Proofpoint

There are a number of factors that Proofpoint uses to determine the legitimacy of a message. If Proofpoint determines that a message may be spam, it adds SPAM to the subject header, with additional text based on its confidence level.

• Over 50% spam confidence
  • Subject header added: [SPAM?:*****]
  • Additional asterisks for every additional 10% spam confidence (ie. [SPAM?:*******] for 70% confidence)
• 100% spam confidence
  • Subject header added: [SPAM – DEFINITE]
• Messages identified as “low priority” (e.g. bulk mail, marketing lists) but not spam will have a new header added:
  • X-Proofpoint-Tag: lowpriority
• All messages will have an X-Proofpoint-Spam-Details header which will provide the details of the message’s scoring and the most relevant rule that has matched.

There may be some short mail delays (3-4 minutes) for incoming messages with attachments.

These potential delay are caused by a security feature called Attachment Defense. Attachments are run in a sandbox virtual machine to check for behaviors identified with malware (unidentified worms, crypto-lockers, etc.). The timeout for Attachment Defense is set to 15 minutes.

Spam is unsolicited email that often attempts to sell a product or service. Typically, spam is addressed to a vast number of people in hopes that casting a wide enough net will increase the likelihood of getting a response.

Phishing is a specific type of spam that attempts to trick you into giving away your personal information, whether it’s your UVM credentials, your credit card information, or even your Social Security Number.

Phishing attempts are often threatening and time sensitive — “Respond by tomorrow or we will delete your account!” Phishing attempts may appear to come from UVM or some well known company and often include a mix of real and fake email addresses and web links (URLs).

The University of Vermont is invested in maintaining the security of your account and protecting your private information while also ensuring these services don’t dissuade collaboration and aren’t overly restrictive. As such, we rely on our users to practice safe computing and be cautious and critical.

It’s important to always be wary of any emails you receive. Even if you receive an email from a friend, colleague, or family member, it’s possible this person’s email credentials have been compromised.

There are several cues that help in determining the legitimacy of an email.

1. The email is not personalized
   • The email isn’t sent directly to you, and your name is not used in the body of the message
   • The message was sent to a list of individuals with whom you are unfamiliar
   • The recipients of this message are hidden
2. The subject line is intended to shock, but doesn’t describe the content of the message
3. The content of the email is awkwardly written and/or contains spelling and grammatical errors
4. The email is urgently requesting personal financial information
5. When you hover over any links in the message for a few seconds, the link doesn’t match where the sender said the link would go, or the link doesn’t go to a UVM site

When any of these cues appear in an email concerning your UVM account, you shouldn’t respond or click any links in the email, and you should delete the email.

For more detailed information, see Managing Online Safety: Phishing and Spam. If after checking for these cues you are still unsure if the email is legitimate, you can contact the UVM Tech Team for assistance.

1. Change your NetID Password at https://account.uvm.edu as soon as possible.
2. It’s possible UVM’s Identity and Account Management department will catch that your account has been compromised. If so, your account will be locked to protect your information and privacy, and the University’s privacy as a whole. To remove this lock, you will need to contact Identity and Account Management.
3. Though not always necessary, you may also want to change your password for various non-UVM services (personal bank, other email accounts).
4. If you replied to a phishing email, you may also want to remove the email address from your outlook cache. To do this in Outlook or mail.uvm.edu:
   • Start by composing a new email message.
   • Begin typing the name of the address/individual you’d like to remove from the cache. The desired name/address will display in the auto-complete window.
     
   • When you’ve found the contact you’d like to remove, hover your mouse pointer over the contact and then click on the X to remove it.

A false positive most broadly refers to mail that was tagged as spam, but should not have been.

To report a false positive, please forward the message’s full mail headers to not-spam@uvm.edu.

A false negative refers to mail that was not tagged by Proofpoint, but should have been. This typically includes spam, unsolicited email, generic scams, or other annoyances.

To report a false negative, please forward the message’s full mail headers to is-spam@uvm.edu.

If you receive mail that appears to be malicious, but was not tagged by Proofpoint, you may forward full mail headers to abuse@uvm.edu.

This typically includes:

1. Phishing attacks targeted at UVM users
2. Signs of a compromised account (e.g. spam coming from a uvm.edu address)
3. Terms of Service violations
4. Malware that ends up in your inbox

You may also contact the UVM Tech Team who may work with our Systems Administrators to address this issue.