Banners and MailTips for external emails


To help you spot phishing emails and prevent emails being sent to the wrong person:

Banner for external emails

Why do we need the banner? 

The banner was introduced as part of wider security measures to protect the University from the increasing number of cyber threats. Although we take every care to ensure our email security, and stop the vast majority of phishing emails, some will always get through. 

One common source of phishing is scammers faking a University email address when it is actually sent from outside the University. The banner is a standard Microsoft feature and does not indicate that a message is unsafe, just that it originated outside the University and that you should therefore, treat the email and any links or attachments with more caution.

This kind of banner is now standard practice across many universities, businesses and other large organisations, and is a standard feature of Microsoft 365.

Why do emails from University systems have the banner? 

Many of the systems we use at the University are actually provided by third parties, and therefore, emails from them are external. The cyber team are looking at which external addresses can be added to a 'safe senders' exemption list, which would not have this banner. Note, we will only add third parties to our safe sender list at the request of the person who manages the system and where a data processing agreement is in place and we are certain that our email security standards are being met. 

Can I ask for a system or email address to be added to the safe senders exemption list? 

Yes. The member of staff who manages the external system can apply for this exemption using this form. These may include systems which send automated emails as a standard part of University business (eg SAP), but would not include whole organisations, such as other universities. 

The banner occupies all the space in Outlook message preview. How can I see some content in the preview? 

We recognise that the banner was too large when it was first launched. After listening to your feedback we have reduced the wording so that it takes up less space. If you use the message preview in the Outlook desktop application to see the first lines of your email, you can increase this to view the first three lines of the message. In Outlook, click on the the View tab, then select Message Preview, and then choose an option.
View menu showing open Off, 1 line, 2 lines or 3 lines

Signed Emails

If you are sent a signed email from an external contact, you will receive the warning banner as usual but the contents of the email will be attached as an attachment, rather than displaying in the email itself. This keeps the integrity of the digital signature intact, we are not changing the contents of the message. You will be able to reply to the email as usual. 

 

External Email MailTips

What will I see?

When you send an email to an external recipient, Outlook will display a prompt that your message will be sent to someone outside the University. This text will appear in the same location as 'out of office' notifications, just above the address fields. (See example image below).

If the message is addressed to 200+ recipients, individual notifications won't be displayed.

Will this affect my email message?

This will not impact on, or alter, email functionality. 

Why has this been implemented?

An email sent to the wrong recipient can be annoying or embarrassing, but it can also have very serious implications for data security. This is a standard Microsoft MailTip feature used by many organisations to help prevent external emails being sent in error and subsequent data breach incidents.

 

Example Outlook message showing the MailTip above the From field