Reporting and Managing Suspicious Email

Manage Suspicious Email Using Mimecast

Mimecast Email Security provides a suite of detection and prevention tools that enable automated blocking of malicious email. It provides a space that holds spam until the recipient chooses to release it or block it permanently.

Twice a day, you’ll receive an email from no-reply@georgetown.edu letting you know of any held spam messages you’ve received recently. 

Managing Emails Identified as Spam

In every digest notification, you can take the following actions for each of the emails listed:

  • Release/Release All
    Delivers this email or all messages, but future messages from this sender may still be blocked.
  • Permit/Permit All
    Allows this email or all future messages from this trusted sender to be delivered.
  • Block/Block All
    Blocks this email or all future messages from this sender.

*Please note that these messages will expire and be unrecoverable after 30 days.

Example message.

Manage Emails in MySPAM Portal

You can also manage held emails by logging in to the held email location (i.e., the MySPAMPortal) using your NetID@georgetown.edu email address and NetID password, and selecting the portal location.

Bookmark the MySPAM Portal

  • Chrome:
    • Navigate to the page.
    • Click the star icon to the right of the address bar.
    • You can also use the keyboard shortcut Ctrl+D (Windows/Chromebook) or Cmd+D (Mac).
    • Chrome allows you to bookmark all tabs by opening the menu and selecting “Bookmarks” then “Bookmark All Tabs”.
  • Firefox:
    • Navigate to the page.
    • Use the keyboard shortcut Ctrl+D (Windows/Chromebook) or Cmd+D (Mac).
    • You can also find the “Add to Bookmarks” option in the browser’s menu.
  • Edge:
    • Navigate to the page.
    • Use the keyboard shortcut Ctrl+D (Windows/Chromebook) or Cmd+D (Mac).
    • You can also find the “Add to Favorites” option in the browser’s menu.
  • Safari:
    • Navigate to the page.
    • Use the keyboard shortcut Cmd+D (Mac).

FAQ

I keep getting an email letting me know that I have held messages. What is that?
Twice a day, you’ll receive an email from no-reply@georgetown.edu letting you know of any held spam messages you’ve received recently. This is a quick way to review and release those messages without having to log into your MySPAMPortal. If you’re on the lookout for an email though, logging in to the MySPAMPortal is the quickest way to release a held message.

How will this impact my email?
If you receive email that appears suspicious, UISO will send a digest email to help manage potential spam, junk content and malware threats. These messages will be sent by no-reply@georgetown.edu. You won’t receive a digest message if there are no emails requiring your review. 

Digest options: There are three actions that you can take for each blocked email item:

  • Permit: Allows all future messages from this sender. You will receive this message for this action: This option should be selected only for known and trusted senders.
  • Block: Blocks all future messages from the sender and you will not receive the message. 
  • Release: Delivers the particular message from the sender but messages from this sender may be blocked in the future.

Are my emails being read by a GU email administrator to determine whether they have suspicious content?
Emails are not read; they are scanned by security algorithms to determine the probability of malicious and dangerous content.

I received a Suspected Malware Notification advising my email may contain suspected malware.
If the email is a legitimate business email, you can release the mail by going to your MySPAMPortal. If the item is not legitimate, you can delete the malicious email in the personal portal. 

Why does my digest notification only show the sender’s email address and not any content? 
Digest notifications only present the sender’s email address; they do not give a preview of the email content because once content of an email starts to download, it increases the university’s security risk.

What if I don’t take action on my digest emails within the 30 calendar days?
If no action is taken in 30 calendar days, the email will expire from the hold queue and be permanently deleted. You will need to contact the sender to ask for the email to be resent as the GU email administrator cannot retrieve deleted emails.

If an item is permitted/released, will it be allowed next time?
Yes, Mimecast is adaptive and once an item is permitted, it will be added to a safe list.

Can I check to see if I inadvertently blocked a business email?
Yes, you can review your own blocked/permitted lists. Go to the MySPAMPortal to review any blocked emails. If the email is more than 30 days old it will not be in the portal.

I don’t like the mail filter – it blocks too many messages I need!
The messages you can permit/release in the portal are not blocked, they are simply held. You have full control to release that mail and have 30 days to do so. In almost all cases, false positives are bulk commercial mail. We encourage you to be diligent in permitting domains and senders and the number of false positives you receive will decrease.

If I ignore a held message indefinitely, will it eventually regard it as outright spam? 
No, if you take no action the message will expire in 30 days. 

How long is a message held? 
Messages are held for 30 days and they are unrecoverable.

I have a message that is clearly spam that made it to my inbox. How did that happen? 
That would be an impressive spam message as it got through two of the world’s top spam filters. Report it to UISO by clicking the Cofense trout.

What will happen to my GU Mail (Gmail) Spam folder?
Starting 30 days from Mimecast launch day, all spam will be redirected to Mimecast, and will be accessible through the MySPAMPortal, not to your Google Spam folder.

Report Suspicious Email Using Cofense Reporter

To help combat phishing attacks and better protect your data, you have access to the Cofense Phishing Reporter tool as an add-on to the Georgetown University Google mail interface. The Cofense Reporter add-on (Report Phishing button) appears as a fish icon (Cofense Reporter icon) on the right-hand side toolbar of your Gmail screen.

You’ll see the Cofense Reporter add-on when you log in to your Georgetown Gmail client on your desktop or laptop computer, or when you’re using the Gmail app on your iOS or Android mobile device.

Your report will automatically include such information as email headers that are vital to investigating the email.

To report a suspicious email, just click on the Report Phishing icon. Once you report the email, you’ll be notified that the email has been submitted to the UISO Cyber Incident Response Team and that the email has been moved to your Trash folder.

Reporting a Suspicious Email (Windows and Mac)

  1. Open your Georgetown Gmail by going to apps.georgetown.edu. Open the email you want to report.
  2. Click on the fish icon (Report Phishing button).
    Click on the fish-shaped icon to report suspicious email
  3. Click REPORT from the Cofense Reporter tab.
    Click on the 'REPORT' button from the 'Cofense Reporter' tab

    You should see the following confirmation message that your email has been successfully reported:
    Confirmation message that suspicious email has been reported

Reporting a Suspicious Email (iOS)

  1. Launch Gmail on your iPhone.
  2. Open the email message you wish to report.
  3. Tap the Cofense Reporter (fish) icon to report the suspicious email (phish).
    Tap the Cofense Reporter icon to report the phish
  4. Tap REPORT in the next screen to report the email.
    Tap 'REPORT' to report the suspicious email

Reporting a Suspicious Email (Android)

  1. Launch Gmail on your Android device.
  2. Open the email message you wish to report.
  3. Tap the Cofense Reporter (fish) icon to report the suspicious email (phish).
    Tap the fish-shaped icon to report the email
  4. Tap REPORT in the next screen to report the email.
    Tap 'REPORT' to report the suspicious email