Cisco Email Security solution

As part of the Email Improvement project, the University will transition to a new email security vendor, Cisco, and will replace the current email threat protection tool, Proofpoint, with Cisco's Email Security (CES) solution.

Known impacts

• This change applies to Exchange/Office 365 accounts; accounts on Mailservices will not be impacted.
• Student email accounts, not currently being scanned for Spam, will also be scanned by the new CES solution.
• Spam email message management will change from the current "quarantine" approach to a "tag and deliver" method.
  • Quarantine
    • Spam messages are sent to the recipient's personal quarantine, not their email account. 
    • There the user can review and release quarantined messages and manage their blocked/safe sender lists.
  • Tag and deliver
    • Identified and suspected Spam messages will be delivered to the recipient’s Junk Email folder. Recipients should now check their Junk Email folder when looking for missing or expected email messages.
    • If a message is identified as Spam in error, the recipient can move the message to their inbox. 
    • Spam tags may be added to the email subject line depending on the nature of the email message, e.g., [SUSPICIOUS]. Please visit our Cisco Email Security solution page to view a list of tags and their definitions, known impacts, and other considerations.

    • A message header will be added to messages that have been identified as Spam e.g. Spam: X-Spam-FLAG: YES or Suspect Spam: X-Spam-FLAG: Suspect

Spam tags and definitions

• Any message that is identified as Suspect Spam, will be delivered to the recipient’s inbox, subject line not modified.
• Any message in which the message is not scannable will have the message subject prepended with [NOT VIRUS SCANNED] and delivered to the inbox of the intended recipient
• Any message that is identified as being sent from an imposter will have the subject prepended with [SUSPICIOUS] and a disclaimer added to top of the message with the following text:

“WARNING: The University's email security system has determined the message below may be a potential hoax/fake. If you are unsure of the sender, contact the IST Service Desk. Please do not respond or click any links in the message."

• Any message that is considered zero-day (Outbreak) for non-viral (phish or scam) will have the subject line prepended with [SUSPICIOUS] and a disclaimer added to top of the message with the following text:

“WARNING: The University's email security system has determined the message below may be a potential threat. The message tricks victims into confirming a bank account change or transaction by calling a phone number and providing information. If you do not know the sender or cannot verify the integrity of the message, please do not respond or click on any links in the message. Depending on the security settings, clickable URLs may have been modified to provide additional security.”

Other important considerations

(It is very rare a legitimate message will be quarantined)

• Any message that is identified as a virus will be quarantined and not delivered to the intended recipient. If required, a quarantined message can be retrieved within one month of being received. Please submit the request to via Request Tracker. 
• Any message that contains a malicious URL (using the web-based reputation score) will be quarantined and not delivered to the intended recipient. If required, a quarantined message can be retrieved within one month of being received. Please submit the request via Request Tracker.
• Any message that contains a URL suspected of being malicious will have the URL re-written to a Cisco proxy for additional verification. 

Future tagging considerations

• All messages sent from an outside source will have the subject prepended with [EXTERNAL]. As there are multiple outside sources that are legitimate, this feature will be implemented at a later date to determine these sources.