Email Security Gateway
On top of traditional anti-virus and anti-spam services, the University's email security gateway provides new functions such as impersonation detection and defense, as well as advanced URL inspection and protection against phishing sites and rewritten URLs. In the initial launch, all incoming emails to staff accounts are scanned and filtered for potential threats and attacks based on latest algorithms.
Daily notifications on emails quarantined from “firstname.lastname@example.org”, like the example below, are sent to colleagues. Malicious emails that pose as threats are shown in the quarantined list but these emails are not releasable. Emails classified as spams, on the other hand, can be released by the user if he/she thinks there is any misclassification. Emails filtered are removed from the system after 14 days.
Impersonation detection and defense
The gateway employs a threat detection tool to identify and block impersonating attacks, preventing users from receiving these emails. Instead, the emails are quarantined and users only see them as spams in the daily notifications on emails quarantined. Nonetheless, users should be cautious and stay vigilant responding to emails.
URL inspection and protection
With this function, URLs in emails are checked and in some cases, the gateway prepends protect2.fireeye.com to the rewritten URL. When users mouse over the link, the rewritten URL is shown instead of the original one (see below).
If the URL is detected as malicious, users will be redirected to a page indicating that the URL is blocked and they will be prohibited from proceeding to the website. If the URL is detected as suspicious, users will be redirected to a page informing you that the site might contain malicious content. Users should proceed with caution as always.
|Alert Types||Sample screen|
|Malicious - the URL is malicious. Users are blocked from proceeding to the page.|
|Warning - the URL is being analysed or seems suspicious.|
|Invalid - the URL has been changed or is not valid.|
Below is a typical notification email with a list of quarantined messages.
The quarantine list contains all emails that are classified as spam or malware by the system. You can search for quarantined emails based on various filters. Messages are automatically deleted after 14 days in quarantine.
Release quarantined messages
Users can release emails according to the procedures below. Only emails received within the last 14 days can be released.
To release emails from quarantine:
- Click the "Release" hyperlink on the right hand column.
- Then you will be prompted to confirm that you want to release the email.
- Click "Confirm Release" to deliver the email to your inbox. (CAUTION: The released email may contain LIVE malware. Please proceed with caution.)
- If the email is not a spam email, you can report "not spam" by ticking the first check box.
- If you want to whitelist the sender, you can tick the check box "Add the sender address to the Allowed Sender Address list to bypass Spam check".
The Allowed and Blocked Senders List
The Allowed and Blocked Senders list lets you create lists of allowed and blocked email addresses and domains. Senders you allow and block appear in the same list in the Allowed and Blocked Senders page.
To add an email address or domain to your allowed senders list:
- Open the Quarantine notification email and click the "quarantined messages" link to access the end user Web interface.
- In the end user Web interface, click "Allowed and Blocked Senders" tab from the top navigation.
- Click "Add Entries".
- In the Add Entries pop-up window, enter valid sender domains or email addresses one line at a time.
- Click "Block" or "Allow" accordingly.
- The Allowed and Blocked Senders page is updated to include the domains or addresses in your allowed senders list.
To remove an email address or domain from your allowed senders list:
- In the end user Web interface, click the "Allowed and Blocked Senders" tab from the top navigation.
- Tick the checkbox on the left of the item(s) you want to remove. Then click the "Delete" button.
- Click "YES. DELETE SENDER".