are now questioning - it could protect your account from being compromised if you change it before they have a chance to use it.
    • If you have not already been working with your local IT, contact them to let them know you provided your username/password. They may need to know the email and link you clicked on.
    • If you use the same password (not recommended) for other accounts, we recommend you change those to something else. For example, if you use the same password for your Amazon account and you have an Amazon email in your O365 mailbox, the person accessing your account could potentially have access now to your Amazon account. Therefore, we recommend never using the same password for multiple accounts. If you have trouble rememembering them - use a secure password safe (i.e. passwd safe).
    • If you spot the phishing email that caused you to provide your username/password to someone else, report it as a phish so that Microsoft can learn it and start blocking it before it reaches others' inboxes. Do not respond/antagonize the phisher or lead them on.
    • VERY IMPORTANT! Check out any inbox rules (Outlook or OWA) to make sure there isn't something listed that you don't recognize. Disable any rules that looks suspicious and let IT know in case they need the information. They may recommend to simply delete them if they are not needed. Here is a common example of an inbox rule setup in a compromised account:
    • Look through the list of users on your Safe Sender list. Don't recognize one - delete it. We've seen phishers add themselves to your Safe Sender list so they can get around Anti-Spam/Anti-Phish settings.
    • Are your Safe Sender settings allowing spoofed emails to go right to your inbox? We highly suggest reviewing the FAQ article for safe senders and disabling the settings that automatically trust any email from those on your contact/safe sender lists as well as review what is on your safe sender list regularly. You should never have a whole domain in your safe sender list. If you have them listed, remove them. Take the time now to cleanup your safe sender by checking out that FAQ.
    • After you have provided information to IT if needed, go through your inbox, sent and drafts folders and delete any remnants of the phishing campaign. If your account was used to send out phishing emails, you may see 100s of undeliverable errors messages that can also be deleted.
    • If someone was in your account because your account was compromised, make sure you check out your Deleted Items folder as well to see if they deleted important mail. You may need to move important email back to your inbox after you have removed any inbox rules that they might have set up in your account.
    • If you are authorized to access sensitive data, your IT will work with you to scan your O365 data, making sure none was present.
    • Educate yourself about phishing emails to avoid becoming a victim again by visiting the FTC's phishing page or the Phishing.org site. Or visit our SupportCenter page that lists recent phishing emails.
    • You may also report a scam through the FTC's reporting page (i.e. if you receive a fake check, rip-off, imposter emails, etc).
  •  I clicked on a phishing link and (may have) attempted to login. What do I do now?
  • If you clicked on a link in a phishing email that brought you to a site that looked like another one (O365 login page, Blackboard login page, Google login page, etc) and you entered your CCC username and password into that fake site, you are at risk for your account to be compromised.

    This is now being maintained in a Service Now KB article.
    You need to be logged into Service Now to see KB articles. Click 'Log In' in upper right corner to login to Service Now if you are not logged in.
  •  Why am I getting Undeliverable email reports sent to me?
  • Information about undeliverables can be found in Service Now KB articles.
    You need to be logged into Service Now to see these KB articles. Click 'Log In' in upper right corner to login to Service Now.

    There are many reasons you could be getting Undeliverable emails sent to you. It's important to look at the information contained in the Undeliverable message:

    • If it contains "suspected of sending spam and it's no longer allowed to send email" and "Access denied. bad outbound sender", then it means Microsoft has blocked your account due to outbound emails. Refer to this FAQ item.
    • If it contains "Your message wasn't delivered because the recipient's email provider rejected it." and "Access denied, Your organization does not allow external forwarding.", then it means you are attempting to auto forward your mail which is not allowed. Refer to this ServiceNow KB article.
    • You may be getting Undeliverable messages back for messages that you don't recognize that you ever sent out. This could be because your account was conpromised and used to send out phishing emails. Refer to this FAQ item.
    • If none of these situations apply, contact us using the Service Portal and make sure to provide the contents of the Undeliverable message you received.
  •  Email that used to go to my inbox is now going to my junk folder! Why?
  • To better protect against phishing emails, starting back in March 2018, Microsoft enabled a strict security feature that causes mail that typically would go to your inbox, to instead be sent to your junk folder. This change affects mail from specific mail domains that are not using proper authentication measures for mail sent from their mail domain. This means mail from their mail domain is at risk for being used for phishing email attacks. This isn't the only reason that legit mail would end up in your junk folder, refer to the FAQ article for other reasons legit mail may end up in your junk folder.

