1. Davidson Technology & Innovation
  2. Information Security
  3. Secure Computing

Reviewing Quarantined Emails

In order to protect our community and systems from bad actors, the Davidson College email system quarantines potentially malicious and unwanted messages. Users have the ability to review and request release of their quarantined emails.

Table of Contents

About Email Quarantine
Where Specific Emails are Delivered
Reviewing Email Outside of the Inbox 

Using the Quarantined Email Report
Quarantined Email Report Screen Preview

Using the Quarantined Email Page
Email Message Preview
Email Release Request

Reporting Suspicious Messages in Your Inbox 
Opting Out of Email Quarantine Reports 


About Email Quarantine 

In order to protect our community and systems from bad actors, the Davidson College email system quarantines potentially malicious and unwanted messages according to anti-phish and anti-malware indicators using industry best practices and AI technology.

In order to maintain security against spam, phish and malware while providing transparency about messages that have been flagged by the system, T&I has created a Quarantine Email Report. This service will notify individuals via email when any incoming messages are sent to quarantine due to suspected phish or malware. This notification allows for security measures to be in place to protect Davidson’s systems while also providing users transparency to quarantined messages. Users have the ability to review and request release of quarantined messages.

 

Where Specific Emails are Delivered

All messages are delivered to Davidson through software filters to identify messages that contain hallmarks of known spam, phishing or malware attacks. It is important to note that messages are automatically routed away from a user’s Inbox only when the system detects indicators of spam, phishing or malware. 

  • Messages that Microsoft believes have a high risk of containing phishing or malware are sent to a Quarantine folder which end users cannot directly access. A list of emails quarantined are available through the Quarantine Email Report.

  • Messages that Microsoft believes are user impersonation, domain impersonation or spam—along with phishing, malware and other risky emails detected by Davidson’s advanced supplemental filtering system—are delivered to a user’s Junk folder. Note that these messages are often prepended with conspicuous warning messages regarding the nature of the discovered threat. Please use extreme caution when opening or interacting with any message in your Junk folder unless you are certain that it is legitimate.

  • When members of the Davidson community or our security systems report dangerous email messages, and the messages are manually reviewed by a T&I security analyst and confirmed to be harmful, they may be deleted by T&I staff. These messages do not appear in either the Quarantine Email Report or a user’s Junk folder.

 

Reviewing Email Outside of the Inbox 

Some community members may wish to review their Junk folder or quarantined messages to be certain that desired messages are not missed. Messages that are routed to Junk folders are readily accessible to users in Outlook. Because these messages have indicators of spam, impersonation or other suspicious characteristics, they should be treated with caution.

Quarantined messages may be accessed via the Quarantine Email Report. Users will receive reports in their email account on those weeks when new emails have been quarantined and are ready for review. The email report provides a summary of quarantined emails and the ability to review or request message release from quarantine.

Note that messages sent to quarantine have a high likelihood of containing malware or dangerous links within the email body or attachments. Users should not request the release of, or interact with, messages in quarantine unless the message was expected or from a trusted sender. 

To opt out of these reports, send an email to ti@davidson.edu requesting removal from the ‘Quarantine Notification Group.’  

 

Using the Quarantined Email Report

The Quarantined Email Report will list only messages for that reporting period. It is not cumulative of all messages in quarantine. When accessing the quarantine page, users will have access to all quarantined messages prior to, during, and after the reporting period.


Quarantined Email Report Screen Preview

 

a. Sender displays as Davidson College Information Security

b. Time of report receipt. Use this time to determine report creation time.

c. Report creation time in Coordinated Universal Time (UTC/Greenwich Mean Time).

d. Number of messages quarantined during notification reporting period.

e. Messages are retained in quarantine for 30 days. It is important that the user takes any desired action to review or request release of a message well within the 30 day period.  Note that after a user requests release of a message, the message is reviewed by members of the security team. To ensure access to a message, allow a minimum of 3 business days to ensure ample review time prior to the expiration date of the message.

f. Alternate link to quarantine message page

 

g. Messages are grouped in the report by quarantined reason

h. Summary information (sender, subject, receipt date) is provided for each reported message.

i. Buttons provide access to available actions for each message.

  • Review Message button - provides access to the quarantine page with review information for the specific message that is expanded.
  • Request Release button - initiates a release request for a specific message without accessing the quarantine list page. A pop-up will appear with the message “Spam message was updated.”

Using the Quarantined Email Page

The quarantined items page will appear differently depending upon how you access the page. If the page is accessed from the alternate link (f) mentioned above, the page will appear in list form.

Note that all items currently in quarantine will appear on the list without the individual message detailed information on the right panel. If the page is accessed via the Review Message button, the page appears with the detailed information for the message already expanded on the right panel. In the list view, without the right panel expanded, request release and preview options for message(s) will appear above the list once a selection is made.  

The following information is provided in the quarantine list for each message that may aid in your determination of the need to preview or request release:

  • Message summary information (time received, subject, sender)
  • Quarantine reason & policy type
  • Release status (Needs Review, Released, Release Requested)
  • Expiration date (Messages not released will not be available after this date. Be sure to review messages and request release well in advance of this date.)

Message Preview

To preview the message when the right panel is expanded, select the preview message icon in the top right of the panel.  If the preview message icon is not visible, select the 3 dot menu to access it.

Alternatively, select the message in the list view and choose the preview message icon at the top of the list. For either method, a preview of the entire message will appear in the right panel. Note that attachments are not visible or available while in message preview. URLs are visible in message preview, but are not accessible. 

 

Email Release Request

Messages can be requested for release in two ways. When viewing details about a specific message in the right side panel, choose Request Release in the top left-hand side of the right-side panel to make the request for that individual message.

Alternatively, messages can be requested for release from the quarantine list by selecting the message(s) and choosing the Request Release icon at the top of the list.

In both scenarios, users must confirm the request by selecting Request release in the bottom left of the right side panel. Note that the message will be reviewed by a member of the security team once the request has been sent. Be sure to consider review time prior to the 30 day expiration date.

 

Reporting Suspicious Messages in Your Inbox 

The Davidson community also contributes to our shared cyber security by reporting suspicious messages to our technology security team via the Phish Alert Button or by forwarding suspicious messages to ti@davidson.edu. Messages that are reported by the community are investigated by members of the Information Security team to evaluate the legitimacy of the email.  

 

Opting Out of Email Quarantine Reports 

To opt out of the Weekly Email Quarantine Reports, send an email to ti@davidson.edu and request removal from the Quarantine Notification Group.  

Request Help