It is often difficult to ascertain exactly why an email has been captured by VUmailguard. In some sense, this is intentional. Email protection is an ever-increasing arms race with malicious actors crafting innovative ways to defeat filters and email filter makers constantly crafting new, creative detection methods. Quarantined messages typically match one or more of following five categories (as defined by the Microsoft Corporation):
- Policy – mail quarantined because it matched a policy set by a mail flow rule
- Bulk – mail identified as bulk mail
- Phish – mail identified as a phishing attempt
- Malware – mail containing malware
- Spam – mail identified as spam
Unusual sender behavior commonly increases the likelihood it will be categorized as spam:
- Sender does not send from an authorized server (a.k.a., domain is spoofed)
- Embedded images linked to remote sites
- Numeric IP addresses in URLs
- URLs contain redirects to non-web ports
- URLs are to non-legacy top-level domains like ".biz" or ".info"
The link in your quarantine digest email will attempt to do two things:
- Release the relevant email to your Inbox and
- Add the sender address to your mailbox Safe Senders List.
Unfortunately, the quarantine service cannot add to your Safe Senders List if your mailbox is not in Exchange Online. Until your mailbox is migrated, we recommend you follow these instructions to populate your Safe Senders List: How to add recipients of my email messages to the Safe Senders List.
Quarantine digest messages are dispatched every 24 hours. Users will only receive a digest email message if they have received new messages captured by quarantine in the preceding 24 hours.
The spam notification digest is a friendly reminder of the previous 24-hours of quarantine activities. Messages held in quarantine can be accessed at any time by visiting the Office 365 Security & Compliance Quarantine website. Connecting requires the primary email address (firstname.lastname@example.org) and password to your active Vanderbilt account.
NOTE: Vanderbilt University alumni do not have active Vanderbilt accounts and should contact VUIT TechHub for assistance in releasing messages in quarantine.
To find out more about the inner workings of Microsoft Office 365's EOP, please click the following link: Exchange Online Protection overview