MD Student News

Copy RSS feed URL

IU to tag email from senders outside university

Karen Spataro • 6/10/19

IU to tag email from senders outside university

External Email Flagging feature is designed to protect against phishing

To protect against phishing scams, Indiana University will soon begin flagging all emails that come from addresses outside the university to prompt users to take a second look before responding or engaging.

The service is known as External Email Flagging. It marks any messages received from non-IU email addresses with an [External] tag added to the beginning of the subject line. Additionally, a warning is added to the top of the message to remind users to be cautious when clicking links or opening attachments from external sources.

The service will be turned on by default for the entire university on July 24. Users could previously opt-in on their own through the IU Security Center.

Due to IU School of Medicine’s close working relationship with IU Health, emails from the domain will be exempt from the external classification. That process is continuing to be refined, so users may initially experience some inconsistencies in whether IU Health addresses are flagged but should see continuous improvement.

“This is an important tool to prevent against phishing attacks that are becoming increasingly sophisticated and that put the school, university and each of us at risk,” said Rob Lowden, IU School of Medicine’s executive associate dean for technology affairs and chief information officer. “Phishing is often successful because users are tricked into thinking an email is legitimate. By flagging messages from outside IU, our faculty, staff and learners will be more equipped to distinguish between emails they can trust and those that may be malicious.”

Reporting phishing

Lowden encouraged members of the IU School of Medicine community to report phishing attempts immediately.

“Phishing attempts are typically well-orchestrated attacks directed at many accounts within an organization, so if you received a suspicious email, it’s likely your colleagues did, too,” he said. “The quicker we know about these attacks, the quicker we can shut them down.

The Report Phishing button in Outlook can be used to quickly and easily report a phish and send all required information directly to the security office for immediate action.

In Outlook for Windows, the reporting button can be found on the top right of the home tab. Mac users should click on the questionable message in Outlook and then launch the Report Phishing application in the Applications folder or from the Dock.

Read a recent blog post by Lowden to learn more about how to identify and protect against phishing attempts.


Karen Spataro

Director of Strategic Communications

Karen Spataro joined the Indiana University School of Medicine Office of Strategic Communications as director in 2018 and has two decades of experience communicating to a wide range of audiences. Reach her at or 317-278-3676.