This site requires JavaScript to be enabled
Welcome|
Recent searches
IE BUMPER

University disclaimers on external, suspect, or malicious email

Number of views : 5156
Article Number : KB0011401
Published on : 2019-05-09
Last modified : 2019-05-09 19:46:04
Knowledge Base : IT Public Self Help

Summary

  • UT Austin faculty and staff are increasingly targeted by clever phishing attacks
  • Many modern phishing techniques rely on either mail clients not displaying full sender information, or users ignoring this information
  • Providing additional information to recipients can help to mitigate these attacks
  • If you see a message from someone you think is a member of the university, but the message is tagged as external, then this should be a hint that something could be wrong
  • The external disclaimer is applied to all messages from non-University senders, unless the entire external organization (not an individual sender) has been explicitly whitelisted
  • UTmail personal accounts (current students, alumni, retirees) will soon stop receiving these disclaimers

 

 

Contents
 What Is Changing?
 Why Is This Changing?
 Replacing Existing Notices
 Plain Text Email Clients
 Frequently Asked Questions

 

What is changing?

Starting 5/3/2019, Office 365 Exchange & UTmail users will begin to see disclaimers inserted into certain received or, in extremely rare cases, sent messages. These disclaimers are meant to make the recipient aware of message attributes that could indicate that the sender is misrepresenting who they are, or that the email contains possibly unwanted or malicious content.

The most frequent message disclaimer will warn when a message is sent from a source external to The University of Texas.

 

 

 

Occasionally, a red disclaimer will appear indicating that the external sender shares the name of someone internally. If the sender of one of these messages claims to be someone representing the University of Texas, then this disclaimer is a good indication that the sender could be fraudulent.

 

Why is this changing?

The purpose of this disclaimer is to make the recipient aware that the message originated from outside of our organization. Increasingly, the university is targeted by phishing attacks that leverages some form of email spoofing. Email spoofing involves an external email address impersonating a staff or faculty member in order to mislead, manipulate, and scam an unsuspecting victim. A more obvious version of a spoofed, or impersonated, message can be seen below.

 

The context of this message, combined with the new external message disclaimer, should indicate to the recipient that the sender is not really who they say they are. In this case, the message can be deleted and the sender can be blocked in your local outlook client. Don't hesitate to report particularly egregious or offensive phishing or spoofing emails to the ITS Email Team by forwarding the message as an attachment to postmaster@utexas.edu.

More information about phishing and spoofing can be found at the Information Security Office Phishing Outreach page.

 

Replacing existing notices with body disclaimers:

Existing [UTEXAS: SUSPECTED SPAM] and [UTEXAS: POSSIBLY MALICIOUS CONTENT] subject line warnings will be replaced with the new body disclaimers:

 

 

More information on why those disclaimers may appear on an email can be found in KB0011402 and KB0011404.

All email disclaimers are intended to encourage you to exercise caution and are not authoritative on whether the sending email is safe or malicious.

 

Plain text email clients

If your email client only displays plain text, an alternate text-only version of the above disclaimers will be displayed:

>> This message is from an external sender. Learn more about why this <<

 

 Frequently Asked Questions

 

Why do some of my email messages get flagged and others do not? Who gets the disclaimer?

Messages sent from email services that are not on our list of approved senders are considered "external."

  • Sender must NOT be:
    • An O365 account
    • A UTmail business account
    • Any of our internal systems
    • A trusted service provider (including but not limited to):
      • Box
      • Regroup
      • Workday
      • Email marketing companies we've identified as having UT customers, but only when sending on behalf of those customers
  • Recipient must NOT include a mailing list hosted on UT Lists
  • Message must NOT have an S/MIME signature that the disclaimer would break

Internal email services includes messages sent from an O365 account, UTmail business account, email sent through our relay, and various approved bulk email services used for university communications. This list is currently in flux as users report additional trusted service providers that should be considered internal.

I understand the risks of phishing scams and cannot be phished. Can you turn off the disclaimer for my account?

We are not able to turn off this security feature for individual accounts. Our goal is to protect campus from phishing and spoofing attacks, these efforts require the participation of our entire community as no one is immune from these attacks.

I frequently receive email from colleagues at other universities and institutions that are tagged as external. Can we remove the disclaimer for them?

We are not exempting external institutions from the disclaimer at this time. The external disclaimer is meant to notify you of this scenario.

My workflow is disrupted. The warning message takes up too much space in my Outlook preview pane. How do I fix this?

Thank you for bringing this issue to our attention. We have moved the disclaimer to the bottom of messages to minimize disruption to workflow.

Why is an email from a vendor, trusted service provider, or external service not tagged as external? Does UT consider them internal?

Not necessarily. Some external senders and bulk email services used for university communications have been added to our approved senders list, allowing them not to be marked as external. In addition, just because a message does not have the external disclaimer does not necessarily mean that the sender should be indiscriminately trusted.

Can I remove the disclaimer when I reply back to my external contacts?

You are able to delete the disclaimer when composing a response to an email.

I use a bulk mailing service to send out newsletters on behalf of my department/organization. Why do my messages have the external disclaimer?

Only approved senders have been marked as internal. If you are sending official university communication, please contact the UT Service Desk with the following information:

  • Sender email address being used to send on behalf of UT
  • Vendor-supplied information regarding anti-spam technologies

These requests may require a security exception from the Information Security Office.

I am an UT Austin Alumni and I do not need a reminder telling me that every email message is from outside of UT Austin. Can you get rid of this?

We are considering the technical implementation to exempt alumni from these disclaimers.

Why are only UT Mail business accounts considered internal? Does this mean that faculty getting email from students on UTmail will see the message every time?

We have made the distinction between personal and business accounts when determining internal and external senders because personal business accounts are more often compromised. They are more likely to be used to send spam or phishing email due to no additional second factor authentication security requirements. This means that faculty receiving email from students or alumni using UTmail will see the external disclaimer. This will be fully implemented shortly.

Thank You! Your feedback has been submitted.

Feedback