    Because they implemented this change to protect the email recipient, you, from receiving phishing emails that could be used to compromise your account, they do not recommend whitelisting or adding those email senders to safe sender list. This is because it doesn't fix the problem, it will only send that email sender's email to your inbox (not anyone else's) AND it allows you to receive phishing emails from anyone on your safe senders list. Refer to the FAQ article related to the safe senders list and the risk associated with adding senders to your safe sender list.

    What can you do? You can help them out by letting them know their mail admin may need to address this by sending them this information about the change that Microsoft implemented:

    "We are a Microsoft O365 customer and Microsoft recently implemented a change that is sending any emails from your domain to junk folders unless changes are made to your mail sender's domain (implement valid SPF/DKIM records.) Here is information for your mail admins as to what Microsoft implemented: https://products.office.com/en-US/business/office-365-roadmap?filters=&featureid=27049 and why email from your domain is going to O365 customer's junk folders."

    In the meantime, check your junk folder for mail that may have been placed there that typically would have gone to your inbox. We do not recommend opening emails found in your junk folder as this is the location for phishing emails so please use caution when opening mail found in your junk folder. If you find phishing emails while looking in your junk folder, know that you do not have to report them as this is the proper location for where phishing emails are placed.

  •  How do I block or allow senders?
  • This is now being maintained in a Service Now KB article.
    You need to be logged into Service Now to see KB articles. Click 'Log In' in upper right corner to login to Service Now if you are not logged in.

  • What do I do with all this junk mail I'm getting?
  • If the email is landing in your junk folder, you don't have to do anything as that's the proper place for junk/phishing email to be placed. If you are perusing your junk folder for potential legit mail that may have ended up in your junk folder, you may encounter inappropriate images/content that you may not want to see. In this case, you can review senders/subjects and just empty your junk folder once you are sure nothing legit has been placed there. You do not have to report junk mail or inappropriate mail ending up in your junk folder to anyone.

    Your email may have been "harvested" from another source, something beyond your control and you are now receiving lots more junk than you ever did before. Letting Microsoft spam protection filter your email by using the "not junk" or "this is junk" features will tell Microsoft that they either let a junk mail through to your inbox (you then report it as junk from your inbox) or that a real mail was falsely categorized as junk (you then report it as not junk from your junk folder) and they will adjust their spam engine over time to hopefully categorize email correctly.  Something that looks legit to you may look like junk to Microsoft.

    Make sure you understand settings that may cause mail to not go where you expect it to go. We have other FAQ items about these situations:

  • Is spam filtering enabled for my account?
  • There are actually two different Microsoft spam/junk filtering features. One is a legacy spam/junk filtering that is available from your Outlook client under Junk - Junk E-mail Options on the Options tab. This one can and should be disabled (by setting to "No automatic Filtering" as it was deprecated in 2016 by Microsoft and may cause email to end up in your junk folder that shouldn't:

    However, note that the Safe and Blocked Senders tabs on the Junk E-mail Options page is still where you would control your personal Safe and Blocked Senders when using Outlook.

    In the O365 portal, you can't disable junk filtering but you can manage your Safe and Block senders and a few important settings that may be sending email to your junk/inbox folders. It is on the Settings page:

    Then at the bottom of the Settings menu under "Your app settings", click Mail:

     

    Then select mail - Junk email:

    Review your safe/blocked senders often and make sure you do not enable either of the Filters. One would send all email from anyone  not on your safe sender list to your junk folder, the other could send spoofed email from anyone pretending to be on your safe list, to your inbox - even malicious fake emails! Both are very dangerous.

    When you add email addresses or domains to your Safe Senders list - you are bypassing anti-fraud, anti-spam and anti-phishing features for those email addresses. Refer to the FAQ item about adding Safe Senders for precautions you need to be aware of.

  •  What do I have to know about phishing?
  • This is now being maintained in a Service Now KB article.
    You need to be logged into Service Now to see KB articles. Click 'Log In' in upper right corner to login to Service Now if you are not logged in.
  •  How do I report junk/phishing emails that end up in my inbox?
  • This is now being maintained in a Service Now KB article.
    You need to be logged into Service Now to see KB articles. Click 'Log In' in upper right corner to login to Service Now if you are not logged in.
  •  Why is legit mail going to my Junk folder?
  • The cause of why legit mail ends up in your Junk folder is not clear cut. However, we are aware of several situations where legit email may end up in your Junk folder:

    1) A change in March of 2018 made by Microsoft that sends email from mail domains that do not implement proper authentication and puts you at risk of receiving phishing/spoofed emails from them. This has been done to better protect you from receiving phishing emails. Refer to the FAQ item about this change.

