Email Security - Frequently Asked Questions

Table of Contents

  1. An expected email hasn't arrived - where has it gone?
  2. A newsletter or my bulk-emails are being delayed. 
  3. An Office document from a known sender is removed - what should I do?
  4. Why was this email or file not removed?
  5. An email was blocked due to the sending server's IP reputation, can you whitelist the server or the sender?
  6. Key resources

Introduction

Below is a list of commonly asked questions concerning email security.

If you have any questions about email security that is not answered below, refer to your local IT Support or the Service Desk. 

An expected email hasn't arrived in my inbox - where has it gone?

If you suspect that an email has been stopped please contact the Service Desk. 

Please provide the following information: sender address, date and time the message was sent, and the subject line. Only given this information we will be able to check the message logs.

If you are a member of ITSS please contact emailsecurity@infosec.ox.ac.uk or in urgent cases the team's Chorus extension 82222 for support rather than contacting the Service Desk.

My newsletter or my bulk-emails are being delayed

The University's email security gateway has a limit of 300 messages per minute per sending IP address. Volumes of email over this are temporarily deferred until later, when message can be retried and delivered onwards. The Email Security Team has investigated cases involving well known bulk-email software (e.g. MailChimp, Adestra) and email will  be delivered once the rate has fallen below the limit.

An Office document from a known sender is removed - what should I do?

Office documents (such as .XLSX, .DOCX, .PPTX, and others) can be made up of many compressed files. The email security gateway scan engine attempts to check these files by decompressing them, as it would any other compressed file and if the file contains too many files, will treat the file as suspicous, even when the document itself is not.

If you are having problems sending or receiving such files, you could consider either using an alternative method such as the University's OxFile system. If you are sharing documents with people with the University, you may also wish to consider using the Nexus 365 OneDrive features.

Why was this email or file not removed?

If an email containing suspicious content makes it past the security products please use the Oxfile Service (guide) to send it to us at emailsecurity@infosec.ox.ac.uk. Please include the following information: sender address, date and time the message was sent, and the subject line.

An email was blocked due to the sending server's IP reputation, can you whitelist the server or the sender?

Messages can be blocked if the sender's email server has a bad reputation and is listed on one of the RBLs (Real-time Blackhole List) used by our security tools. These lists are the first check before our servers even start an email transfer with the sending party. This is to protect our infrastructure from denial of service attacks and protect against spam. RBLs were used by the University prior the introduction of the enhanced email security tooling. The new tools are a widely adopted industry standard solution that facilitates a wide variety of high profile RBLs to decide whether a sending server should be allowed to transmit messages or not. As the RBL based decision is made prior the actual email dialogue, we won't have a sender address to whitelist against. However, we can always ask for an IP address to be removed from a RBL, but the most simple solution is for people to not use low reputation mail servers.

To ask for a mail server to be removed from an RBL, please send us the message in question including full email headers to emailsecurity@infosec.ox.ac.uk.

Key Resources

Support Contacts

To report any issues related to email security, please contact the IT Services Service Desk.

IT Support Staff to contact OxCERT.

About this Service

This service is provided by

OxCERT logo

For more details about service governance refer to the service catalogue entry.