Email attacks have become one of the most common ways of compromising university user accounts, systems and data. That’s why this past September, the campus enabled new email URL filtering measures based on reputation. The next step is to enable email outbreak filtering for all of campus starting Wednesday, April 18.
Outbreak filters perform a threat assessment of inbound messages and temporarily quarantine any large quantities of incoming suspicious messages. The temporary hold allows rules from security vendors time to catch up on evaluating the suspicious message. Messages deemed safe are released after a temporary delay. Messages deemed unsafe are left in quarantine to prevent a potential compromise of university assets.
More specifically, here is how different types of messages are handled by outbreak filters:
- Suspect messages without attachments: May be quarantined for up to 1 hour before delivery. Suspicious messages proven to be malicious will not be delivered.
- Suspect messages with attachments that may be viruses: May be quarantined for up to 1 day before delivery. Suspect messages proven to have attached viruses will not be delivered.
Outbreak filtering has already been applied for over a month to all Office of Information Technology (OIT) accounts and there were no noticeable adverse effects. The project team does not expect the application of outbreak filtering to noticeably affect email delivery for the rest of campus either.
Please note that any campus accounts that were added to the safe-list when we introduced email URL filtering, will also not have outbreak filtering applied to them. Also, OIT will adjust the filtering to accommodate for false positives as they are brought to our attention.
You can learn more about email filtering and security by visiting the OIT webpage dedicated to these topics. If you have questions about outbreak filtering or about campus email in general, please contact the IT Service Center at help@colorado.edu or call 303-735-4357.