Spam Filtering

Introduction

Email is one of the primary avenues that cyber attackers use to take advantage of Hampshire. Most of us have seen offers for baby grand pianos, welding tools, and internships over the past years that turned out to be lures by bad actors. Through these emails they want you to reach out so they can work out a payment scheme (either direct payment for something, or offering to send you a (bad) check and then asking for money back), or potentially having you log in with your Hampshire, email, or bank account user and password so they can intercept those. When these fraudulent emails are reported, IT has to work reactively to pull those emails from everyone’s mailbox as fast as possible. While we are able to minimize our community’s exposure, there is still potential for financial scams to slip through.

To better secure Hampshire, IT will implement Mimecast, a proactive secure email gateway that will block 99% of all spam, phishing, and malicious emails. Mimecast will block emails with malicious indicators, and make sure that attachments and links in the emails are safe, and that the emails are not spam or phishing attempts.

What will change

External Alert

All emails coming from outside of Hampshire (ie, not from @hampshire.edu) will have External: in the subject. This will alert you that this email did not come from inside Hampshire. When you receive an email with “External” in the subject, that’s an indication it did not come internally from Hampshire.

Inbound email greylisting

Incoming email that was deemed spam, phishing emails, or with bad attachments will be in a “greylisted” area. If emails for you were held, Mimecast will send out a digest (around 8AM, noon, 5PM) alerting you to emails that did not pass muster, which you can then act upon through links in the email. (Release, Permit, and Block)

URLs in emails

If URLs are found to be malicious through either a website that’s known to be malicious, or linking to a file that is malicious in nature, they will be replaced with a URL to Mimecast stating the original URL has been blocked.

If a URL is found to be safe, it will get re-written to point to Mimecast. This will ensure that when you click on the link, Mimecast once more checks the URL to make sure it hasn’t been recently identified as a malicious site. This all happens in the background, and aside from seeing your browser redirect from Mimecast to the final URL, you should see little to no impact.

Please note that bad actors are always developing methods to circumvent detection.  Mimecast cannot catch ALL bad urls. YOU are our last line of defense. Always follow safe email practices. 

Attachments

All attachments will be checked for malicious content. If a malicious attachment was found, the email will be blocked and the internal recipient will be notified. At this point only administrators can release bad files as a safety precaution.

Encrypted documents are currently allowed through, but encrypted zip files will be blocked.

Impersonation Protection

Mimecast includes impersonation protection, which ensures that “Jim Patten” cannot email anyone at Hampshire from an @yahoo.com or @gmail.com email address. However everyone will be able to email themselves from a personal email without issues. For communicating to other Hampshire people, please always use your @Hampshire.edu email address.

Outgoing email scanning

In the case that a Hampshire account gets compromised, a bad actor may email out malicious content that will then actually come from a valid Hampshire email account. Therefore, in addition to scanning incoming emails, Mimecast will also be scanning outgoing emails. These will have more lenient rules, and should not get blocked unless a malicious attachment is found. To prevent these from reaching others at Hampshire, or anywhere on the internet, they will get blocked. Again, should this have erroneously caught something that was safe, IT can release the message to still go out. 

Mimecast Daily Digest of Held Emails:

If an email is blocked or held, you will receive a digest from which you can take actions.  You can also manage your held messages in the portal: https://login-us.mimecast.com/m/portal/app

The digest email will list emails that were blocked for one reason or another, with actions you can take to treat them appropriately.

RELEASE: Releasing an email does just that, it releases the email, and it will show up in your GMail inbox shortly.

PERMIT (whitelist): Permit will also release the email, but it tells Mimecast to whitelist the sender for you, so any future emails from that sender will be delivered automatically in the future without being held. Be careful with this, and only permit emails that you know are good. (Mimecast will still block bad attachments and check URLs for safety, regardless of the PERMIT action)

BLOCK: Block will block that sender for you. They will no longer be able to email you.

GROUP ACTIONS (use with care): There are also Release All, Permit All, and Block All links, which will do that action for all emails listed in that Digest. Be careful with this as this could affect multiple emails from different sources.

If you do make a mistake and accidentally permit a user you wanted to block, or block a contact you wanted to permit, you can access the Mimecast Personal Portal to change these settings: https://login-us.mimecast.com/m/portal/app

Please find Mimecast privacy statement on their website and link here:

https://www.mimecast.com/company/mimecast-trust-center/privacy-statement/

https://www.mimecast.com/company/mimecast-trust-center/certification-and-attestation/privacy/

https://www.mimecast.com/company/mimecast-trust-center/data-processing-addendum/