The University's email protection service significantly reduces the number of malicious emails that get delivered to your inbox, but no system is perfect. While email protection already blocks more than 50 million malicious emails every month, there is still a significant amount of highly targeted phish and malware that gets past these initial defenses. Post-delivery email removal helps protect the University from threats the system initially missed and did not block before they were delivered.
Post-delivery email removal is especially valuable if a University account is compromised and used to send malicious messages to other University individuals, as the University's email protection system does not filter messages sent from one University account to another University account.
You can select a topic below to learn more about how malicious emails are removed through the email protection application.
Contents
- What types of emails are getting removed from mailboxes? What is considered an information security risk?
- How does the University know what is malicious and what is not?
- How will I know if an email is removed?
- Where did my email go if it was removed?
- Can I retrieve the malicious email that was removed?
- Can I opt out of post-delivery removal?
What types of emails are getting removed from mailboxes? What is considered an information security risk?
Any email message that tries to evade security controls or trick University individuals into sharing sensitive information is an information security risk. Some common email threats include:
Phishing: A type of email scam that impersonates a legitimate third party, such as posing as a bank and trying to get account information or pretending to be the IRS and asking for social security numbers. Often, these emails link to malicious websites and ask you to enter information that is sent to large numbers of recipients.
Social engineering: Manipulation intended to make you give out confidential information or take illegal actions; this type of scam is often more targeted than phishing. For example, a common social engineering scam involves asking individuals if they are "in the office," then the scammers try to get the potential victim to buy iTunes gift cards. Social engineering can take many forms via email.
Viruses or ransomware: Emails can contain malicious attachments or programs that attack your computer directly. Ransomware is a specific type of virus that encrypts your data, rendering it inaccessible unless you pay a ransom.
How does the University know what is malicious and what is not?
IT Services' email protection system uses multiple layers of technology to detect threats. An automated system scans for malicious content and malware, as well as attacks like phishing and impostor email (e.g., when an attacker pretends to be a colleague or friend of the recipient.) It assesses the sender by analyzing various email attributes, including the sender/recipient relationship, headers, and content.
Faculty, staff, and students also regularly forward suspicious emails to University Information Security. After receiving these emails, the Information Security team investigates by analyzing the components of the reported email.
Emails will be removed after they've been identified as malicious by the University's automated email security tool. IT Services will only have access to a University email message once an email has been identified as malicious. From there, designated IT Services personnel may review malicious messages then remove them from a user's inbox, only if IT Services determines that doing so is reasonably necessary to protect the University's network, systems, or users.
How will I know if an email is removed?
When a malicious email is removed it will not appear in your Quarantine or in your Quarantine Email Digest. Instead, a new message will be left behind in your inbox, indicating an email was removed. An example is posted below for reference:
Where did my email go if it was removed?
The malicious email is moved to a protected mailbox. Once there, the messages will only be reviewed by IT for the ongoing improvement of email security processes.
Can I retrieve the malicious email that was removed?
Malicious emails cannot be retrieved by the recipient once they are removed. Please contact security@uchicago.edu with questions.
Can I opt out of post-delivery removal?
Malicious email post-delivery removal provides protection for all members of the University email community. It is not possible to opt out. Please contact security@uchicago.edu with questions.