The folder Junk Email contains e-
mails which, according to the spam filter, have suspicious content, or which is sent from a fake mail server. These emails may be spam or phishing, but are not necessarily.
[SPAM], [SUSPECTED SPAM], [Tvivlsomt indhold] (questionable content), [Falsk mailserver] (fake mail server) or [Link til Google Docs] (link to Google Docs) will be added at the beginning of the subject field.
You must review the "Junk E-mail" folder yourself. If legitimate emails have ended up here, you can move them to the inbox by dragging them over.
- [SPAM] means that the email is very likely to be spam.
- [SUSPECTED SPAM] means that the email is suspected to be spam.
- [Tvivlsomt indhold] (questionable content) means that the email contains words or phrases that are often seen in spam or phishing emails.
- [Falsk mailserver] (fake mail server) means that the email is sent from a mail server that the mail domain (the part of the e-mail address after @) has stated is not used to send e-mails from. The email is therefore either fake, or the sender uses another or new mail server and have not yet configured this change.
- [Link til Google Docs] means that the email contains a link to Google Docs that could potentially link to spam or phishing.
You will still receive notification emails concerning some types of withheld emails and attached files. The notification email will state why the email or file was withheld. It might say:
- A file was removed from your email for security reasons.
Some types of files could potentially contain malware. These files are withheld for security reasons. Malware can be e.g. a virus or ransomware that encrypts the files on your PC. Read more about malware here.
In situations where emails that were seemingly sent from Postnord or Danske Bank have been withheld, it was because the company names had been abused to send spam and phishing emails.
If you receive an unwanted email (e.g. spam or phishing) that has ended up your inbox and not the Junk Email folder, you can set up the spam filter in Outlook for you specifically so that emails from a specified sender will subsequently be put in the Junk Email folder. Right click the email in your inbox, choose Mark as junk (Marker som uønsket). The e-mail will automatically be moved the the "Unwanted e-mail" folder.
If at a later point you regret this choice, you can change your preferences and cancel the automatic block. Right click the email in the Junk Email folder, choose Mark as not junk (Marker som ikke uønsket).
If you receive an unwanted email (such as spam or phishing) that is in the Inbox and not the Junk Email folder, you can send the email as an attachment to firstname.lastname@example.org. IT-Servicedesk will use the information in the email to fine-tune the common spam filter, so that the spam filter will catch emails from this sender or with this content going forward.
It is important that you attach the email and not just forward it to IT-Servicedesk. This way we get more information. Create a new email to IT-Servicedesk and drag the unwanted email into the new email.
From time to time, we are asked if we cannot simply whitelist a know sender and thereby allow all emails from this sender to bypass the spam filter. This would be a security breach.
As there is generally no way to verify that someone is who they claim to be, anyone could claim to be the whitelisted sender and thereby send spam and phishing emails to UCL and not be detected by the spam filter.
Spam is unwanted emails, e.g. ads or contests. There is a special kind of spam called phishing where the sender "fishes" for information that can be abused. This could be e.g. usernames, passwords, credit card information, civil registration number (cpr-number) etc.
If you receive a phishing email and accidentally share any of the above mentioned information with the sender, you risk losing money or having your email account hacked (taken over) and abused.
At UCL, it can have great consequences if a user's email account is hacked. For instance, we have experienced that a UCL user clicked a link in a phishing email and shared their UCL username and password. The user's email account was abused for sending more phishing emails, resulting in Microsoft blocking all emails from UCL. Until we had changed the user's password, and had a corresponcence with Microsoft, it was impossible to send emails to any email addresses owned by Microsoft, e.g. @live.dk that many students use as their private email.
Every year, UCL receives nearly 35 million emails. Of these emails, the spam filter sorts out 86% that the users never see or hear about, because the spam filter is 100% certain that these emails are either spam or phishing. That leaves 5 million emails.
97,100 emails, corresponding to 0.3% of the 35 million received emails, are subsequently withheld because the spam filter assesses them to be potential spam or phishing. Previously, a notification email was sent to the recipient to inform them that the email was withheld and that the recipient had to request its release.