Category: Email

New Email Security Feature

A Sender Policy Framework (SPF) will be applied to the University’s email system from Tue 15 Aug. This best practice measure is part of an ongoing effort to help everyone stay safe and secure.

What does SPF do?
It passes your received email through an automatic ‘check’ to:

  • Verify that it comes from the University’s email system
  • Confirm that the displayed sender address matches the one found in the email header (i.e. it is not from a ‘spoofed’ account)

SPF inserts a warning message into any email that fails either/both of these checks to let you know it carries the tell-tale signs of an illegitimate message. From then on, it is up to you to make some informed decisions.


Will I notice anything different?
Potentially, yes. If any of the emails you receive fail the SPF check, they will be tagged with text (outlined below) in the subject line and the email body itself as a header to highlight this to you:

  • Subject line: ‘UNVERIFIED SENDER’
  • Email body: ‘The University e-mail system cannot verify the authenticity of this message; treat it with caution’

Does that mean it’s definitely spam?
No. The check itself is not 100% fool proof and on occasion, it may fail legitimate emails. If there are grounds for you to think this is the case, for example you were expecting an email from that person or on that subject, personally check with the sender to confirm their email is genuine before engaging with anything in it.

What is it for then?
SPF is here to enhance your ability to identify malicious emails, not to replace your important and continued role in the process of doing so. Please always consider each email you receive with care and exercise the sound thinking we’ve shared with you on many occasions before interacting with any links, attachments or calls to action they contain, as we know you already endeavour to do.

What should I do if I receive an email with the warning message?

  • Follow the advice given above and be cautious with it until you are confident it is legitimate. If you cannot confirm this yourself, please contact IT via Help4U so we can investigate on your behalf.
  • Follow the instructions below in the event the email is suspicious and we will apply appropriate technical measures to prevent that sender entering anything into your email system again.

How do I report a suspicious email?
Send (do not forward) it to us as an attachment using the instructions on this webpage.

Why are we doing this?
Every day brings with it more headlines about accounts being hacked, ransomware attacks making their way around the world and systems being compromised. The University takes security seriously and SPF is a small factor we can introduce that will help you contribute to keeping your place of work or study as cyber safe as it can be.

If you have any questions or concerns about this change, please contact us via Help4U (ref C1707-023).

Ransomware – Be Vigilant Please

You will see widespread news reports regarding ransomware affecting organisations across the world.

We have tested and deployed access protection proactive measures, which will protect all staff and student desktops as advised by our vendor, however, please:

Educate yourself
An email cannot corrupt your device on its own, you have to interact with it. Think:

  • When you receive an email to your University account, consider if you were expecting correspondence on that topic, from that recipient. If you weren’t, and the message is calling for you to act either by sending information, clicking on an active link, or downloading an attachment, first ask the IT Service Desk to confirm its legitimacy.
  • Never tick/check enable macros on attachments, unless you explicitly need to and trust the sender.
  • Don’t run a program if you don’t know where it has come from and haven’t chosen to install it yourself.

Further advice can be found on the Information Security website section.

Getting help
UoD IT staff are available 09:00-22:00 Mon-Fri and 10:00-22:00 Sat-Sun. Please log a call for assistance via Help4U if you have any concerns.

Email Issues Effecting Some Users

Office Admin center – Service health

Email access issue in O365 effecting some users
User Impact:
Users may be unable to connect to the Exchange Online service. Current status: We’ve determined that timeouts within the Exchange database infrastructure are causing service availability issues. We’re continuing to investigate the underlying cause and to mitigate impact. 
Wednesday – 29/3/2017
Microsoft have removed this advisory, confirming that the issue is now resolved.

App Launcher Tiles within Outlook

Some users are currently unable to view  some app launcher tiles within Outlook on the web. Affected tiles include One Drive and Office Online. This is an EU wide issue and Microsoft are currently working on a resolution. A temporary workaround will reinstate your tiles for the duration of your browsing session. Please click this link if you require access to any of your missing apps https://dmail-my.sharepoint.com

Office 365 Issues

Please note we are currently experiencing some issues with Office 365. Typically, we are seeing these as performance problems with Outlook. Should you have issues with the Outlook client, we recommend switching to O365 web based interface whilst the service is degraded.

Similar problems have also been reported by other institutions indicating that this is not restricted to Dundee University.

The issue has been raised with Microsoft and we are awaiting a response; an update will be provided as soon as they it is available.

UPDATE – Microsoft have identified the issue and are working to recover full service.

Applicant Email Issue

We are aware that a number of applicants  have received emails from a generic  University of Dundee email (asrs-noreply@dundee.ac.uk )

The email refers to a  – due to a configuration  error the email  attachment (called IT Summary)contains no  data .

Our team are investigating and  working to resolve this issue now  – we apologise for any inconvenience .

Please do not click on any links contained within the body of emails, further advise is available on our web site:

http://www.dundee.ac.uk/it/services/email/security/

Phishing scam: Project Update projectDOCS.pdf

An unknown number of users have received a phishing scam message:

From: a known contact of a user
Subject: Project Update
With an attachment entitled: projectDOCS.pdf

This will most likely appear to have been sent by one of your email contacts. Opening the PDF requests your login details and it states that the .PDF is safe and can be accessed via your email address and password.

Best practice is to delete the email entirely. Please do not open or download the attachment if you have received this message to your inbox as you may be introducing a security threat to your device.

More information about Phishing and how to identify email scams can be found on our website.

Please contact the IT Service Desk if you have clicked on the attachment or need additional information or support.

Reports of Microsoft Outlook Client failing to connect

We have had some reports of users failing to connect using the Microsoft Outlook Client.

The University have raised this with Microsoft and are awaiting a response, as soon as this is available we will update this status.

In the short term could we ask you to use uod.ac.uk/email If you need further assistance please contact us via uod.ac.uk/help4u quoting reference #189261

Thank you.

Phishing scam: Attachment A2.20.23.pdf

An unknown number of users have received a phishing scam message:

From: wwwpostu@walla.com
Subject: A20
With an attachment entitled: A2.20.23.pdf

Best practice is to delete the email entirely. Please do not open or download the attachment if you have received this message to your inbox as you may be introducing a security threat to your device.

We are working to verify the legitimacy of the email. Updates will be added to this post as more information comes to light.

More information about Phishing and how to identify email scams can be found on our website.

Please contact the IT Service Desk if you have clicked on the attachment or need additional information or support.