Adjustment of rules for spam and quarantine emails

What has been changed

SDU IT has adjusted the rules for when emails end up in spam and quarantine and increased automatic communication about emails in quarantine.

Why it has been changed

The previous setup caused some system-generated emails with suspicious or unknown links to end up in a quarantine area that only security staff at SDU IT could release. Microsoft continuously adjusts security to ensure users are not affected by dangerous emails, but the previous setup unfortunately did not provide users with the desired transparency.

Who/how it affects

The adjustment means that more emails will end up in the quarantine area that users can access and release themselves. Additionally, users are automatically notified, increasing transparency and the ability to detect and release emails. The change also means that some emails that previously went to "junk mail," including bulk emails such as promotional emails or mass-distributed newsletters, will now end up in the quarantine area instead of "junk mail." After releasing an email from quarantine, users can add relevant email addresses/domains they want to receive emails from in the future by right-clicking on the email in the inbox and selecting "block."

Note

Notification emails may be delayed by up to 4 hours, but you can access the quarantine area directly here: https://security.microsoft.com/quarantine. Click "Review" to see the list (it may take some time to load). Note that you can only see emails in the quarantine area for the past 30 days. Emails deemed high risk by the email security system must still be released by a security staff member from SDU IT, but they will appear in the users' quarantine list.

What you need to be aware of

SDU requires a different security level than free email solutions, as the attack surface against SDU is much larger. It is generally estimated that up to half of incoming emails are blocked by email security solutions with the recommended setup for larger organizations like SDU. Therefore, it may be difficult to receive emails from domains that are often misused (e.g., DHL) or that Microsoft deems not to have sufficiently high security, such as against spoofing (sender pretending to be someone else). Therefore, we encourage you not to use your SDU email for private purposes such as signing up for associations and shopping, so you do not experience that emails from these sources are unavailable and SDU security staff do not have to spend time releasing private emails that are false positives.

How can I get help

If you have questions or need help, such as whitelisting an external newsletter, contact Servicedesk.