You may be told either that your O365 account was potentially compromised or is known to have been compromised. Or you simply suspect your account might get compromised (such as you provided your username/password on a website and then you question that it might not have been a valid site later).
In any case, you should take the following precautions:
- Change your password immediately. Your local IT may have already done this for you if your account was known to have been compromised (i.e. they saw evidence it was logged into by someone else or was sending phishing emails). If you suspect you may have entered your username/password into a website that you are now questioning - it could protect your account from being compromised if you change it before they have a chance to use it.
- If you have not already been working with your local IT, contact them to let them know you provided your username/password. They may need to know the email and link you clicked on.
- If you use the same password (not recommended) for other accounts, we recommend you change those to something else. For example, if you use the same password for your Amazon account and you have an Amazon email in your O365 mailbox, the person accessing your account could potentially have access now to your Amazon account. Therefore, we recommend never using the same password for multiple accounts. If you have trouble rememembering them - use a secure password safe (i.e. passwd safe).
- If you spot the phishing email that caused you to provide your username/password to someone else, report it as a phish so that Microsoft can learn it and start blocking it before it reaches others' inboxes. Do not respond/antagonize the phisher or lead them on.
- VERY IMPORTANT! Check out any inbox rules (Outlook or OWA) to make sure there isn't something listed that you don't recognize. Disable any rules that looks suspicious and let IT know in case they need the information. They may recommend to simply delete them if they are not needed. Here is a common example of an inbox rule setup in a compromised account:
- Check out your forwarding settings to make sure it is not something that was set by someone else accessing your account. Often, the phisher will setup a gmail/aol account to receive a copy of everyone of your emails. You need to make sure no forwarding is enabled on your account.
- After you have provided information to IT if needed, go through your inbox, sent and drafts folders and delete any remnants of the phishing campaign. If your account was used to send out phishing emails, you may see 100s of undeliverable errors messages that can be deleted.
- Educate yourself about phishing emails to avoid becoming a victim again by visiting the FTC's phishing page or the Anti-Phishing Working Group. Or visit our SupportCenter page that lists recent phishing emails.
To better protect against phishing emails, starting in March 2018, Microsoft enabled a strict security feature that causes mail that typically would go to your inbox, to instead be sent to your junk folder. This change affects mail from specific mail domains that are not using proper authentication measures for mail sent from their mail domain. This means mail from their mail domain is at risk for being used for phishing email attacks. This isn't the only reason that legit mail would end up in your junk folder, refer to the FAQ article for other reasons legit mail may end up in your junk folder.
Because they implemented this change to protect the email recipient, you, from receiving phishing emails that could be used to compromise your account, they do not recommend whitelisting or adding those email senders to safe sender list. This is because it doesn't fix the problem, it will only send that email sender's email to your inbox (not anyone else's) AND it allows you to receive phishing emails from anyone on your safe senders list. Refer to the FAQ article related to the safe senders list and the risk associated with adding senders to your safe sender list.
What can you do? You can help them out by letting them know their mail admin may need to address this by sending them this information about the change that Microsoft implemented:
"We are a Microsoft O365 customer and Microsoft recently implemented a change that is sending any emails from your domain to junk folders unless changes are made to your mail sender's domain (implement valid SPF/DKIM records.) Here is information for your mail admins as to what Microsoft implemented: https://products.office.com/en-US/business/office-365-roadmap?filters=&featureid=27049 and why email from your domain is going to O365 customer's junk folders."
In the meantime, check your junk folder for mail that may have been placed there that typically would have gone to your inbox. We do not recommend opening emails found in your junk folder as this is the location for phishing emails so please use caution when opening mail found in your junk folder. If you find phishing emails while looking in your junk folder, know that you do not have to report them as this is the proper location for where phishing emails are placed.
There are good ways and not good ways to send bulk mail (mail to 100's or 1000's of email recipients at one time). Some methods may be rejected by Microsoft and never make it to the recipient's inbox. Because our email is hosted by Microsoft, it is subject to their mail policies and they have a policy against sending bulk email to external recipients (i.e. non CCC or System Office).
If you attempt to send an email to a lot of external recipients, at some point, Microsoft will classify you as an outbound spammer and start blocking all your external email. When that happens, you will start receiving errors when you send to external addresses: "Access denied, bad outbound sender" and won't be able to send external email until the block is lifted from your account. If you do this too many times, it becomes more difficult to lift the block and will require special action to remove the block. NOTE: You will continue to be able to send to internal (i.e. CCC or System Office) recipients.