    2) It may not be legit at all - just appearing to be legit - maybe from a real person you'd expect mail to come from, but instead it is a phishing email masqueraded to appear to be legit and that's why it was in your junk folder to begin with. You should not assume it was a mistake and move it out of your Junk folder into your inbox because you happen to recognize the sender's name. Instead, take caution with an email that was originally found in the Junk folder before following any links or opening any attachments as it may be malicious. You can open a ticket with the BOR-SupportServices@ct.edu.

    3) The sender or domain (what appears after the @ in an email address) could be on your Blocked Sender list and even if the email itself is legit, it would be delivered to your Junk folder because it was on your blocked senders list. Check your Blocked Senders list to see if the sender is listed.

    4) You could have an inbox rule that is moving certain emails to your Junk folder. Check your inbox rules to see if an inbox rule may have caused it to be placed in your junk folder.

    5) If you have configured a device (i.e. a smart phone) to read your email - that device may have anti-spam features that move email to a junk folder. Samsung phones have been known to do this and even if you manually move the email to the inbox, if the phone is on, the email continues to move back to the junk folder. Check your phone settings and check your phone's spam list to see if the phone is the culprit.

    6) You could have an Outlook plug-in trying to manage your spam moving what it believes is junk to the junk folder. Talk with your local IT department to see if there are any Outlook plug-ins enabled in Outlook. We have seen where the legacy Outlook Junk Filter (Outlook - Junk - Junk E-mail Options) moves legit email to the Junk folder. We recommend disabling this and only use the Office365 junk filtering.

    7) And of course, it could very well be a legit email that was mistakenly marked as spam. If the email doesn't look fishy at all (i.e. no questionable attachment or a link to reset your password) then mark the email as Not Junk and it will move to your inbox - using "Not Junk" also tells Microsoft they may have made a mistake and it trains the spam engines for next time. However, be cautious of doing this as it could potentially be phishing (see #2 above).

  •  Why is my attachment being scanned by ATP?
  • We are using Advanced Threat Protection (ATP) for Faculty/Staff Office365 accounts to protect from malicious attachments. In order to do this it needs to scan the attachment which takes time (approx 4-10 minutes). To not delay the delivery of the rest of your message, Office365 replaces the original attachment(s) with an "ATP Scan in Progress" attachment letting you know it is in the process of scanning the attachment(s) to allow you to read the body of the message:

    When the attachment has been scanned, the "ATP Scan in Progress" attachment will be replaced with either the original attachment(s) if they are safe or if it was identified as being malicious, it will be replaced with an "Unsafe Attachments Blocked" message and you will not have access to the malicious attachment.

    NOTE: If you are auto forwarding/redirecting your mail to a private email account, you may not receive the attachment after scanning. As per the Electronic Communication policy section 6 Provisions, "Employees are not allowed to conduct official ConnSCU business via private (unofficial) email accounts unless specifically authorized." If there is a need to be excluded from having Dynamic Delivery applied to an account, open a ticket with the BOR-SupportServices@ct.edu.

  •  Why is there a delay when I receive certain email?
  • To protect you from malicious attachments, email attachments may be scanned upon receipt. Therefore, emails with attachments may be delayed on average between 5-10 minutes yet not longer than 30 minutes. This is to protect you from receiving a malicious attachment.

  •  Why am I seeing email flagged as [CSCU Unverified Sender]?
  • This is now being maintained in a Service Now KB article.
    You need to be logged into Service Now to see KB articles. Click 'Log In' in upper right corner to login to Service Now if you are not logged in.
  •  What can I do about lost or missing email?
  • Mail you expect to receive could have been moved to another folder rather than finding it in your inbox (i.e. bulk or spam could be in your Junk Folder). Also, look to see if you have any inbox rules in effect that would have moved them to another location or performed an action on them (i.e. delete). Microsoft also has features to help clean up your inbox by moving mail for you to other folders, check to see if you have clutter of focused inbox enabled and if mail is appearing in there, we recommend you disable Clutter (see FAQ item on Clutter/Focused Inbox).

