Email Security at Sussex : Email and calendar : ... : ITS : University of Sussex

Email security at Sussex

The University’s email security system is designed to intercept dangerous messages and increase our protection against spam and phishing attacks.

What does the new system do?

The new email security system (Mimecast) filters emails before they arrive in your inbox. If it thinks something is dangerous, it won’t deliver that email, and instead your email will be ‘held’ until you check that it’s safe.

How do I know that one of my emails is being held?

You’ll know one of your emails is being held when:

You receive an email with the subject 'You have new held messages'. This message will list any emails that have been held.
We’re only sending you one of these per day to avoid these digest emails also seeming like spam. You can read more about digest emails below.
If you have the Mimecast plugin for Outlook (installed on Sussex Windows PCs and available below for you to install on your own PC), you will see an alert message, and you can access your ‘online inbox’ at any time.
You can log in to the Mimecast personal portal using the button on the right and see your list of held messages.

Why has this been done?

Spam, phishing, ransomware and other email security issues are significant threats to institutions like Sussex.

These attacks are often clever and well-coordinated, making it difficult to find a form of protection which isn’t too invasive or disruptive. Mimecast has been chosen as the best solution to protect our students, staff and researchers.

Digest emails

You will receive up a single digest email once per day with a list of any messages that have been held for review. If you think one of these held emails is genuine, click on the relevant link in the digest and that message will be released to your inbox. You can also login to the email security portal using the button on the right.

You will have three options for each held message:

You can Block them, removing the message and adding the sender to your personal block list.
You can Release them, which will send the message to your inbox but continue to intercept messages from the same sender.
You can click Permit, which will deliver the email to your inbox AND mark future messages from this sender as safe.

Held messages will be deleted after 14 days if you don’t release them.

Link re-writing

If an email you receive contains a link to a website, the security system will re-write the URL.

If you hover over a link in an email, you might see a URL that begins with https://protect-eu.mimecast.com and ends with domain= followed by the original URL of your link. For example:

For example, a link to bbc.com would become https://protect-eu.mimecast.com/s253462825?domain=bbc.com

If you see a URL like this, it isn't a phishing attack, it's just the security system trying to keep you safe. You should still look out for suspicious URLs that don't follow this format.

Clicking on the link will work as normal. If the system thinks that the web page is dangerous, you'll see a warning message when you follow the link.

The Mimecast client for Outlook

If you use Outlook on a Sussex PC, you'll see a tab called Mimecast. This tab allows you to:

see your held messages
control the level of protection you receive
report spam
access your personal list of blocked senders.

If you use a Sussex PC, you'll find the plugin installed in Outlook. If you don't see it, you can install the plugin from the Software Centre. The plugin isn't currently available for Mac or Linux, so please log in to the Mimecast website using the button on the right. This will give you the same options as the Windows plugin for Outlook.

Log in to the email security portal.

Check messages that have been held or blocked.

Use your Sussex username followed by @sussex.ac.uk (eg, ano123@sussex.ac.uk) and your Sussex password.