Body
Questions
- How does Microsoft 365 protect my Bowdoin email from phishing and malware?
- Why are some emails going to my Junk folder automatically?
- What is Safe Links and why does it rewrite URLs in my emails?
- What happens when a malicious attachment is detected and removed from an email?
- What do I do if a legitimate email or attachment was blocked?
- What is Exchange Online Protection (EOP)?
- What is Microsoft Defender for Office 365?
Environment
This article applies to all Bowdoin faculty, staff, and students with a bowdoin.edu email address. Microsoft 365 email protection applies to all incoming email automatically — no configuration is required by users.
Resolution
Microsoft 365 provides Bowdoin with two layers of email protection that work together automatically to protect against phishing, malware, spam, and suspicious links.
Layer 1: Exchange Online Protection (EOP)
EOP is the primary filter that scans all incoming email from outside Bowdoin before it reaches your mailbox. Here is what it does with different types of messages:
- Bulk email: Delivered to your Junk Email folder.
- Spam or phishing: Delivered to your Junk Email folder.
- Known malware in an attachment: The attachment is removed and replaced with a file called Malware Alert Text.txt. The email body is delivered intact.
- Suspicious links or attachments: Passed to Microsoft Defender for Office 365 for deeper analysis.
Layer 2: Microsoft Defender for Office 365
Defender for Office 365 provides a second level of protection against the most sophisticated and emerging threats. It includes two main features:
Safe Links
Safe Links scans every URL in incoming emails in real time at the moment you click the link. URLs from non-Bowdoin senders are rewritten so they pass through Microsoft's scanning infrastructure before taking you to the destination.
If you hover over a link in an email, you may notice the URL has been rewritten and begins with a Microsoft safety scanning address. The original destination URL is still visible within that rewritten link.
When you click a Safe Links URL, one of three things will happen:
- Normal: You are taken directly to the intended webpage.
- Scanning in progress: You briefly see a yellow message indicating the link is still being analyzed. Once scanning completes, clicking again will take you to the page.
- Malicious link blocked: You see a red warning page indicating the link has been identified as malicious and access has been blocked.
Safe Attachments
Suspicious attachments are automatically analyzed in an isolated environment before being delivered. If the attachment is safe, it is delivered normally. If malware is detected, the attachment is removed and replaced with a file called Malware Alert Text.txt.
The Malware Alert Text.txt file is safe to open. It contains information about the malware that was found in the original attachment.
Received a Malware Alert Text.txt file? You do not need to report it. The malicious attachment was already detected, removed, and logged by IT. The email itself is safe to read.
What do I need to do?
Nothing. Both EOP and Defender for Office 365 work automatically in the background without any action from you. If you believe a legitimate email or attachment was incorrectly blocked, contact the Service Desk.
Additional Help
If you need further assistance, you have several options:
- Bowdoin Bot: Chat with Bowdoin Bot directly from any KB page for instant answers.
- Phone: Call the Bowdoin College Service Desk at (207) 725-3030.
- In person: Visit the Tech Hub in Smith Union during business hours.
- Submit a ticket: Request assistance through the Service Catalog.