Email Security Tools
As more information goes online, cyber threats are increasing across industries, including higher education. One particularly prevalent form of cyber threat is "phishing," fraudulent email that attempts to trick email recipients into revealing private identifying or financial information in order to use the information for illicit or illegal purposes. Malware can also be introduced through email.
To improve email security and protect account holders from cyber scams and malware, Instructional Innovation and Technology (IIT) continues to increase security in the university's email system by adding the following tools.
Tag in Email Subject Line, Banner to Help Recognize Messages from Outside Senders and More Safety Tips
An [External] tag in email subject lines identifies messages from senders outside of the university. A banner also marks messages that come from senders outside the university in the Office 365 faculty and staff email system. The banner is visible at the bottom of email messages and can help you verify a sender's identity. If a message claims to be from a sender at the university but shows this banner, double check the message is from an expected email address or contact the sender.
You will also see some additional safety tip banners at the top of messages that are generated by the system to help point out elements of potential heightened risk like senders you haven’t previously heard from.
Why these Indicators of External Email are Important: Preventing Phishing and Spoofing
Knowing an email is from an external sender can help you more easily identify phishing, messages that claim to be from a reputable source while trying to get you to reveal personal information like passwords or financial account numbers, as well as spoofing, impersonation of university account holders by an outside entity in order to attempt to defraud other system users.
Examples of such fraudulent messages can include tricks like trying to get an employee to enter a password in a fake website to gain access to accounts or pretending to offer students phony scholarships or work opportunities to convince them to reveal their financial information.
To see more of the subject line in the desktop or browser version of Outlook, it is possible to enlarge the area displaying the subject line. (When the pointer becomes a , drag the edge between the pane with the subject line and email display area to the preferred size.)
Microsoft Quarantine Service
Microsoft Quarantine service filters email that could be fraudulent, may contain malware or otherwise poses a security risk to prevent it from reaching your inbox. Messages the service determines may pose a risk are separated and held in a protected area rather than directly delivered to your account. Nightly email digests list which emails have been filtered so that you can safely preview and release messages you know are secure if a message is filtered in error. You can check the list of your quarantined messages at any time by logging into: www.gsu.edu/quarantine.
How to Review and Release Quarantined Messages | Reporting Junk and Phishing Emails
Domain-Based Message Authentication, Reporting & Conformance (DMARC) Policy
The Domain-Based Message Authentication, Reporting & Conformance (DMARC) policy requires verification of email messages claiming to come from the university if the messages are sent from systems outside of the university's official Office 365 Faculty/Staff Email System or the PantherMail Student Email system. Salesforce, MailChimp and Constant Contact are systems that can be used additionally, but require verification. When users are set up to send in Salesforce, verification is taken care of by the support team. Follow these instructions for MailChimp and Constant Contact. To make sure a system is verified to send as a legitimate university email address sender, submit:
Form to Submit an Email Address for Verification
Verifying Email Addresses: If a legitimate email, sent from an @gsu.edu or @student.gsu.edu email address or from a contracted university vendor is not being delivered to recipients, the system or email address may need to be verified by our security team. Submit the Email Address for Verification Form
Have a Cybersecurity Question?
Email the Cybersecurity Team: