University-wide email protection strategies
Table of Contents
ITS has implemented a number of email protection strategies to protect the personal information of students, faculty and staff. See details below:
To better protect the Temple community from increasing and unrelenting cyber security threats, Information Technology Services has disabled mail forwarding to external, non-Temple addresses for faculty and staff, effective June 18, 2021.
Disabling mail forwarding is becoming a best practice for user identity and data protection. Our IT support staff has seen the forwarding feature exploited first-hand when assisting users whose accounts have been hacked. This practice is also in accordance with our university policies to conduct all Temple-related business/correspondence via Temple email:
Implementing the New Policy
As of June 18, 2021, faculty and staff are no longer able to automatically forward Temple Outlook 365 mail to external non-Temple affiliated email addresses. (Forwarding individual email messages to external and internal recipients is not affected.)
Temple affiliated email addresses include Temple University Health System (@TUHS.temple.edu), Fox Chase Cancer Center (@FCCC.edu) and WRTI Radio (@WRTI.org). Temple faculty and staff who forward their email to these addresses will remain unaffected and continue to do so.
If an employee attempts to forward all their email to an external non-Temple affiliated email address, they will see an automated message similar to the following:
Students and Alumni
While it is strongly discouraged to do so, students and alumni can continue to automatically forward their Temple email to external non-Temple affiliated email addresses.
Phishing scams remain one of the top cybersecurity threats across the university. They can take the form of email scams by impersonating people we know. The majority of these types of scams start with a message originating from external email systems. As part of Temple's effort to reduce phishing and other email scams, all emails from external senders now include an [External] tag in the subject line.
No additional scanning, filtering or sorting of email is performed. If the message originates from a non-Temple University system then [External] is added to the beginning of the email subject line.
Please note that an [External] tag does not always mean that the message is unsafe or illegitimate. The purpose of the tag is to prompt the user to apply an appropriate level of scrutiny when reviewing the contents of the message in question.
In some cases, after a thorough review from ITS Information Security, messages from specific trusted external email systems may be excluded from the [External] tag. In these cases, you are still advised to proceed with caution.
A sample message showing the [External] tab appears below:
To help with identifying suspicious messages, Temple is using an automated threat analysis system called Proofpoint. You can report suspicious messages to Proofpoint by opening the message and clicking the Report Phish button in your TUmail account. By clicking the Report Phish button, Proofpoint will evaluate the message and then notify you whether there is a threat and what actions will be taken to safegaurd your privacy:
- Malicious messages are quarantined and/or forwarded to the ITS Information Security team for further remediation.
- Spam messages are removed from your account.
To learn more about Proofpoint and the Report Phish button, see our ITS Phishing page.
Outlook 365 enables you to encrypt messages sent to other Temple Outlook 365 email accounts or to accounts outside of Temple. If you are sending a message containing HIPAA Protected Health Information (PHI), Personally Identifiable Information (PII) or other confidential/sensitive information, make sure to encrypt it as shown below.
Note: The encryption feature is not currently available to Temple alumni.
Safe Links is an Advanced Threat Protection feature in Outlook 365 that scans hyperlinks in an email message for known malicious content or for content that Temple Information Technology Services has found to be unsafe. It provides a robust first line of defense against phishing scams, as it enables us to supplement Microsoft’s pre-determined security protocols with Temple's own security threat assessments.
The service works by updating the hyperlinks to flow through Microsoft's Advanced Threat Protection Safe Links service. In most cases, you will not be aware of the service, as the actions are taken in the background. You will, however, be aware of this service in the following cases:
Hyperlink Marked Malicious by Microsoft
When a hyperlink is marked malicious by Microsoft, you will see a message similar to the following:
Hyperlink Marked Malicious by Temple Information Technology Services
When a hyperlink is marked malicious by Temple Information Technology Services, you will see a message similar to the following:
Messages Sent in Plain Text Format
When a message is sent in plain text format, the hyperlinks are replaced with a Microsoft link (https://nam10.safelinks.protection.outlook.com) followed by a long string of characters:
Consider Adding a Signature to Set Expectations
If you send plain-text emails or have an app that sends plain text emails, consider adding a signature message similar to the following that sets expectations for the recipients:
Temple University e-mail is protected by Advanced Threat Protection Safe Links by Microsoft. Hyperlinks in this e-mail may display with a fairly long format that begins with ‘nam10.safelinks.protection.outlook.com’.
Some emails with an @temple.edu email address actually originate from outside of Temple or from an internal application (other than Outlook 365, Listserv or Xerox Printers).
If your department sends emails that fall under one or more of these conditions, the email must comply with Temple's Sender Policy Framework (SPF). Otherwise, they will not be delivered.
To learn more, see the Sender Policy Framework page.
ITS uses spam filters to block suspicious emails from getting through to the university. In certain rare occasions, ITS allows for exceptions to this process by adding an email address to a safe sender list.
To qualify for this exception, the request must undergo a thorough security review, showing that the sender is highly trusted and that the emails need immediately delivery. One such example, would be TUalerts.
On April 13, 2020, ITS disabled access to Temple email accounts via legacy (or basic) authentication protocols. This action was taken primarily for security reasons, but also in anticipation of similar controls to be implemented by both Microsoft and Google.
The problem with legacy authentication is that it allows access to Temple mail systems via outdated protocols that bypass access controls, such as Single Sign On (SSO) and Multi Factor Authentication (MFA). Hackers can use these protocols, along with compromised credentials, to target email account holders with phishing attacks from within Temple's own email systems.
Although you can no longer can set up new connections to your Temple email account with email clients that do not support modern authentication (or OAuth2), previously established connections will continue to maintain access until ITS gradually migrates them to modern authentication.
If you are experiencing any issues accessing your email, please contact the Help Desk at tuhelp.temple.edu or by calling 215-204-8000.
Clients that support Modern Authentication or OAuth2
- Outlook mobile app
- iOS Mail app
- Android Mail app
- Outlook desktop client (version 2016 and above)
- macOS Mail client
Departments can request the following email services through the tuhelp.temple.edu website:
- Disable the [EXTERNAL] tag for senders that should appear as internal to Temple
- Register a vendor's fully qualified domain name or IP address as authorized to send on behalf of Temple per the Sender Policy Framework
- Review an email address to be whitelisted to bypass the university spam filters