Overview
The "Email Warning Tags" feature allows inbound email to include an informative header warning the recipient the message may be more dangerous than normal internal email communication. These tags serve as visual cues to prompt caution and verification before interacting with the content.
Email Warning Tags will include a "WARNING: " or "CAUTION: " title and sentence about the specific warning identified with the message. The most common warning will be for external senders, "This message came from outside your organization."
Example light mode warning tag:
Example dark mode warning tag:
Why are the Email Warning Tags in place?
These warnings added to emails coming from outside U of I have become a security best practice and are in place at many organizations. We continue to have U of I employees be the victims of phishing and other scams that come from outside entities, and this provides a warning to look carefully before clicking or responding.
Email is one of the most common methods for infiltrating an organization's cyber-infrastructure. These tags serve as visual cues to prompt caution and verification before interacting with content received from external services. This assists with compliance to the CIS Critical Security Controls 14.2, "Train Workforce Members to Recognize Social Engineering Attacks".
Is it possible to exclude my personal contacts from the Email Warning Tags?
No, the Email Warning Tags are global and cannot be individually managed.
Is it possible to exclude a University of Idaho partner from the Email Warning Tags?
Yes, for approved vendors it is possible to exclude their messages from the Email Warning Tags. Please submit a ticket by clicking on "Request Service". Please include the full email address and an example email message in the request.
What happens when I reply-to or forward a message that has an Email Warning Tag?
The Email Warning Tag will be removed from your message when you reply-to or forward a tagged message to an external recipient.
Note: The Email Warning Tag is removed when a message reply or forward is sent to an external email address. If the message is forwarded to another internal email address, such as another employee address, the tag is not removed.
Here is an example:
This is a message sent from a google address, outside of the University of Idaho, to a staff account. It was tagged, as expected.
When jvandal replies to the original message, the recipient of that reply will not see the email warning tag.
The potential warning messages are:
Type |
Tag |
Message / Description |
Informational |
External Sender |
CAUTION: This sender is from outside your organization. |
This tag informs the recipient that the message was sent from outside your Organization. |
Informational |
Unknown Sender |
CAUTION: You have not previously corresponded with this sender. |
This tag informs the recipient the message was sent from a sender with whom the recipient has not previously corresponded. |
Warning |
Impersonating Sender |
WARNING: The sender may be an imposter. |
This tag informs the recipient that the message may have come from an impostor. This typically applies to executives or a small sub-category of users who are frequently targeted by impostors. |
Warning |
Mixed Script Domain |
WARNING: This message may contain links to a fake website. |
This tag informs the recipient that the message may contain a URL or link to a malicious website that is counterfeiting a legitimate website by use of lookalike characters in the URL. |
Warning |
Newly Registered Domain |
WARNING: The sender's email domain has been active for a short period of time and could be unsafe. |
The message was sent from a domain that has been recently registered and could be for the purpose of sending spam or malware. |
Warning |
DMARC Authentication Failure |
WARNING: The sender's identity could not be verified and someone may be impersonating the sender. |
This tag informs the recipient that even though the message is delivered, it failed DMARC authentication and may be unsafe. |
If you receive an email that you suspect may be a phish, please refer to How do I report a phishing message to report the suspected phish to the OIT Security office.