Spam and Malicious Email Filtering Policy

Background

In a 2008 report, enterprise anti-virus vendor Sophos reported that approximately 96% of all email is spam. In that same report they also state:

"The figures show an alarming rise in the proportion of spam emails sent with malicious attachments between July - September 2008, as well as an increase in spam attacks using social engineering techniques to snare unsuspecting computer users. "

The University of Denver contracts with Microsoft to provide email service for all student, staff, and faculty member email accounts. Email messages pass through Microsoft Exchange Online Protection servers and are scanned for viruses. Because viruses and worms passed through email as executable attachments are typically generated automatically and profusely by infected computers, email messages found to contain infected attachments are discarded.

Microsoft has identified a number of attachment types that have, historically, been used to exploit computer operating system and application vulnerabilities. Microsoft Outlook will block these attachments. A complete list of blocked attachments can be found at the Microsoft Office Support site.

Other Types of Malicious Emails

Not all malicious emails contain attachments. Other types of malicious emails that users may receive are:

Phishing emails. This type of email usually contains a link to a website where a user is prompted to enter credentials. The content of the email can either offer job (usually with high pay and low hours), contain a scare tactic (a common scare tactic is language indicating that a user’s account will be deleted or disabled unless the account is “verified”), or language that promises a return of funds (some common themes are IRS tax refunds, banking “errors”, and funds from a class action lawsuit)
Emails to verify that the account is active. Sometimes emails are sent to a large number of accounts to determine what email addresses are active. These emails usually contain benign text and a link to unsubscribe from a mailing list. By clicking on the link to unsubscribe, you are actually verifying that the email address is in use. The spammer can then sell the address as “verified” to other spammers and scammers.
Spoofed emails. Scammers may send an email with a trusted name, but from a different email address. These emails typically ask for a favor, and may indicate that the sender is in a meeting and cannot be reached by phone. One common request is to purchase a quantity of gift cards, take pictures of the codes and email them with promises of repayment. Always verify the actual email address that someone is emailing you from, and never make purchases for a co-worker, friend or supervisor without speaking to them directly.

Warnings

Do not open any email attachment unless you:

Know the sender. Do not accept email "candy" from strangers.
Confirm that the sender actually sent the attachment. Malicious messages may be disguised as coming from legitimate addresses. Do not open message attachments if you have any reason to suspect the authenticity of the message.

Workarounds

Please review the above warnings before opening any email attachments.

People who need to transmit potentially malicious file types may do so in several ways:

Senders can post the file on a website and tell recipients where they can download it. (This is usually the most appropriate method for distributing files to many recipients.)
Senders can rename the file before attaching it and provide recipients with instructions for changing the file name back to its original value.
Senders may encrypt the attachment or the message and provide instructions to decrypt it upon receipt.

Important: These techniques are sometimes used by criminals in an attempt to spread malware. The recipient should still heed the WARNINGS given above AND have up-to-date anti-virus software installed and working on their system.

Spam

In addition to scanning email for malicious attachments, Microsoft Exchange Online Protection also scans for harmless - yet unwanted - "spam" email. Email that Microsoft servers determine is spam will be delivered to your Junk email folder. No computer system can perfectly predict whether you will consider a particular message to be spam. Some desirable messages will be delivered to your Junk email folder and some spam will be delivered to your inbox. It is important that you periodically check your Junk email folder for legitimate spam. Items in your Junk email folder will expire after 29 days.

Email filtering

IT@DU may retract emails that are determined to be malicious, from both internal and external senders. Individual users may block specific email addresses from emailing them, or if it is determined that a particular email address is sending malicious emails to a large number of @du.edu email addresses, the address may be blocked entirely.

Emails that are mistakenly classified as spam or malicious should be reported to abuse@du.edu.

IT@DU has also implemented Proofpoint to provide an additional layer of protection against malicious and spam emails. Spam and bulk emails are quarantined and a daily digest is sent to everyone who has emails in quarantine each morning. You can read more about Proofpoint on the IT website.