Due to Microsoft's requirement that bulk mail is not supported, Faculty/Staff are advised to send email to student's Office365 account as email to student's Office365 account is not external (as long as the user is not forwarding their mail to an external email address). Be aware that there is also a 500 recipient limit per single email.
If you need to send bulk email to external recipients (i.e. Yahoo, AOL, etc.), a 3rd party mailer such as Constant Contact or Mail Chimp will need to be used. Sending email from a 3rd party mailer may require additional configuration if it needs to be sent to appear to be from your CSCU email address. Contact your local IT if this is needed.
CSCU IT Policy specifically covers the use of private email addresses for faculty/staff and students:
- Employees are not allowed to conduct official CSCU business via private (unofficial) email accounts unless specifically authorized.
- Students who choose to have their emails auto-forwarded to private (unofficial) email addresses, do so at their own risk. The college/university is not responsible for any difficulties that may occur in the transmission of the emails.
All official college email communications including email sent from within the Blackboard learning management system, are sent to your college Office 365 email account. Employees and Students are expected to check their official email accounts on a frequent basis. Refer to the IT Policy on Electronic Communication.
Also in compliance with IT Policy on Electronic Communication, Faculty and staff should not forward their college email to another personal or business account, or send email to students from a personal account. Faculty who use Blackboard should set their Preferred Email in Banner Self Service as their college accounts, not to a personal or business account. This ensures that the Blackboard Email tool sends the messages from students to your college account. (See video on how to do this.)
- Students: Forwarding emails to personal accounts is not recommended and is not supported.
If you do choose to forward your email, be sure to set up your forwarding using the "Inbox and Sweep Rules, Forward action" rather than the "Accounts - Forwarding" settings. This is because the Office 365 "Accounts - Forwarding" setting actually redirects email rather than forwards it, which can cause problems as described below.
What is the difference between Forwarding and Redirecting?
How do I forward using Inbox and sweep rules and verify that I don't have redirecting enabled?
- Forwarded messages (using Inbox and Sweep rules - Forward action) appear as messages that are forwarded by your college email with FW: in subject and coming from your college email address. You can clearly see that email was forwarded from your college email and only emails from your inbox - not junk, spam or phishing emails are forwarded.
- Redirected messages (using Accounts - Forwarding) appear as though they came from the original sender directly to your personal email even though they were sent to your college email address and redirected. WARNING: Some email systems (i.e. AOL) use very strict rules and will not accept some "redirected" messages at all and you'll see undeliverable errors in your college inbox letting you know that your personal email's mail server rejected your redirected email. More importantly, when you redirect, you redirect everything sent to your email address - spam, phishing emails and junk mail - not just email from your inbox.
- When in OWA mail, click the Settings (gear) icon in the top right corner of the window and click the Mail link:
- In the left-side menu that will display, click Inbox and sweep rules.
- Click the + sign to create a new rule.
- In the "When the message arrives..." field, select the "apply to all messages" option from the dropdown list:
- In the "Do all of the following" field, select "Forward, redirect, or send">Forward the message to...":
- You will be prompted to enter an email address you wish to forward to (or select it from your Contacts).
- Enter your personal email address, and then click "Save."
- Click "OK" to save the rule (it will automatically be named):
- 13.Finally, if you had previously setup forwarding (i.e. actually redirects), please follow the steps below to turn off that setting. Otherwise, your messages may still be redirected instead of forwarded:
Students may report that they are receiving the following Undeliverable error back when they are attempting to email their professor:
This means the student is emailing the incorrect email address for the faculty member. The student is sending to Blackboard's do-not-reply address and not to the faculty member's actual email address as seen in the error message.
The instructions in the error message are meant to help the student locate the actual email address of the faculty members when using their college email account or Outlook. The included link: http://bit.ly/2mZeHHu shows how to do that also from within the college email account.
The problem arises because Blackboard sends emails to students from a "do-not-reply" address but have the faculty member's name set as the "from" address. This makes it appear that the email is coming from the faculty member. If the student clicks "Reply" to the Blackboard email, everything is fine because the email from Blackboard contains a correct reply-to address. The problem comes in when the student decides to create a new email to the faculty and types the name into the To field and selects the do-not-reply address that has the faculty member's name as the "name" - yet the email address is actually Blackboard's do-not-reply address.
