At the University, there are a number of measures in place to try to protect you from receiving malicious or unwanted email.
When an email is sent and received, it goes through a number of checks:
- Checks at Source
security checks are likely to be made by the sender's email provider.
- Transmission over the internet
Email successfully leaving the sender's site, will pass over
the internet to the destination address site. Usually it will pass through one
or more relays in order to route it to the correct site.
the email passes over the internet, entries are added to the email
header identifying the relays.
The receiver can then determine the
route taken by looking at the headers in the email.
- Real Time Blocking Lists
When it arrives at one of the University's core email servers,
real-time blocking lists (RBLs) are used to decide if it is
safe to accept the email at Leeds. - See Real-time blocking lists
- Core Email Server Whitelist and
Following checking against the RBLs, local
blacklist and whitelist files are consulted to
see if the email should be passed on for virus and spam checking - see Core Server Blacklists and
Once email has passed the last two tests, it will be passed on to be analysed
by PureMessage, our virus/spam checking software.
software is highly configurable, and administrators at the University can decide
the sequence in which analysis is carried out and what actions to
take if certain conditions are met.
- Virus Scanning
Initially the message is checked for
viruses. If it appears to contain a virus, the email will be rejected, with an
appropriate message being sent back to the sender.
- Attachment Checks
Following virus scanning, PureMessage will remove any
attachments which appear to be suspicious.
If an attachment is removed, a message will be added to the subject of the
email to tell you this has occured.
- SPAM Probability Calculated.
At this stage the SPAM probability of the message is
calculated (ie how likely it is that the email is SPAM).
This measure will be used to determine various actions to be
- PureMessage Managed Quarantine Whitelists
Before using the SPAM percentage to determine if a message
should be quarantined, PureMesage consults internal whitelists. These
whitelists determine if the message should be automatically passed on to you regardless of the measured SPAM count.
A global whitelist is managed by the
email administrators but in addition you can manage your own whitelist.
- Puremessage Managed Quarantine Blacklists
Internal blacklists are consulted after the whitelists to
determine if a message should be automatically quarantined regardless of the
measured SPAM probability.
As with quarantine whitelisting, you can manage your own blacklist.
- Quarantining of email with SPAM
probability >= 50%
If the message reaches this test and has a SPAM probability equal to or greater than 50%, the message
will be quarantined.
You will get a daily digest
which lists any emails that have been quarantined in the last 24 hours. You can
use the information in this list to decide if you want to release any of the
messages from quarantine.
The digest will include messages quarantined due
to blacklisting as well as those quarantined because the SPAM percentage is
Malicious email and scams
The University is currently seeing an increased amount of malicious email. The latest attack appears to have tricked a number of colleagues; at least one person has had their personal bank accounts compromised. Please read the rest of this email to ensure you are aware and prepared.
What do we mean by Malicious email
In this context malicious email is one which has been sent with criminal intentions for example:
- Phishing emails - An email designed to trick you into revealing your password or other details, possibly by asking you to follow a link in the email. The link in these emails actually takes you to a malicious website which may look very realistic, but in fact is controlled by criminals.
- Malware attachment An email designed to trick you opening an innocent looking attachment which actually contains malware. Malware is an umbrella term used to describe hostile software. Examples of malware are:
- Ransomware Malicious encryption of your files with a ransom demand for a password to restore them
- Keylogger Hidden software that monitors your key strokes to get your username and passwords to websites (such as your online banking credentials)
What are IT doing to protect me?
The University has sophisticated filters that attempt to protect you from ever receiving malicious emails and spam emails (unwanted adverts). All computers supported by IT have antivirus software installed which acts as a second line of defence. Unfortunately, the perpetrators of malicious email are aware of these defences and are constantly innovating, and the latest attack is sophisticated in that no two emails are the same. If you do receive a spam email you can forward it as an attachment (Control + Alt + F) to email@example.com. This will allow it to be added to our spam filters which will automatically block such emails in future.
What can I do to protect myself?
Please be extra vigilant when opening emails. Remember:
- Be very wary of email attachments - if you're not sure who an attachment is from or whether it is genuine, do not open it.
- Never allow macros (eg in Word or Excel) to run unless you are sure they are genuine and safe.
- The University (or any other reputable company) won't ask you to reply to an email with your username, password or other information like bank account details in an email. NEVER reply to these emails.
- If you are asked to click on a link, type the link into your browser rather than clicking on it directly. Sometimes links in emails look genuine but would actually send you to a different site.
- Don't fill in any attached forms that ask for your username and password or other personal details. We will never ask for your details in this way.
If you think you have responded to a spam email or opened an attachment with malware in please contact the IT Service Desk (firstname.lastname@example.org, tel 0113 343 3333) immediately. For more information see the Information Security website (http://www.leeds.ac.uk/informationsecurity) including Phishing advice and information on viruses and malware.