Email Security - Frequently Asked Questions

Table of Contents

  1. An expected email hasn't arrived - where has it gone?
  2. A newsletter or my bulk-emails are being delayed. 
  3. An Office document from a known sender is removed - what should I do?
  4. Why was this email or file not removed?
  5. An email was blocked due to the sending server's IP reputation, can you whitelist the server or the sender?
  6. Key resources

Introduction

Below is a list of commonly asked questions concerning email security.

If you have any questions about email security that are not answered below, refer to your local IT Support or the Service Desk. 

An expected email hasn't arrived in my inbox - where has it gone?

If you suspect that an email has been stopped please contact the Service Desk. 

Please provide the following information: sender address, date and time the message was sent, and the subject line. We will only be able to check the message logs when all of this information is provided.

If you are a member of ITSS please contact emailsecurity@infosec.ox.ac.uk or in urgent cases the team's Chorus extension 82222 for support rather than contacting the Service Desk.

My newsletter or my bulk-emails are being delayed

The University's email security gateway has a limit of 300 messages per minute per sending IP address. Volumes of email over this are temporarily deferred until later, when the message can be retried and delivered onwards. The Email Security Team has investigated cases involving well known bulk-email software (e.g. MailChimp, Adestra) and email will be delivered once the rate has fallen below the limit.

An Office document from a known sender is removed - what should I do?

Office documents (such as .XLSX, .DOCX, .PPTX, and others) can be made up of many compressed files. The email security gateway scan engine attempts to check these files by decompressing them, as it would any other compressed file. If the decompressed file contains too many files it will treat the file as suspicious, even when the document itself is not.

If you are having problems sending or receiving such files, you could consider either using an alternative method such as the OneDrive for Business. If you are sharing documents with people with the University, you may also wish to consider using the Nexus 365 OneDrive features.

Why was this email or file not removed?

If an email containing suspicious content makes it past the security products please use OneDrive for Business to send it to us at emailsecurity@infosec.ox.ac.uk. Please include the following information: sender address, date and time the message was sent, and the subject line.

An email was blocked due to the sending server's IP reputation, can you whitelist the server or the sender?

Messages can be blocked if the sender's email server has a bad reputation and is listed on one of the RBLs (Real-time Blackhole List) used by our security tools. These lists are the first check before our servers even start an email transfer with the sending party. This is to protect our infrastructure from denial of service attacks and protect against spam. RBLs were used by the University prior to the introduction of the enhanced email security tooling. The new tools are a widely adopted industry standard solution that facilitates a wide variety of high profile RBLs to decide whether a sending server should be allowed to transmit messages or not. As the RBL based decision is made prior to the actual email dialogue, we won't have a sender address to whitelist against.

However, you can always request for an IP address to be removed from a RBL, but the most simple solution is for people to not use low reputation mail servers.

To request for a mail server to be removed from an RBL, please use the following link:

https://www.ers.trendmicro.com/reputations/legitimate

If you have any questions regarding this then please contact us via emailsecurity@infosec.ox.ac.uk.

Key Resources

Support Contacts

To report any issues related to email security, please contact the IT Services Service Desk.

IT Support Staff to contact OxCERT.

About this Service

This service is provided by

OxCERT logo

For more details about service governance refer to the service catalogue entry.