The student needs to be aware that they are in fact attempting to email the do-not-reply address (which doesn't go anywhere) and NOT the faculty member.
If the student is using their college email account, they can use Ctrl-K after typing in the faculty member's name to search the college's address book for the faculty member's address:
This is very important to know when adding email addresses to your Safe Sender list: If you add an email address or domain to your Safe Sender list, you actually are also allowing spoofed email from someone pretending to be someone on your Safe Senders list! So because you added an email address to your Safe Sender, that means anyone on the Internet can now pretend to be that person and it will go into your inbox! You are bypassing anti-fraud/anti-spam and anti-phishing security features by adding email addresses to your Safe Senders list. It is recommended to be wary of email even in your inbox due to this.
When using Office 365, refer to Microsoft's article on managing your safe/block senders.
When using Outlook, refer to Microsoft's article for an overview of the junk mail feature.
NOTE: If you use both Outlook and the O365 portal to access your email, the safe/block sender list is the same.
Note about Mailing Lists: We are aware that mailing lists sometimes are not easy to add to your Safe Senders list as sometimes mailing lists use different behind-the-scenes sender addresses that are different each time. So if you see an email from a mailing list and your try to add it to your Safe Senders list, if you then go look at what was added to your Safe Senders list it may look like this: firstname.lastname@example.org and not who the mailing list appears to send the mail from for example something.org.
Do you continue to receive email from senders that you believe you already added to your block list? This may be because the email is not really coming from the same sender. Some spammers change the sender address each time making it nearly impossible to block their email or just like with mailing lists, they may make the behind-the-scenes sender address different but display a different email address to you.
Note that if you are using public folders, they do not support the Junk Mail feature so you can't block/allow a sender from sending mail to a public folder. Junk mail sent to a public folder will arrive in the Public Folder inbox.
If you use the "Not Junk" option on an email in your Junk folder - it will add the email address to your Safe Senders list. This may not be what you intended as you will bypass anti-spam/phishing/fraud security features for that email from now on.
We do not recommend enabling either of the "automatically trust" options for the same reason.
In Outlook, they are at the bottom of Safe Senders tab:
In the Office365 portal, they are on the Settings - Mail - Block or Allow page:
If the email is landing in your junk folder, you don't have to do anything as that's the proper place for junk/phishing email to be placed. If you are perusing your junk folder for potential legit mail that may have ended up in your junk folder, you may encounter inappropriate images/content that you may not want to see. In this case, you can review senders/subjects and just empty your junk folder once you are sure nothing legit has been placed there. You do not have to report junk mail or inappropriate mail ending up in your junk folder to anyone.
Your email may have been "harvested" from another source, something beyond your control and you are now receiving lots more junk than you ever did before. Letting Microsoft spam protection filter your email by using the "not junk" or "this is junk" features will tell Microsoft that they either let a junk mail through to your inbox (you then report it as junk from your inbox) or that a real mail was falsely categorized as junk (you then report it as not junk from your junk folder) and they will adjust their spam engine over time to hopefully categorize email correctly. Something that looks legit to you may look like junk to Microsoft.
Make sure you understand settings that may cause mail to not go where you expect it to go. We have other FAQ items about these situations:
- Have Clutter or Focused Inbox enabled? This may cause legit email to go to these locations instead of your inbox.
- Have the legacy Outlook client junk filtering enabled ? This may cause legit email to go to your junk folder.
- Do you continue to receive email from users you believe you already added to your block list?
There are actually two different Microsoft spam/junk filtering features. One is a legacy spam/junk filtering that is available from your Outlook client under Junk - Junk E-mail Options on the Options tab. This one can and should be disabled (by setting to "No automatic Filtering" as it was deprecated in 2016 by Microsoft and may cause email to end up in your junk folder that shouldn't:
However, note that the Safe and Blocked Senders tabs on the Junk E-mail Options page is still where you would control your personal Safe and Blocked Senders when using Outlook:
Options to configure the Office365 junk filtering is only accessible from the Office365 portal. You would want it enabled in order to have anti-spam/anti-phishing/anti-fraud protections. You should not disable this junk filtering - even if mail is ending up in your junk folder since it may be one of many other things that could be moving legit mail to your junk folder. By disabling this - you have NO protection from harmful phishing emails and your inbox will certainly fill with unwanted email. Instead, if legit email is ending up in your junk folder, work with your local IT to determine why.
