Email Security: Quarantine versus
Junk Mail
What is the deal about all this email security stuff?
Recent data shows that approximately 46% of all email
traffic is classified as “spam.” That is 160 billion emails worldwide…every
day! 1.2% of all emails, or about 3.4 billion emails globally, are considered
“malicious.” 3.4 billion is a tremendous number of bad emails that are trying
to steal your ID, trick you into downloading viruses, or simply trying to take
down your system. With a risk this extreme, email protection is not just suggested
but is required. With the ever-increasing sophistication of modern malicious
email, it is not sufficient to just “be careful” but requires technology to
help protect us. This means Booth IT needs to provide email protective
software and solutions to reduce the number of bad emails delivered to our
mailbox.
How do we know when an email is “good” or “bad?”
We can use a combination of tools and guidance to determine
if an email is safe or not.
·
Security protocols (like DMARC or DKIM) are in place that
fingerprint emails in a way that we can identify the actual sender (versus one
that is faked). If the fingerprints don’t match the sender, we can safely
assume it is bad.
·
Booth IT has technologies that identify the format of an email. If
an email is created with a format that goes against industry accepted standards
and best practices, we can be confident it is bad.
·
Attachments and internal web links can be very dangerous. If
these items are incorrectly formatted or mis-named, it is a great indicator of
a bad email.
·
Known bad sources are monitored. If an email is coming from a
system, IP address, or region that is highly risky, it can trigger the email
protection.
·
Mass emails (like the kind you get from marketing systems) can
also be an indicator of security concerns. Email attackers usually send their
malicious emails to millions of email addresses to reach as many people as
possible, playing the laws of probability.
The protection solutions deployed by Booth IT team looks at
all these points (as well as some others) to give a grade to all emails coming
into Booth email servers. Depending on how well or poorly the email scores, it
may be delivered to your inbox, put into your junk mail folder, quarantined, or
simply blocked and deleted.
What happens to “bad” emails?
1. If an
email is simply questionable, many times it will still get delivered. This is
why diligence on your part is necessary for all of us…even with email
protection
2. If the email
is a bit more concerning, or is a clear mass marketing email, it will often be
put in your Junk folder. This is still a fully delivered email, although many
links and images will be disabled. There is a margin of error here, which is
why everyone needs to keep an eye on their Junk folder (sometimes a valid email
gets caught in the Junk filter). We cannot disable this without an extreme
amount of risk to Booth.
3. If the
email is even more questionable, it will get put in “quarantine.” A quarantined
email is not actually delivered but held by the email server for a set amount
of time (15 days at Booth). We all get regular emails from the Microsoft 365
system alerting of a quarantined email. It will tell us who it is from and
what the subject is. If we want, we can override the quarantine and request it
be delivered anyway.
4. If the email
is obviously malicious (i.e. it has a known virus attached) it will simply be blocked
and rejected by the email system.
5. DMARC rule
violations are a separate issue. Senders configure their DMARC rules in accordance
with their internal policies. Some organizations, like Booth, configure them
to deliver the email regardless of DMARC compliance. If an email from the
Booth email system fails DMARC, we say it can be delivered anyway. Some
organizations (such as government agencies, medical companies, or financial
institutions) have much stricter rules. Violating DMARC can result in the
email going directly into your Junk folder or even dropped without notice.
Please take note, Booth IT cannot do anything about this. The sender creates
the policy, we are just forced to abide by it.
Why do I still get spam emails delivered and good emails
in Junk?
As much as our IT team works to be as accurate as possible,
it is simply not possible to get every selection correct 100% of the time.
There are so many factors (i.e. a “spammy” keyword in the subject line) that
can add to the negative counts against an email. This is one of the areas in
technology where there is always going to be a certain amount of error. We
tune the tools as well as we can, but the balancing point between good emails
getting put in Junk/quarantine and malicious emails getting into your mailbox
is a very fine line. The IT team is constantly adjusting, but the very nature
of email security is reactive at its core.
What does the future hold for email security?
The IT Security team is always looking at new and better
tools. With the explosion of AI, we expect more and more tools to be using new
advanced technology. We need to do this smartly though. We expect as GenAI
and machine learning continue to develop that we will see in increase in
effectiveness and accuracy of out email security solutions.
What do I need to do to manage my email accounts?
1. Exercise
caution! Each one of us needs to be careful when opening emails. Avoid
following links in emails, avoid downloading/opening attachments until you are
expecting it, and report malicious emails to the IT Help Desk or use the
“Report” button on your email.
2. Avoid
auto-forwarding. Setting your email to automatically forward to another
mailbox will break the DMARC policy. This could lead to emails being dropped without
notification. To reduce this risk, do not auto-forward emails. You
can forward an email from your mailbox manually (as that does not break DMARC)
but the old technique of setting your UChicago mailbox to auto forward
everything to your Booth mailbox is causing considerable email loss. Ask Booth
IT how to add secondary mailboxes to your email client of choice.
3. Unsubscribe
to marketing emails you don’t want. It is very hard to see the bad emails when
your inbox is packed with vendor and marketing emails. If you no longer need
it, simply unsubscribe.
4. Keep an
eye on your Junk folder, especially if you are missing items. We all need to
actively manage our Junk folders. If you see legitimate emails consistently
getting put in Junk, reach out to the IT team for help.
5. Watch for
emails from quarantine@messaging.microsoft.com.
These are the emails alerting you that you have an email in quarantine. If you
see something that should be delivered, simply click the “Release” button and
it should be delivered into your mailbox within an hour or so. These emails
come daily and will list all emails of the day caught in quarantine.
6. Keep open
communication with the Booth IT and IT Security teams. We are working together
to provide you with the best email experience. If you are having issues or see
strange email traffic reach out for help. We are all here to help.
Conclusion
As much as we would like to guarantee 100% safe email, that
is just not possible. Our goal is to make your email as safe and reliable as
possible.
Remember, the Booth IT team is here for you. We all work
hard to provide top notch service. While we do have limitation on what we can
do, if you have a problem or request reach out and discuss it with one of our
team members.