Email Protection Strategies

ITS has implemented a number of email protection strategies to protect the personal information of students, faculty and staff. See details below:

Millions of messages with criminal or junk intent are prevented from reaching the inboxes of our faculty, staff, students and alumni, every day !

Temple's email infrastructure works 24/7 to protect our users and Temple's systems from malicious and nuisance attempts to disrupt business, steal identities via phishing schemes and other social engineering means, embed ransomware and other malware, and wreak general havoc. Among our toolkit to provide protection, Microsoft employs the latest security technology using threat data, artificial intelligence and machine learning.

Microsoft's threat analysis determines when:

• to deliver a piece of mail to your inbox
• direct a message to your junk folder
• completely prevent delivery to our system based on credible threat intelligence

Internet Domains with Poor Reputational Ratings

What triggers Microsoft to prevent delivery of an email? When an entity (domain) sends an excessive amount of spam or other illegitimate messages, Microsoft and associated security sources will assign it a poor reputational rating and prevent the delivery of messages from that entity. The email from that location is rated as too unsafe for delivery.

Only when the entity corrects the issue and their reputational rating improves, will emails from them start to be delivered again. An example of a domain that has exhibited a poor reputational rating is Weebly, from which Microsoft’s automation detected an excessive amount of illicit mail traffic for several months.

The majority of top research higher ed institutions are now using the Microsoft platform for their email management. Please note that when Microsoft prevents delivery from a specific domain, no organization using Microsoft Outlook 365 will receive email from that domain. This preventive action is not specific to Temple University, so when mail is blocked at Temple, it is blocked at all the Microsoft-managed locations. Similar artificial intelligence is used by Google, Comcast, Verizon, Yahoo, AOL or any other reputable email provider.

How do I manage my email with this type of automation?

Email that is deemed risky, but not blocked, will be sent to your junk mail folder and retained for 30 days. You should check this folder periodically, especially when you are specifically expecting email from a non-Temple colleague or external vendor and have not received it in your inbox. Be careful, however, to make sure any links or attachments in the message are expected before clicking on them .

You won't know if email has been outright blocked. If you haven’t received email from a specific location in a while - and you have not set any filtering, either intentionally or accidentally - then it is possible that the sender has developed a poor reputational score. ITS advises that you do not include an external Temple link in a signature file as a matter of practice. Your email messages could be blocked if that external site develops a poor reputational score.

Please note: Although there are Microsoft support websites that reference Outlook 365 quarantine fuctionality, these features are not used in Temple's Microsoft environment.

What local Temple resources are available so I can avoid external website hosting?

There are some Temple-hosted resources available that can help you avoid security issues that can occur with external site hosting.

Temple offers individual, departmental or research center website hosting capability at sites.temple.edu . For more information, visit the sites.temple.edu help site .

To better protect the Temple community from increasing and unrelenting cyber security threats, email forwarding to external, non-Temple addresses for faculty and staff is disabled.

Disabling mail forwarding is becoming a best practice for user identity and data protection. Our IT support staff has seen the forwarding feature exploited first-hand when assisting users whose accounts have been hacked. This practice is also in accordance with our university policies to conduct all Temple-related business/correspondence via Temple email:

• Temple University Email Policy
• Temple University Remote Work Policy

Implementing the New Policy
As of Friday, June 18 2021, faculty and staff no longer have the ability to automatically forward Temple Outlook 365 mail to external non-Temple affiliated email addresses. (Forwarding individual email messages to external and internal recipients will not be affected.)

Temple affiliated email addresses include Temple University Health System (@TUHS.temple.edu), Fox Chase Cancer Center (@FCCC.edu) and WRTI Radio (@WRTI.org).

If an employee attempts to forward all their email to an external non-Temple affiliated email address, they will see an automated message similar to the following:

​​​​​​​​​​​Students and Alumni
While it is strongly discouraged to do so, students and alumni can automatically forward their Temple email to external non-Temple affiliated email addresses.

Phishing scams remain one of the top cybersecurity threats across the university. They can take the form of email scams by impersonating people we know. The majority of these types of scams start with a message originating from external email systems. As part of Temple's effort to reduce phishing and other email scams, all emails from external senders now include an [External] tag in the subject line.

No additional scanning, filtering or sorting of email is performed. If the message originates from a non-Temple University system then [External] is added to the beginning of the email subject line.

Please note that an [External] tag does not always mean that the message is unsafe or illegitimate. The purpose of the tag is to prompt the user to apply an appropriate level of scrutiny when reviewing the contents of the message in question.

In some cases, after a thorough review from ITS Information Security, messages from specific trusted external email systems may be excluded from the [External] tag. In these cases, you are still advised to proceed with caution.

A sample message showing the [External] tab appears below:

Outlook 365 enables you to encrypt messages sent to other Temple Outlook 365 email accounts or to accounts outside of Temple. If you are sending a message containing HIPAA Protected Health Information (PHI), Personally Identifiable Information (PII) or other confidential/sensitive information , make sure to encrypt it as shown below.

Note: The encryption feature is not currently available to alumni.

Sending an Encrypted Message

 

• Web
• Desktop
• Mobile

 

‹ Prev

Next ›

«

1

»

Page 1 of 1

---

 

Begin typing your message. On the Options tab, click the lock icon and choose one of the following:

► Encrypt
Least Restrictive: The recipient can view your message and perform all functionality.