To make sure Office365 junk filtering is enabled, once logged into the Office365 portal, click the settings icon in the top menu:
Then at the bottom of the Settings menu under "Your app settings", click Mail:
An Options menu will open on the left. Under Mail, Accounts, select "Block or Allow":
Make sure "Automatically filter junk email" is enabled:
Mail from blocked senders will still be sent to your Junk folder regardless if junk filtering is enabled or not. You'll also see your personal Safe and Blocked Senders on that same page.
NOTE: Even with "Automatically filter junk email" enabled, junk email can still appear in your inbox if you have users on your Safe Senders list. When you add email addresses or domains to your Safe Senders list - you are bypassing anti-fraud, anti-spam and anti-phishing features for those email addresses. Refer to the FAQ item about adding Safe Senders for precautions you need to be aware of.
Once you are done, you can click the left arrow next to Options to return to your inbox.
Please always report junk/phish using the Microsoft tools shown below, when they accidently make their way to your inbox. If you simply delete the emails, the anti-phish/anti-spam engine is not trained that it miscategorized the email and future emails will continue to be miscategorized. Reporting junk/phish using the Microsoft tools helps both us and Microsoft to learn about what was marked incorrectly and in the case of harmful phishing emails, to take further actions to protect others that the phishing email may have been sent to.
You may also report to your local IT that a particularly harmful phishing email was received so they are also aware of the phishing campaign.
In Outlook, use the Report Message feature to report messages in your inbox as Junk or Phishing:
In the O365 portal, use the drop down to report as Junk or Phishing:
NOTE: Junk/phishing emails can end up in your inbox if the email addresses/domains they are spoofing are in your Safe Senders list. When you add email addresses or domains to your Safe Senders list - you are actually bypassing anti-fraud, anti-spam and anti-phishing features for those email addresses. For example, if you have email@example.com in your Safe Senders List - that means if someone spoofs that email address and sends you a phishing email - it will not go to junk - it will go to your inbox. This is very dangerous! It is recommended to first check to see if you have the email address on your Safe Senders list before you report that a malicious email ended up in your inbox. As this is the reason it bypassed Anti-Spam/Anti-Phishing security checks. Refer to the FAQ item about adding Safe Senders for precautions you need to be aware of when using the Safe Senders List.
The cause of why legit mail ends up in your Junk folder is not clear cut. However, we are aware of several situations where legit email may end up in your Junk folder:
1) A change in March of 2018 made by Microsoft that sends email from mail domains that do not implement proper authentication and puts you at risk of receiving phishing/spoofed emails from them. This has been done to better protect you from receiving phishing emails. Refer to the FAQ item about this change.
2) It may not be legit at all - just appearing to be legit - maybe from a real person you'd expect mail to come from, but instead it is a phishing email masqueraded to appear to be legit and that's why it was in your junk folder to begin with. You should not assume it was a mistake and move it out of your Junk folder into your inbox because you happen to recognize the sender's name. Instead, take caution with an email that was originally found in the Junk folder before following any links or opening any attachments as it may be malicious. You can open a ticket with the BOR-SupportServices@ct.edu.
3) The sender or domain (what appears after the @ in an email address) could be on your Blocked Sender list and even if the email itself is legit, it would be delivered to your Junk folder because it was on your blocked senders list. Check your Blocked Senders list to see if the sender is listed.
4) You could have an inbox rule that is moving certain emails to your Junk folder. Check your inbox rules to see if an inbox rule may have caused it to be placed in your junk folder.
5) If you have configured a device (i.e. a smart phone) to read your email - that device may have anti-spam features that move email to a junk folder. Samsung phones have been known to do this and even if you manually move the email to the inbox, if the phone is on, the email continues to move back to the junk folder. Check your phone settings and check your phone's spam list to see if the phone is the culprit.
6) You could have an Outlook plug-in trying to manage your spam moving what it believes is junk to the junk folder. Talk with your local IT department to see if there are any Outlook plug-ins enabled in Outlook. We have seen where the legacy Outlook Junk Filter (Outlook - Junk - Junk E-mail Options) moves legit email to the Junk folder. We recommend disabling this and only use the Office365 junk filtering.
