Tagging External Email

Computing and Information Technology (C&IT) is instituting a standard IT security practice: tagging email messages that are received from outside the organization.

Beginning September 9, 2020, email originating from outside Wayne State or its affiliates will have the [EXTERNAL] banner inserted in the body of the message. Outlook users will also see a reminder to be cautious with links and attachments: 

Why an email gets tagged as external

Over 60% of all incoming email messages to Wayne State are spam or phishing messages. C&IT manages multiple system filters that capture and delete the majority of these dangerous messages. As our efforts evolve, so do those of the attackersand unfortunately, sometimes they find a way in. 

The external tag is not an indicator that a message is a scam or malicious. It simply adds an extra visual reminder to consider the authenticity of every message, including any attachments or links, before responding.

What to do if you receive an email message tagged as external

• Is it from a sender you know? Were you expecting the email? Verify with the sender via telephone or another channel of communication if you are uncertain
• Does the message make sense? Does it threaten you with immediate loss of account access? Legitimate messages never ask you to email your password.
• Does the link look familiar? Even if it does, use your mouse to hover over the link to confirm that it is legitimate, or manually type the address into your web browser.
• Tip: the [EXTERNAL] tag can be used to build filters in Outlook. 

Are there any exceptions?

• Messages from university-contracted vendors which are branded as coming from Wayne State will not be tagged. 
• WSU employees can contact the C&IT Help Desk to request exceptions for vendors. C&IT will review and respond in a timely manner.
• There are no exceptions for personal email accounts: AOL, Comcast, Gmail, Yahoo, etc.