Email Security Gateway

The Email Security Gateway (ESG) monitors for email-based threats and protects the university from cyber-attacks that leverage the ubiquity of email services worldwide.

ESG protects the university from cyber-attacks that use email through the use of multiple layers of filters that each look for different things. As you can see in the graph below, each layer plays an important part in protecting the university. 

Graphic display showing how the university's email protection system blocks 61 million malicious emails per monthHowever, cyber-attacks are sophisticated, and some make it through these safeguards. Learn about common phishing scams and how to protect your email account on Cybersecurity for You (C4U)!


Add the Report Phish button to the main menu in Outlook Web:

I was phished:



Important Email Security Terms and Definitions:

SPF: Sender Policy Framework is the most basic form of email security utilized today. In simple terms, SPF is a list of servers that are allowed to send email as a given domain. This tells receiving servers that if they get an email from a server not on the list, than that email is most likely from a bad actor. SPF is very important when we need an outside partner to send emails on our behalf. 

DKIM: Domain Keys Identified Mail is a way to protect an email as it moves from the sender to the recipient.  It does this by signing the email with a digital key. It creates the key by hashing the email body and then encrypting the hash. When the receiving server gets the email, it decrypts the hash; if it does not match the hash, then the server knows the email has been modified. 

DMARC: Domain-based Message Authentication, Reporting and Conformance relies on SPF and DKIM. DMARC lets the receiving server know what to do if an email that fails SPF and DKIM is received. The most common DMARC setting is "reject", which rejects the mail all together and sends a copy of the email back to the domain owner. 

False Positive: This is when an email gets flagged as spam when it is not really spam. These should be reported by sending the message you got from ESG to

False Negative: This is when a spam, phsihing, or other malicious email gets in that should have been stopped. Please report these by using the Report-Phish button in Outlook

Report Phishing icon in Outlook