Information Services

Email

Information about Email services for University of Edinburgh staff and students.

Phishing is a serious security threat to the University of Edinburgh. If Personally identifiable information, which is the primary target of phising attacks, falls into the wrong hands then it can cause both financial and reputational damage to the University and its employees. Phishing attacks are often launched by including malicious attachments or links in an email. When recipients open these malicious attachments or click on links, it can spark an attack.

Email orginating from outside our University should be approached cautiously, especially messages containing information on password changes, email quotas, pay/benefits changes, and more. A high percentage of phishing attempts targeted towards the University often comprise these topics.

As part of our continual efforts to mitigate against phishing scams, we plan to add an advisory warning banner on all incoming email messages from external senders that contain web links. The banner will appear on emails University wide from mid-July.

The banner appears as a horizontal strip of text. It is clearly visible and a constant reminder of the risks associated with clicking links in emails.

The following sample illustrates how the banner will appear in email messages:  

Image of the warning banner in external email messages

 

 

Should I ignore messages with the warning banner?

Messages including the warning banner does not mean the email is malicious, only that recipients should take caution. Do not click on links or open attachments in messages with which you are unfamiliar. All email originating from outside the university, except for approved services, will be tagged with this message.  

Where can I find advice about dealing with email phishing?

Some phishing emails have an appearance of a trusted sender, so you should always be vigilant. If you're ever unsure, you can do some basic checks yourself.

For example:

  • Clicking to expand sender details in the 'From' field  
  • Hovering over a web link or copying it into a text file to inspect where the link goes

Our colleagues in InfoSec offer helpful tips and further advice about ways in which you can detect malicious email:

About Phishing

The update is brought to you jointly by Information Security and the Email Service Working Group who continually work in partnership to help make email messaging safer.  

Please provide your feedback and let us know how you rate this change at:

Rate the Warning Banner in external email messages 

Guidance is available about the two email platforms currently operated as part of the University's Email Service this page is intended to sign-post you to the relevant guidance for the platform hosting your University mailbox. 

The guidance linked shows you how to access your University email on a web browser, computer or mobile device and includes a variety of useful FAQs.

Office 365 Email (for all students and the *majority of staff)

Microsoft's email platform provided with The University's Office 365 subscription at no additional cost.   As well as emails, Office 365 brings into view your meetings, chat conversations, notes and files across your devices.   This service also integrates student timetables and shifts for frontline workers. 

Office 365

*All staff (inc. postgraduate researchers) employed in Informatics before September 2018 should use Staffmail guidance linked below.

*All staff (inc. postgraduate researchers) employed in Physics before May 2019  should use Staffmail guidance linked below. 

 

Staffmail (*some staff in Informatics and Physics)

A legacy email platform used by staff in Informatics before September 2018 and staff in Physics before May 2019.

Staffmail

*Informatics staff (inc. postgraduate researchers) already migrated or joining after September 2018 should use the Office 365 guidance. 

*Physics staff (inc. postgraduate researchers) already migrated or joining after May 2019 should use the Office 365 guidance.

Still need help? 

If you're still unsure about which guidance to use above, you can check the *Mail Service record in your profile linked below.

 
*The mail service check linked above requires that you're signed in so you may be prompted for your University login credentials.

Email directory and other related services

Mail directories

Search the directory of email address contacts, get added to the directory or opt-out, see the directory policy.

Mailing lists 

Create mailing lists to reach out to your target user group audience with a single mailshot. 

Email delivery & relay services

Advice about services which generate email, safe delivery of email, rejection errors explained and more.

Email policy for ex-staff