EMAIL DELIVERY & SECURITY FAQ

EMAIL TAGGING INFORMATION

Email received from senders outside the University will be tagged with notifications in the subject line of the email:

Email Tag Information
[EXTERNAL]

Applied to all email received that originates from outside of The University of North Carolina at Charlotte

The university uses some 3rd party vendors to send emails - these emails may also be tagged as [EXTERNAL]
[SUSPICIOUS]
  • Applied to any email that does not pass security verifications
  • Email marked as [SUSPICIOUS] will be delivered to Spam folder
  • Security verifications include:
    • Failed DKIM Authentication (failure to validate)
    • SPF Verification Failures (lack of SPF configuration, or SPF check failure)
    • Possible Sender Spoofing Detected

Email from valid senders and business partners could be marked as suspicious if not configured to send in a way that meets our security requirements.

If the message is from a trusted University vendor partner (sent on behalf of the University), OneIT Security Services can review - submit a ticket

EMAIL DELIVERY INFORMATION

Before taking any additional actions when not receiving emails, first check your Spam folder.

You may hear from colleagues about emails that were sent, but not received by you.  The following table lists some reasons why a message may not be delivered.

  Scenario Reason for Tag/Block Action for Sender
1 Email contains a URL (website link) The University safeguards against malicious / suspicious URLs in email (email will be blocked) If legitimate email, request sender remove URLs from message and resend
2 Email contains an attachment

The University safeguards against malicious / suspicious attachments in email (the following attachment types will be dropped from the email and replaced with a message to the recipient)

  • Executable files (.exe, java, .mrc, .msi, .tif, .sis)

If legitimate file sharing email, have sender share via a file sharing platform (Google Drive or Dropbox)
3 Mass email sent from vendor The University requires all email meet standard email authentication practices (tagged as [SUSPICIOUS] and delivered to Spam folder)
  • If message is from a trusted University vendor partner (sending on behalf of the University), OneIT Security Services can review - submit a ticket
  • If message is from an external sender not affiliated with the University, the sender would need to establish standard email authentication practices
    • There is nothing the recipient can do to fix the problem except to notify the sender of the University's encryption requirements. The recipient can refer the sender to the information found at the What is DKIM FAQ or What is DMARC FAQ - the sender needs to fix their email sending practices
4 Email sent from private domain The University requires all email meet standard email authentication practices (tagged as [SUSPICIOUS] and delivered to Spam folder) See above Action for Sender
5 Email is encrypted No action taken

Encrypted email will be delivered to recipients mailbox, however, you should be cautious when opening encrypted emails from senders you do not know

If you find a legitimate message in Spam, you can create a filter for future emails to be delivered to your Inbox.

As a recipient, there may be nothing you can do to solve these issue other than to relay the problem that was encountered to the sender of the email.  Additionally, OneIT will not be able to resolve delivery issues other than those originating from our domains (@uncc.edu & @charlotte.edu).

Print Article