7) And of course, it could very well be a legit email that was mistakenly marked as spam. If the email doesn't look fishy at all (i.e. no questionable attachment or a link to reset your password) then mark the email as Not Junk and it will move to your inbox - using "Not Junk" also tells Microsoft they may have made a mistake and it trains the spam engines for next time. However, be cautious of doing this as it could potentially be phishing (see #2 above).
We are using Advanced Threat Protection (ATP) for Faculty/Staff Office365 accounts to protect from malicious attachments. In order to do this it needs to scan the attachment which takes time (approx 4-10 minutes). To not delay the delivery of the rest of your message, Office365 replaces the original attachment(s) with an "ATP Scan in Progress" attachment letting you know it is in the process of scanning the attachment(s) to allow you to read the body of the message:
When the attachment has been scanned, the "ATP Scan in Progress" attachment will be replaced with either the original attachment(s) if they are safe or if it was identified as being malicious, it will be replaced with an "Unsafe Attachments Blocked" message and you will not have access to the malicious attachment.
NOTE: If you are auto forwarding/auto redirecting your mail to a private email account, you may not receive the attachment after scanning. As per the Electronic Communication policy section 6 Provisions, "Employees are not allowed to conduct official ConnSCU business via private (unofficial) email accounts unless specifically authorized." If there is a need to be excluded from having Dynamic Delivery applied to an account, open a ticket with the BOR-SupportServices@ct.edu.
To protect you from malicious attachments, email attachments may be scanned upon receipt. Therefore, emails with attachments may be delayed on average between 5-10 minutes yet not longer than 30 minutes. This is to protect you from receiving a malicious attachment.
If an email arrives that fails email authentication, the subject will contain [CSCU Unverified Sender] and the body will contain the following notice:
A common tactic used to "phish" for personal information is to send an email making it appear as if it came from our network (i.e. the sender's email address ends in commnet.edu or ct.edu) and asks you to provide personal information (username, password) or click a link to fix a problem (mailbox is full, account was changed, etc). To alert you not to be fooled in cases where email is intentionally trying to trick you into providing personal information, we added this warning to these emails. If you see this on an email you believe to be legitimate, either verify the sender sent the email by using other means (i.e. phone or text) or contact your IT Staff.
Can this be a legitimate email?
Yes, in certain circumstances, email is sent from external services (surveymonkey, Constant Contact, etc.) or outside services may be used by certain departments to send email to their users. The email is made to appear to have come from a CSCU email address (i.e. <address>@ct.edu). These types of emails are expected and you can open them. However, be cautious when you see this warning when an email asks you to provide personal information or click on a link to resolve an issue as described above as you know it came from outside our network. Be vigilant and ask your local IT before providing personal information like username or passwords when you receive a request via email with this warning on it.
Note that this message will also appear on emails from a mailing list or a listserve when you or anyone from CSCU sends an email to the list.
What if these emails are legit? If this is coming from a legitimate external service that hosts CCC services, a CCC contact needs to work with their IT department to open a ServiceDesk ticket. The System Office IT will work with them to provide the needed configuration to authenticate the emails.
Mail you expect to receive could have been moved to another folder rather than finding it in your inbox (i.e. bulk or spam could be in your Junk Folder). Also, look to see if you have any inbox rules in effect that would have moved them to another location or performed an action on them (i.e. delete). Microsoft also has features to help clean up your inbox by moving mail for you to other folders, check to see if you have a clutter and if mail is appearing in there, we recommend you disable Clutter (see FAQ item on Clutter/Focused Inbox).
Add senders you wish to receive email from to your safe sender list so that mail from those senders is not classified as spam. Remember to check your block list to make sure email addresses are not in your block list. Once the user is in your safe senders list, have them resend the email to see if you receive it. Read the precautions about adding email addresses to your Safe Senders list as you can receive spoofed email from others pretending to be users on your Safe Senders list.
Remember to think about the malware protections if the expected email contained an attachment. The email could be delayed or the attachment could have been blocked due to inherit risk with the attachment type.
If you still cannot find an expected email, contact your local IT department.
Remember that you need to follow state retention guidelines for email. Refer to the state's Records Management Program (there is a section for Email) for information about retention and proper destruction of email messages.