    Refer to Microsoft's article on how to search for mail and people in Office 365.

    Add senders you wish to receive email from to your safe sender list so that mail from those senders is not classified as spam. Remember to check your block list to make sure email addresses are not in your block list. Once the user is in your safe senders list, have them resend the email to see if you receive it. Read the precautions about adding email addresses to your Safe Senders list as you can receive spoofed email from others pretending to be users on your Safe Senders list.

    Remember to think about the malware protections if the expected email contained an attachment. The email could be delayed or the attachment could have been blocked due to inherit risk with the attachment type.

    If you still cannot find an expected email, contact your local IT department.

  •  Now that my mailbox is in the cloud, what can I do with Outlook Data Files (.pst) that were created by exporting mail out of my inbox?
  • Remember that you need to follow state retention guidelines for email. Refer to the state's Records Management Program (there is a section for Email) for information about retention and proper destruction of email messages.

    We have documented the process you need to folllow to import mail from a locally stored Outlook Data file (*.pst).

    IMPORTANT: After you have imported mail from your Outlook Data files into your O365 mailbox, you need to confirm the mail was imported and then delete the Outlook Data File (*.pst).

  •  Why are people telling me my mail is flagged as [CSCU Unverified Sender]?
  • This is now being maintained in a Service Now KB article.
    You need to be logged into Service Now to see KB articles. Click 'Log In' in upper right corner to login to Service Now if you are not logged in.

  •  Why do the links in my emails look different?
  • We are using URL protection to protect you from known malicious URLs. In order to do this, Office365 rewrites the links found in emails so that when you click on the link, before it sends you to the site, it is checked against their database of known malicious URLs (those that bring you to a malicious website). If it is known to be malicious, it won't allow you to go to the site. It will look something like this:

     

    That link shown above was in a phishing email designed to make you think the link you were clicking on was to Microsoft. In fact, the link was malicious and would have taken you to a malicious site if we weren't using the URL protection.

    If you hovered over the link before you clicked on it - you would have seen the rewritten link - it contains "na01.Safe Links.protection.outlook.com" and then contains the rest of the link. If you get this block page, you know it was malicious site. Just delete the original email.

    Note that for some types of URLs you may see the rewritten link right in the body of the email like this:

    This is OK too, it just means that the person who sent the email did not make the link "pretty" and just included a link like this: http://www.target.com right in their email.

    More information is found in our O365 ATP Safe Links User Guide.

    If you want to forward a link to someone outside our organization, click the rewritten link first to verify that it is not a known malicious site, then copy the real URL from the browser and send that link. Then you are not sending the rewritten link that is protected by O365 Safe Links.

    You can also use this tool to decode the rewritten URL by pasting in the rewritten link. You can then send the decoded link directly to someone.

  •  I clicked on a link in an email and it told me it was blocked. Why?
  • We use URL protection by Microsoft called Safe Links.  If you clicked on a link in an email and you were taken to an Office365 block page, it means the link was a known malicious link found in a phishing/malicious email. See the above FAQ for Why do the links in my emails look different?.

  •  I clicked on a link in an email and it sent me to a page that said a scan was pending. Why?
  • We utilize O365's URL protection called Safe Links.  One of the features of Safe Links is to scan links to downloadable content (i.e. a Word doc or PDF file) to make sure it is not a malicious document. If you clicked on a link in an email and you were taken to an Office365 "This link is being scanned" page:


    This page means the linked content is currently being scanned for malware and you need to wait for the scanning to complete. It should take on average between 4 and 10 minutes to scan. After the document is scanned, if it not malware, you will be able to visit the link. However, if the linked content is indeed malware, access to the link will be blocked. See the above FAQ for I clicked on a link in an email and it told me it was blocked. Why?.

  •  What attachments are stripped and why?
  • This is now being maintained in a Service Now KB article.
    You need to be logged into Service Now to see KB articles. Click 'Log In' in upper right corner to login to Service Now if you are not logged in.

  •  What is Clutter and Focused Inbox? Can I disable them?
  • This is now being maintained in a Service Now KB article.
    You need to be logged into Service Now to see KB articles. Click 'Log In' in upper right corner to login to Service Now if you are not logged in.

     

This FAQ was last updated: Friday, April 22, 2022