Information about Email services for University of Edinburgh staff and students.
Phishing is a serious security threat to the University of Edinburgh. Phishing attacks target personally identifiable information, and if this falls into the wrong hands it can cause both financial and reputational damage to the University and its employees. These attacks are often launched by including malicious links or attachments in an email. When recipients open these attachments or click links, it can spark an attack.
Universities are regularly targeted by phishing attacks that look like official communications about password changes, email quotas, pay/benefits changes, etc. Some are quite convincing and it can be difficult for staff and students to spot these malicious emails.
As part of our efforts to protect against phishing scams, we have added an advisory warning banner on all incoming email messages from external senders.
The banner appears as a horizontal strip of text. It is clearly visible and a constant reminder of the risks associated with clicking links in emails.
The following sample illustrates how the banner appears in email messages:
Are all messages with the warning banner dangerous?
The warning banner does not mean the email is malicious, only that recipients should exercise caution. Do not click on links or open attachments in messages with which you are unfamiliar. All email originating from outside the university will be tagged with this message.
If I reply to the email, will the banner be visible to the recipient?
The banner will be visible unless you choose to manually delete it before you send the reply. An increasing number of Universities and other organisations are using similar banners, so the banner will not necessarily cause offence.
Can I opt out of the warning banner?
No, users may not opt out of the warning banner.
Where can I find advice about dealing with email phishing?
Some phishing emails have an appearance of a trusted sender, so you should always be vigilant. If you're ever unsure, you can do some basic checks yourself.
- Clicking to expand sender details in the 'From' field
- Hovering over a web link or copying it into a text file to inspect where the link goes
Our colleagues in InfoSec offer helpful tips and further advice about ways in which you can detect malicious email:
The update is brought to you jointly by Information Security and the Email Service Working Group who continually work in partnership to help make your email messaging safer. You can rate or comment this change here
Guidance is available about the two email platforms currently operated as part of the University's Email Service this page is intended to sign-post you to the relevant guidance for the platform hosting your University mailbox.
The guidance linked shows you how to access your University email on a web browser, computer or mobile device and includes a variety of useful FAQs.
Office 365 Email (for all students and the *majority of staff)
Microsoft's email platform provided with The University's Office 365 subscription at no additional cost. As well as emails, Office 365 brings into view your meetings, chat conversations, notes and files across your devices. This service also integrates student timetables and shifts for frontline workers.
*All staff (inc. postgraduate researchers) employed in Informatics before September 2018 should use Staffmail guidance linked below.
*All staff (inc. postgraduate researchers) employed in Physics before May 2019 should use Staffmail guidance linked below.
Staffmail (*some staff in Informatics and Physics)
A legacy email platform used by staff in Informatics before September 2018 and staff in Physics before May 2019.
*Informatics staff (inc. postgraduate researchers) already migrated or joining after September 2018 should use the Office 365 guidance.
Still need help?
If you're still unsure about which guidance to use above, you can check the *Mail Service record in your profile linked below.
Email directory and other related services
Search the directory of email address contacts, get added to the directory or opt-out, see the directory policy.
Create mailing lists to reach out to your target user group audience with a single mailshot.
Advice about services which generate email, safe delivery of email, rejection errors explained and more.