We have documented the process you need to folllow to import mail from a locally stored Outlook Archive file (*.pst).
If people are telling you that mail you are sending is being flagged as [CSCU Unverified Sender] and is ending up in their Junk folder, it could be because you are sending mail from an unauthorized 3rd party mail server, for example a personal mail account (cox.net, godaddy, etc.). Mail from a CSCU account should not be sent from unauthorized mail servers otherwise it will be flagged as being unverified and may end up in recipient's junk folder.
However, if you are receiving email flagged as [CSCU Unverified Sender] because you receive email from an external service that hosts CCC services (like a WordPress site or a form that collects info and sends you the results), then you need to work with your IT department to open a ServiceDesk ticket. The System Office IT will work with you to provide the needed configuration to authenticate the emails. NOTE: Sometimes web forms like these are used by spammers and you end up receiving spam flagged as [CSCU Unverified Sender] and appears to come from you - this means your form needs to add form protection to protect itself from spamming robots (i.e. captcha).
You may also be sending mail using your other CSCU domain. Users have the ability to receive email from one of two different domains: a *.commnet.edu domain and another domain specific to the college (i.e. @asnuntuck.edu or @nvcc.edu). However, only one of them is your primary email address that you can send mail as. If you send mail as the one that is not your primary email address domain, your mail may end up in other user's Junk Email folders. To avoid this, find out what is your primary email address and only use that when sending out email.
You may also be posting to a mailing list on the Internet that other CSCU faculty/staff are members of. When you post to the mailing list and they receive your post, it looks to them like it came directly from your CSCU email address when in fact it came from the mailing list making it look like it came from you. There isn't that much you can do about it. If they add you to their Approved Sender's list, the email will be delivered to their inbox but the email may still be flagged as [CSCU Unverified Sender].
In the past, you may have been able to send email to a large number of users (i.e. bulk email) from your CSCU account. We are now hosted by Microsoft servers and Microsoft has a strict policy against sending bulk email. Your mail may at first be sent to a few recipients, but if Microsoft classifies you as a bulk sender, your mail may not be received at all by the recipient. You may also start to get Non Delivery Reports (an error message) sent back to you letting you know that Microsoft has indeed blocked you from sending any more outbound mail until your account is unblocked by an admin.
If this happens, you will need to contact your local IT department to unblock your account. You will still be able to receive email and you should be able to send internal mail, but you will not be able to send email to a recipient outside our organization. It may take up to 12 hours to unblock your account.
If you continue to send bulk email and Microsoft blocks you again, your local IT may need to work with Microsoft to unblock your account.
If you are sending email to CSCU students, Faculty/Staff are advised to send email to student's Office365 account. This avoids being classified as an outbound bulk mailer as mail to CSCU students does not leave Microsoft's environment.
If you need to send bulk mail to non-CSCU email addresses from your CSCU address, please contact your local IT department. If you use a 3rd party service (i.e. a mailing list) and you make the email appear to come from your CSCU account, it may be sent to junk folders or rejected.
We are using URL protection for Faculty/Staff Office365 accounts to protect you from known malicious URLs. In order to do this, Office365 rewrites the links found in emails so that when you click on the link, before it sends you to the site, it is checked against their database of known malicious URLs (those that bring you to a malicous website). If it is known to be malicious, it won't allow you to go to the site. It will look something like this:
That link shown above was in a phishing email designed to make you think the link you were clicking on was to Microsoft. In fact, the link was malicious and would have taken you to a malicious site if we weren't using the URL protection.
If you hovered over the link before you clicked on it - you would have seen the rewritten link - it contains "na01.safelinks.protection.outlook.com" and then contains the rest of the link. If you get this block page, you know it was malicious site. Just delete the original email.
Note that for some types of URLs you may see the rewritten link right in the body of the email like this:
This is OK too, it just means that the person who sent the email did not make the link "pretty" and just included a link like this: http://www.target.com right in their email. It is safe to click on links like the one shown above.
If you want to forward a link to someone outside our organization, click the rewritten link first to verify that it is not a known malicious site, then copy the real URL from the browser and send that link. Then you are not sending the rewritten link that is protected by O365 SafeLinks.
You can also use this tool to decode the rewritten URL by pasting in the rewritten link. You can then send the decoded link directly to someone.
