On Tuesday 18 July 2023, Digital and Technology Services will be enhancing university email protections to help prevent people receiving phishing messages, viruses, and spam emails.

With 90% of cyberattacks starting with malicious emails, these enhancements form a key part in the protection of our systems and data.  

Care should be taken when reviewing all emails. If you are unsure about the content of any email, please contact our help and support teams for advice. 

The change on 18 July will replace our existing email filtering solution, PureMessage, and replace this with Microsoft’s own security service, Defender. A summary of the new enhancements are explained below:  

Visible phishing indicators

Multiple phishing indicators are now visible in emails to help you identify messages that may not be legitimate.  

1. Adding a question mark to the sender’s photo if a message is detected as potentially being phishing 
2. Adding “via” tag to a senders email address (John Smith <john@contoso.com via fabrikam.com>) when the sender’s email address and sending servers do not match. 
3. Adding a “first contact” safety tip the first time you get a message from a new sender, or a sender that does not often contact you

Checking of links in Emails, Office documents and Teams message

An additional layer of protection has been added to check links in emails, Teams messages and office documents for any phishing or malware as the time that you click them and will block access to malicious content.

Scanning links at the time you click them helps prevent cases when malware is added to a site just after the email has been delivered to your inbox. 

Enhanced checking of attachments

All email attachments are now comprehensively scanned for viruses and malware before they are delivered to your inbox.

As the full scan can take several minutes to complete, messages may be initially delivered to your inbox with just a placeholder message informing you an “ATP Scan In Progress” and a link to a safe preview of the message.

As soon as the scan has completed the placeholder is removed and the attachments are made available as normal. 

Integrated quarantine with the ability to review and self-release messages that are held

While the detected malicious messages are automatically blocked, messages where the systems are unable to determine if the message is legitimate or malicious may be quarantined.

From the 18 July future quarantines messages will continue from ‘reports@nottingham.ac.uk’ informing you that one or more messages are being held in quarantine.

Further details for the quarantine process can be found on the Microsoft website.