To identify emails that may be spoofed or possible phishing attempts, UD Information Technologies is using both a feature in Gmail and an email phishing service for Exchange that will mark suspicious incoming email messages with warning banners. Highlighting these potentially dangerous emails reduces risk to the University. Those using Gmail will see these notifications only in the GMail web interface or mobile app. Exchange will show warning banners on suspicious messages starting on September 14, 2022.
While these services will help find emails that may be suspicious, the UD community should remain vigilant and be on the lookout for suspicious messages. If you are concerned about a message, or unsure of its veracity, you can send it to reportaphish@udel.edu for verification.
What to do if you receive a message with a warning
For Gmail users, any click or action on the banner (such as clicking Report Spam) goes directly to Google. To report a phishing message to UDIT, forward the message to reportaphish@udel.edu. Messages in your Junk folder only need to be forwarded to reportaphish@udel.edu if a message has been put there by mistake. Please be aware when marking messages as junk that UDIT has limited visibility into information sent directly to Google. Learn more about reducing spam and identifying phishing attempts.
If you are concerned about a message, or unsure of its veracity you can always send it to reportaphish@udel.edu for verification.
What to do if emails you send are being marked with a warning
Attackers use multiple methods to mask their sending emails addresses. Messages that do not come from an @udel.edu address will be marked with a warning banner. The banner will indicate that the sender could not be verified. For example, if your department allows a third party vendor (i.e. MailChimp, Constant Contact) to send email from their system that is not DKIM signed, those messages may be marked as suspicious. Messages from listservs or web-based applications may also be marked as suspicious.
Note: If you send messages using UD PO Box or UD Bulk Email, your messages will never be marked with warnings.
Send email using your UD email
If you use your personal email to conduct University business, your emails may be marked with these warnings. Use of personal email to conduct University business is unsupported and may violate the records retention policy.
DKIM signing & subdomains
In some cases, legitimate messages may be marked because they are not DKIM signed. You can work directly with your vendor to start the process of getting your messages DKIM signed. Once the vendor has provided you with DKIM keys, please contact central IT using a message to AskIT@udel.edu with the details of your mailing and the service or vendor in use. If appropriate security controls are in place for the service, central IT will publish the DKIM keys and messages from the vendor can be signed.
In some cases (like in the case of MailChimp) you will need to acquire a subdomain in order to get appropriate DKIM signing. In order to resolve this, a ticket can be submitted to askit@udel.edu to request a subdomain that is connected with a Google Group email address. This allows messages from a third party service to be DKIM signed.
Other cases
In some cases, DKIM-signing and subdomains are not available. Unfortunately in these cases the remaining options are limited or non-existent. Please contact askit@udel.edu to determine possible courses of action (if any) in these situations.
Examples of warning messages
In GMail
In Exchange
