External Email Tags

Most email scams begin with messages from an external email system.  As part of EKU’s effort to reduce phishing and other email scams, these external email messages will now receive a [EXTERNAL] tag in the message subject and a warning message at the top of the message body.  This does NOT mean all emails tagged [EXTERNAL] are malicious, but some are.  This is another tool we have implemented to assist our users with their email management and to protect EKU’s data and other assets.

Internal Message Subject Example:

External Message Subject Example:

You should always stop and think about all emails, even those originating from an EKU server.  Internal users can have their accounts compromised and be used to send out additional phishing emails. Part of that means forwarding suspicious emails to us here: spam@eku.edu so we can assist you with evaluation.  In the unlikely event, an email sent to us is legitimate, we will tell you!

If an email is tagged [EXTERNAL], you should think even harder about the email and take additional steps to determine authenticity:

• Is it from a sender you know?  Were you expecting the email?  Verify with your friend or co-worker over the phone if you are unsure if the email sounds a bit off or send to spam@eku.edu.
• If there is a link in the message, Don’t click it!  If the message seems suspicious send to spam@eku.edu.
• If there is an attachment, Don’t open it! If the message seems suspicious send to spam@eku.edu.
• Does the message make sense?  A legitimate message would not ask you to provide your credentials to maintain your account access.

FAQs

1. Is an email unsafe to open if it contains an [EXTERNAL] email tag?
   An [EXTERNAL] email tag does not indicate that an email is unsafe.  However, you should be cautious of clicking on links or opening attachments if you do not recognize the sender or the sender is internal and has a proper @eku.edu or @mymail.eku.edu address.
2. If I forward a copy of the tagged email, will the [EXTERNAL] email tag also be forwarded?
   Yes, the text [EXTERNAL] added to the beginning of the subject line will be included in any forwarded copies of the email.
3. How do I submit a request for an exemption for [EXTERNAL] tagging for a major University sending service?
   Some EKU services use cloud systems that are not physically located on campus.  In some cases, it may be appropriate for these systems to be exempted from the [EXTERNAL] tagging because they are a trusted source.  Guidelines for this process:
   • Service is specific to EKU
   • Service is a campus standard platform used across several units

   Submit requests to the IT Service Desk:  support@eku.edu

4. Can I personally opt-out of [EXTERNAL] tagging?
   No. [EXTERNAL] tagging is added to all EKU email accounts to help signify email from an unknown source.
5. Does [EXTERNAL] tagging do any additional scanning, filtering, or sorting?
   No additional scanning, filtering, or sorting is performed.  If the message origin is a non-EKU system, then [EXTERNAL] is added to the beginning of the email subject line and the body is tagged with a warning message.