► Encrypt-No Forward
More Restrictive: The recipient can view your message or include your message in a reply or reply all. The recipient cannot forward, copy or print your message.

 

 

 

‹ Prev

Next ›

«

1

»

Page 1 of 1

---

 

Begin typing your message. On the Message tab, click Sensitivity , Encryption and one of the following:

 

 

 

‹ Prev

Next ›

«

1

2

3

4

»

Page 1 of 4

---

 

Begin typing your message. Then at the bottom of the screen, tap the three dots:

 

Page 2 of 4

---

 

Tap Add Sensitivity .

 

Page 3 of 4

---

 

Finally, tap one of the following:

► Encrypt-Only
Least Restrictive: The recipient can view your message and perform all functionality.

► Encrypt-No Forward
Medium Restrictive: The recipient can view your message or include your message in a reply or reply all. The recipient cannot forward, copy or print your message.

► Encrypt-View Only
Most Restrictive: The recipient can view your message only.

 

Page 4 of 4

---

 

A small lock icon will then appear next to the subject indicating it will be encrypted when you send the message.

 

 

 

Receiving an Encrypted Message

 

• Within Temple - Desktop & Web
• Within Temple - Mobile
• Outside of Temple

 

‹ Prev

Next ›

«

1

»

Page 1 of 1

---

 

If you receive an encrypted email from another Outlook 365 user at Temple, it will open normally but will contain one of the following messages at the top, indicating the actions you can perform:

​​​​​ Encryption\Encrypt-Only
You can view the email message and perform any function.

Encryption\Encrypt-No Forward
You can view the email message or include it in a reply or reply all. You cannot forward, copy or print the message.

Encryption\Encrypt-View Only
You can view the email message only.

 

 

 

‹ Prev

Next ›

«

1

»

Page 1 of 1

---

 

The mail message will then appear with a blue lock icon at the top right indicating it is encrypted (​​​​​​​ ). If you tap this icon, you can see what  action(s) you can perform:

 

 

 

‹ Prev

Next ›

«

1

2

3

»

Page 1 of 3

---

 

If you send a message to someone outside of Temple, the recipient will first be prompted to read the message.

 

Page 2 of 3

---

 

They will next be prompted sign in with Google or with a One-time passcode (which will be emailed to them). Once they sign in, the message will then appear:

 

Page 3 of 3

---

 

The mail message will then appear with a message at the top, indicating it is encrypted along with the action(s) you can perform:

► Encryption - Encrypt-Only

You can view the email message and perform any function.

► Encryption - Encrypt-No Forward: Encryption View content, Reply, Reply all and no forwarding, no printing.

You can view the email message or include it in a reply or reply all. You cannot forward, copy or print the message.

► Encryption - Encrypt-View Only: This will encrypt and only allow viewing.

You can view the email message only.

 

 

 

Safe Links is an Advanced Threat Protection feature in Outlook 365 that scans hyperlinks in an email message for known malicious content or for content that Temple Information Technology Services has found to be unsafe. It provides a robust first line of defense against phishing scams, as it enables us to supplement Microsoft’s pre-determined security protocols with Temple's own security threat assessments.

The service works by updating the hyperlinks to flow through Microsoft's Advanced Threat Protection Safe Links service. In most cases, you will not be aware of the service, as the actions are taken in the background. You will, however, be aware of this service in the following cases:

Hyperlink Marked Malicious by Microsoft
When a hyperlink is marked malicious by Microsoft, you will see a message similar to the following:

Hyperlink Marked Malicious by Temple Information Technology Services
When a hyperlink is marked malicious by Temple Information Technology Services, you will see a message similar to the following:

Messages Sent in Plain Text Format
When a message is sent in plain text format, the hyperlinks are replaced with a Microsoft link ( https://​nam10.safelinks​.​protection.outlook.com ) followed by a long string of characters:
​​​​​​​
​​​​​​​

Consider Adding a Signature to Set Expectations
If you send plain-text emails or have an app that sends plain text emails, consider adding a signature message similar to the following that sets expectations for the recipients:

Temple University e-mail is protected by Advanced Threat Protection Safe Links by Microsoft. Hyperlinks in this e-mail may display with a fairly long format that begins with ‘nam10.safelinks.protection.outlook.com’.

Some emails with an @temple.edu email address actually originate from outside of Temple or from an internal application (other than Outlook 365, Listserv or Xerox Printers).

If your department sends emails that fall under one or more of these conditions, the email must comply with Temple's Sender Policy Framework (SPF). Otherwise, they will not be delivered.

To learn more, see the Sender Policy Framework page.

ITS uses spam filters to block suspicious emails from getting through to the university. In certain rare occasions, ITS allows for exceptions to this process by adding an email address to a safe sender list.

To qualify for this exception, the request must undergo a thorough security review, showing that the sender is highly trusted and that the emails need immediately delivery. One such example, would be TUalerts .

Departments can request the following email services through the tuhelp.temple.edu website:

• Disable the [EXTERNAL] tag for senders that should appear as internal to Temple
• Register a vendor's fully qualified domain name or IP address as authorized to send on behalf of Temple per the Sender Policy Framework
• Review an email address to be whitelisted to bypass the university spam filters

Contact the Technology Support Center at tuhelp.temple.edu or by calling 215-204-8000 .