Skip to main content

IU to tag email from senders outside university

External Email Flagging

This image shows how emails from non-IU users will appear when the university implements its External Email Flagging service as the default setting for all accounts.

External Email Flagging feature is designed to protect against phishing

To protect against phishing scams, Indiana University will soon begin flagging all emails that come from addresses outside the university to prompt users to take a second look before responding or engaging.

The service is known as External Email Flagging. It marks any messages received from non-IU email addresses with an [External] tag added to the beginning of the subject line. Additionally, a warning is added to the top of the message to remind users to be cautious when clicking links or opening attachments from external sources.

The service will be turned on by default for the entire university on July 24. Users could previously opt-in on their own through the IU Security Center.

Due to IU School of Medicine’s close working relationship with IU Health, emails from the domain will be exempt from the external classification. That process is continuing to be refined, so users may initially experience some inconsistencies in whether IU Health addresses are flagged but should see continuous improvement.

“This is an important tool to prevent against phishing attacks that are becoming increasingly sophisticated and that put the school, university and each of us at risk,” said Rob Lowden, IU School of Medicine’s executive associate dean for technology affairs and chief information officer. “Phishing is often successful because users are tricked into thinking an email is legitimate. By flagging messages from outside IU, our faculty, staff and learners will be more equipped to distinguish between emails they can trust and those that may be malicious.”

Reporting phishing

Lowden encouraged members of the IU School of Medicine community to report phishing attempts immediately.

“Phishing attempts are typically well-orchestrated attacks directed at many accounts within an organization, so if you received a suspicious email, it’s likely your colleagues did, too,” he said. “The quicker we know about these attacks, the quicker we can shut them down.

The Report Phishing button in Outlook can be used to quickly and easily report a phish and send all required information directly to the security office for immediate action.

In Outlook for Windows, the reporting button can be found on the top right of the home tab. Mac users should click on the questionable message in Outlook and then launch the Report Phishing application in the Applications folder or from the Dock.

Read a recent blog post by Lowden to learn more about how to identify and protect against phishing attempts.

The views expressed in this content represent the perspective and opinions of the author and may or may not represent the position of Indiana University School of Medicine.
Default Author Avatar IUSM Logo

Karen Spataro

Director of Strategic Communications

Karen Spataro served as director of the Indiana University School of Medicine Office of Strategic Communications from 2018-2020. She is now the Chief Communications Officer at Riley Children's Foundation.