Skip to main content

Performance Issue: Fraud cautions by Office 365 for some types of valid messages

Last Updated:
2018-01-08 11:13:19
Event:
2018-01-02 08:00:00
Status:
Open
Brief Description:
Some emails from Remedy, and potentially other Cornell services, sent to accounts in Cornell Office 365 were being marked by Microsoft with a caution they might be fraudulent. At this time, all Remedy emails should arrive without the warning.
User Impact:
A warning that an email from a Cornell vendor might be fraudulent when it is actually genuine.
Workaround:
There is no workaround for this issue
Current Status:
All cases where valid Cornell email was being flagged by Microsoft as potentially fraudulent have been addressed. Because this issue can affect any IT service unknown to Cornell’s Office 365, managers of new IT services that send email from outside Cornell, but using an "@ cornell.edu" email address, should contact the IT Service Desk to make sure that there are no problems with delivering their email.
Services Affected:
Email and Calendar
Subsites Affected:
Remedy
Full Description:
Some emails from Remedy, and potentially other Cornell services, sent to accounts in Cornell Office 365 were being marked by Microsoft with a caution they might be fraudulent. At this time, all Remedy emails should arrive without the warning. Managers of other IT services who are having the warning applied to email from their service should contact the IT Service Desk to start the process of having it removed.

The issue is related to a type of fraud detection used by email service providers like Microsoft and Google. The service providers are trying to prevent people from being tricked by criminals who set up their email to look as if it’s coming from someplace valid. The system compares if the place an email claims to be from, and where it’s actually sent from, match. In addition to putting a warning on genuinely fake emails, this protection can sometimes indicate a valid email as potentially fraudulent if that email is sent from outside Cornell and says it’s from an address “@ cornell.edu.”

This issue was previously addressed in another alert, https://itservicealerts.hosting.cornell.edu/view/5049 . That alert was closed in error when it was thought that the problem was fixed and narrower in scope than it was. This alert superseded it to encompass the broader scope and acknowledge the problem was ongoing.



Timeline of Changes

Description Current Status Date Time
Some emails from Remedy, and potentially other Cornell services, sent to accounts in Cornell Office 365 were being marked by Microsoft with a caution they might be fraudulent. At this time, all Remedy emails should arrive without the warning. Managers of other IT services who are having the warning applied to email from their service should contact the IT Service Desk to start the process of having it removed. The issue is related to a type of fraud detection used by email service providers like Microsoft and Google. The service providers are trying to prevent people from being tricked by criminals who set up their email to look as if it’s coming from someplace valid. The system compares if the place an email claims to be from, and where it’s actually sent from, match. In addition to putting a warning on genuinely fake emails, this protection can sometimes indicate a valid email as potentially fraudulent if that email is sent from outside Cornell and says it’s from an address “@ cornell.edu.” This issue was previously addressed in another alert, https://itservicealerts.hosting.cornell.edu/view/5049 . That alert was closed in error when it was thought that the problem was fixed and narrower in scope than it was. This alert superseded it to encompass the broader scope and acknowledge the problem was ongoing. All cases where valid Cornell email was being flagged by Microsoft as potentially fraudulent have been addressed. Because this issue can affect any IT service unknown to Cornell’s Office 365, managers of new IT services that send email from outside Cornell, but using an "@ cornell.edu" email address, should contact the IT Service Desk to make sure that there are no problems with delivering their email. 2018-01-05 08:55:31
Some emails from Remedy, and potentially other Cornell services, sent to accounts in Cornell Office 365 were being marked by Microsoft with a caution they might be fraudulent. At this time, all Remedy emails should arrive without the warning. Managers of other IT services who are having the warning applied to email from their service should contact the IT Service Desk to start the process of having it removed. The issue is related to a type of fraud detection used by email service providers like Microsoft and Google. The service providers are trying to prevent people from being tricked by criminals who set up their email to look as if it’s coming from someplace valid. The system compares if the place an email claims to be from, and where it’s actually sent from, match. In addition to putting a warning on genuinely fake emails, this protection can sometimes indicate a valid email as potentially fraudulent if that email is sent from outside Cornell and says it’s from an address “@ cornell.edu.” This issue was previously addressed in another alert, https://itservicealerts.hosting.cornell.edu/view/5049 . That alert was closed in error when it was thought that the problem was fixed and narrower in scope than it was. This alert superseded it to encompass the broader scope and acknowledge the problem was ongoing. All Remedy email should be getting delivered without the caution at this time. Cornell staff are working with vendors or managers of other services to make changes to address the issue. Managers of affected IT services should contact the IT Service Desk to start the process of having the cautions removed from the email their service sends. 2018-01-04 10:54:20
Some emails from Remedy, and potentially other Cornell services, that are sent to accounts in Cornell Office 365 are being marked by Microsoft with a caution that they might be fraudulent. The issue is related to a type of fraud detection used by email service providers like Microsoft and Google. The service providers are trying to prevent people from being tricked by criminals who set up their email to look as if it’s coming from someplace valid. The system compares if the place an email claims to be from, and where it’s actually sent from, match. In addition to putting a warning on genuinely fake emails, this protection can sometimes indicate a valid email as potentially fraudulent if that email is sent from outside Cornell and says it’s from an address “@ cornell.edu.” Cornell staff are working with vendors or managers of the services to make changes to address the issue. A portion of this issue was addressed yesterday (Tuesday, January 2, 2018), but the problem is still affecting similar emails. 2018-01-03 14:11:47