ITaP adjusts email scanning to make good web addresses less likely to be rewritten

People who have experienced issues with web links in emails that have been rewritten or, in rarer instances, broken by Purdue’s email scanning system should see fewer such cases in the future thanks to adjustments ITaP is making.

The scanning system from Cisco checks links in emails against a real-time security database to make sure they won’t whisk faculty, staff and students to a malicious website when clicked. In the process, Cisco’s system rewrites the web addresses, or URLs. That can make it hard to pick out the actual URL from the often dense Cisco-added characters around it.

Based on months of data collected and analyzed since the system went online, ITaP staff members have been able to establish a range of criteria to better discern safe links from unsafe links and bypass the rewriting process when a link appears secure. This should make for easier-to-read URLs and alleviate some occasional problems with broken links.

Users should still be cautious about clicking links sent in emails, especially unsolicited messages, even if they appear to come from someone you know.

The new scanning system was activated over the summer, aimed at catching more of the malicious and unsolicited bulk email that plagues Purdue and any large institution.

ITaP staff continues to tune the system in response to feedback from Purdue users, for example so that desirable email becomes less likely to be caught by the system’s filters and quarantined, and to resolve other issues causing frustration for some faculty, staff, students and campus units.

Faculty, staff and students can help by checking the Spam Quarantine Notification emails they receive daily from Cisco Quarantine. Remember: Review, release, safelist.

  • If you see a message you want, click on the Release link next to it in the quarantine email. This sends the message to your inbox and also takes you to a web page where you can click Add Sender to Safelist to safelist emails from that sender going forward.
  • You can also add to your safelist by clicking the "your email quarantine" link atop any quarantine message and choosing Options and Safelist from the pull-down menu on the right. In the safelist box, enter the sender’s email address, for example john@purdue.edu or convocations@purdue.edu, and click Add to List.
  • If you safelist purdue.edu, it covers all senders with a purdue.edu address.

Since July 7, the Cisco system has caught 816,000 messages with malicious web links sent to Purdue users. It negated the links and kept users from being directed to malicious websites.

Also during that period, the system has scanned more than 959 million incoming messages aimed at Purdue inboxes and blocked nearly 831 million from untrusted or malicious sources, 57 million bulk emails and more than 5,000 messages carrying computer viruses.

The system has also stopped more than 4.5 million outbound spam messages sent from compromised Purdue accounts, 330,000 such messages with malicious URLs and more than 2,200 messages carrying computer viruses.

Writer: Greg Kline, communications manager, Information Technology at Purdue (ITaP), 765-494-8167, gkline@purdue.edu.

Last updated: December 7, 2017