Faculty/Staff email uses URL protection by Microsoft called SafeLinks. If you clicked on a link in an email and you were taken to an Office365 block page, it means the link was a known malicious link. See the above FAQ for Why do the links in my emails look different?.
Faculty/Staff email uses URL protection by Microsoft called SafeLinks. One of the features of SafeLinks is to scan links to downloadable content (i.e. a Word doc or PDF file) to make sure it is not a malicious document. If you clicked on a link in an email and you were taken to an Office365 "This link is being scanned" page:
This page means the linked content is currently being scanned for malware and you need to wait for the scanning to complete. It should take on average between 4 and 10 minutes to scan. After the document is scanned, if it not malware, you will be able to visit the link. However, if the linked content is indeed malware, access to the link will be blocked. See the above FAQ for I clicked on a link in an email and it told me it was blocked. Why?.
When asked to provide a message's Full Internet Headers:
Follow these simple steps for Outlook 2010 and later.
1. From Outlook, double click the email so that it opens the email content in it's own separate window.
2. In the separate window that opened showing your message content, make sure you are on the Message tab and then look in the Tags section - click the arrow icon in the lower right hand corner to open the message's Properties window.
3. At the bottom of the Properties window, you'll see an Internet Headers field. Click anywhere inside that field, press Ctrl-A to select all the text, then press Ctrl-C to copy. You may close the Properties window.
4. Now simply forward the message with the included Internet headers by first clicking Forward on the selected message, then click inside the body of the forwarded message and press Ctrl-V to paste the Internet Headers that were copied in the previous step. Forward that message to BOR-SupportServices@ct.edu
Follow these steps when in Office365:
1. Select the message by either double clicking the message or viewing the message in the message preview.
2. To the right of the message's information (Sender, Date, Recipients) you'll see a thumbs up icon and a drop down to the right of Reply options. Click the drop down arrow and select "View Message Details"
3. Wait for the Message Detail page to populate then click inside the window. Copy the Message Headers and using Ctrl-A to select all and Ctrl-C to copy. Click Close.
4. Click the down arrow again and this time select Forward, click Ctrl-V to paste the headers you just copied into the body of the forwarded message. Forward that message to BOR-SupportServices@ct.edu
Attachments identified as malware, large attachments as well as certain file types that are known to be inherently insecure or are commonly used to spread viruses are stripped from emails. Most of the file types are not commonly used in typical email communications for sending pictures, videos, etc. They are typically system files such as .exe, .jar, .dll, or .scr files so stripping these files most likely will not effect everyday email communication. But you may run into certain file types that are used in classroom settings that are also stripped due to their inherent risk.
For security reasons, we do not list all the file types that will be stripped, yet you will know if it was stripped because a footer will be added to the message body similar to this text:--------CSCU Notice-------------------------------------------------
NOTE: This email included an attachment <various reasons listed here> For more information, visit: http://supportcenter.ct.edu/Service/Office365.asp
If a compressed archive (.zip, .rar) contains files that will be stripped, the entire archive will be removed so compressing them will NOT allow it to pass the filter.
Use another method to transport these files (i.e. OneDrive cloud attachments, share it via OneDrive for Business)NOTE: The software will strip these files based on the type of file that it is, not just the extension used to name the file. Therefore, renaming the files to another extension will NOT allow it to pass the filter.
You may have seen or heard about an Office365 feature currently available called Clutter. Clutter aimed to help clean up your inbox by sorting low-priority messages into a separate Clutter folder.
How to disable Clutter from Outlook:
Right click the Clutter folder and click Manage Clutter. A browser window will launch prompting for your NetID and password:
Once logged in, uncheck "Separate items identified as clutter" and click Save.
NOTE: Even with Clutter disabled, the Clutter folder will still be visible until they decommission the feature. If there were any emails left in the Clutter folder, they will remain in there until you move them out manually.
So what is Focused Inbox?
Focused Inbox helps you focus on the most important items in your inbox and moves "other" mail to a separate folder. What appears in your Focused Inbox is based on an understanding of the people you interact with often and the content of the email. You can fine tune messages as well by moving email to the Focused folder or the Other folder.
Microsoft is in the process of rolling the feature out to all of their customers, so you may not yet have the feature available to you. This Focused Inbox link includes information on how to enable/disable it once it is rolled out to you, as well as an FAQ that will answer your questions on Focused Inbox and Clutter that you may have.