Email security

What is email security?

Email security involves the actions taken and security tools used to protect against email-borne threats and malware to minimise the likelihood of related information security incidents. The University has implemented enhanced email security tools. 

The first of these tools is an email gateway, which can filter all inbound messages from external sources with the ability to stop messages before they are delivered to your inbox. The second tool is a cloud security tool that integrates with Nexus365 and allows for finer grained delivery filtering as email arrives. This tool filters messages sent from internal addresses, as well as offering extra checking of messages received from external sources. The cloud security tool continuously scans all mailboxes for malicious content – including post delivery – and removes messages according to the University's email policy.

This pages provides an overview of the email security policy and explains how to reach out to the email security workstream team for support.

Note that the introduction of these tools is an infrastructure change that does not require you to take any action.

Email security policy overview

The email security policy comprises the following active checks:

  1. Sender fraud protection:
    The email gateway uses several methods to combat certain techniques often used in phishing and email spam, such as emails with forged sender addresses that appear to originate from legitimate organisations. This includes sender address verification, IP reputation checkswhitelisted approved sendersSender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), Domain-based Message Authentication, Reporting and Conformance (DMARC).
  2. Malware or malicious code detection:
    The email security solution takes actions on messages that contain malware, worms, or other malicious code. Depending on the type of the malware, the solution cleans messages and attachments that can be safely removed from the contents of the infected file, resulting in an uninfected copy of the original message or attachment. The message is either stamped by the email gateway with a note that it is being cleaned or the attached is replaced by cloud security with a text file. Messages that cannot be cleaned are not delivered or removed from mailboxes and the original recipients receive a notification. Please see malware or malicious code detection for policy information.
  3. Phishing detection:
    The email security solution attempts to identify phishing messages and stops delivery or removes such messages from mailboxes. The original recipients receive a notification.
  4. Web reputation:
    The web reputation technology assigns websites a "reputation" based on an assessment of the trustworthiness of a URL, derived from an analysis of the domain. The email security solution stops delivery or removes messages containing high risk disreputable URLs from mailboxes. The original recipients receive a notification.
  5. Social Engineering Attack Protection:
    Social Engineering Attack Protection detects suspicious behaviour related to social engineering attacks in email messages. The email security solution stops delivery or removes messages with a high confidence in suspicious behaviour from mailboxes. The original recipients receive a notification.

Furthermore, the email security tool provides additional passive checks:

  1. Spam detection:
    The email gateway filter introduces additional email headers reflecting the email security solution's confidence in the message being spam. This does not affect the Nexus365 spam filter or OxMail content filtering service. For policy information about spam detection.
  2. Business Email Compromise (BEC):
    A BEC scam is a form of phishing attack where a fraudster impersonates a high profile executive, for example, the CEO or CFO, and attempts to trick an employee, a customer, or a vendor into transferring funds or sensitive information to the fraudster. The email gateway filter marks messages with suspect business email compromise using an additional email header and the cloud security delivery filter then moves messages to the Junk folder.
  3. Greymail:
    Greymail refers to solicited bulk email messages that are not spam. The email gateway filter detects and marks marketing messages and newsletters, social network notifications, and forum notifications as greymail messages using an additional email header.

Support for university members

Our Frequently Asked Questions page should help you with any further queries.

The introduction of additional email security tools is a transparent change only resulting in less malicious content being delivered to mailboxes. Please continue to report any issues related to email to the Service Desk and if you have specific concerns related to the email security solution, please explicitly state this being related to the email security product including a description of the problem. The Service Desk will escalate this to the responsible team. In case you believe a message has been withheld by the email security solution (see phishing, web reputation, and social engineering attack prevention above), please provide us with the following information: sender address, date and time the message was sent, and the subject line. We will only be able to check the message logs when this information is provided.

Support for IT Support Staff

Please see the following page for more information on the email security system for registered ITSS.

If you have any issues with emails being delayed, stopped, or an expected email has not been delivered, please contact emailsecurity@infosec.ox.ac.uk or the team's Chorus extension 82222 for support rather than contacting the Service Desk via https://help.it.ox.ac.uk/get-support

We will need to know the following information in order to investigate the logs in the email security gateway: 

  • Email sender

  • Email recipient 

  • Subject line 

  • Approximate time the email was sent. 

Support contacts

To report any issues related to email security, please contact the IT Services Service Desk.

IT Support Staff to contact OxCERT.

About this service

This service is provided by

OxCERT logo

For more details about service governance refer to the service catalogue entry.