New Email Security Feature

A Sender Policy Framework (SPF) will be applied to the University’s email system from Tue 15 Aug. This best practice measure is part of an ongoing effort to help everyone stay safe and secure.

What does SPF do?
It passes your received email through an automatic ‘check’ to:

  • Verify that it comes from the University’s email system
  • Confirm that the displayed sender address matches the one found in the email header (i.e. it is not from a ‘spoofed’ account)

SPF inserts a warning message into any email that fails either/both of these checks to let you know it carries the tell-tale signs of an illegitimate message. From then on, it is up to you to make some informed decisions.


Will I notice anything different?
Potentially, yes. If any of the emails you receive fail the SPF check, they will be tagged with text (outlined below) in the subject line and the email body itself as a header to highlight this to you:

  • Subject line: ‘UNVERIFIED SENDER’
  • Email body: ‘The University e-mail system cannot verify the authenticity of this message; treat it with caution’

Does that mean it’s definitely spam?
No. The check itself is not 100% fool proof and on occasion, it may fail legitimate emails. If there are grounds for you to think this is the case, for example you were expecting an email from that person or on that subject, personally check with the sender to confirm their email is genuine before engaging with anything in it.

What is it for then?
SPF is here to enhance your ability to identify malicious emails, not to replace your important and continued role in the process of doing so. Please always consider each email you receive with care and exercise the sound thinking we’ve shared with you on many occasions before interacting with any links, attachments or calls to action they contain, as we know you already endeavour to do.

What should I do if I receive an email with the warning message?

  • Follow the advice given above and be cautious with it until you are confident it is legitimate. If you cannot confirm this yourself, please contact IT via Help4U so we can investigate on your behalf.
  • Follow the instructions below in the event the email is suspicious and we will apply appropriate technical measures to prevent that sender entering anything into your email system again.

How do I report a suspicious email?
Send (do not forward) it to us as an attachment using the instructions on this webpage.

Why are we doing this?
Every day brings with it more headlines about accounts being hacked, ransomware attacks making their way around the world and systems being compromised. The University takes security seriously and SPF is a small factor we can introduce that will help you contribute to keeping your place of work or study as cyber safe as it can be.

If you have any questions or concerns about this change, please contact us via Help4U (ref C1707-023).