Decluttering Your GatorMail Inbox

GatorMail is the University of Florida’s free email and collaboration tool available to faculty, students, and staff. GatorMail is the most secure, convenient way to send and receive emails while you’re a part of the UF community.

Although UF’s Information Security Office employs advanced technologies that block hundreds of millions of malicious external emails each year, some spam, junk, and phishing emails still can make their way into your inbox. It can be more challenging to filter out phishing emails, especially spear phishing messages tailored specifically to the recipient. If you ever receive a suspected phishing email in your GatorMail, report it directly to UF’s Information Security Office by using the Phish Alert Button.

GatorMail’s junk settings can help keep your inbox virtually free of unsolicited messages. Did you know you can report junk, block specific senders and domains, and add filters to your GatorMail? Microsoft Outlook also offers the Clean Up Conversation tool to reduce the number of redundant messages in your inbox. To help prevent spam, it’s not recommended to use your UF email address for third-party accounts and listservs.

Visit https://www.mail.ufl.edu/managing-email/securing-gatormail/ to review UFIT’s email safety tips, including steps to report spam and GatorMail’s email security policies. And, if you need any assistance setting up a GatorMail inbox rule, just stop by the UFIT Help Desk at 132 Hub, across from the Starbucks.

Refreshing Your Account Security

UF Information Technology (UFIT) recommends evaluating the security of all of your online accounts. Strengthening your passwords for important accounts such as personal email, online banking access, and social media can protect you from some of the most damaging hacks. 

It is extremely important to use a different password on each site, so hackers can’t use passwords stolen from one account to break into your other accounts. One strategy recommended by security professionals is to use a “passphrase” made up of four or more random, unrelated words. Surprisingly, this is a stronger password than one made up of random letters and characters and is much easier to remember!  UF requires strong passwords for GatorLink account credentials. A common misconception about your GatorLink credentials is that you can’t use words found in a standard American dictionary as your password. But if your password is longer than 18 characters, then words are allowed. So, the next time you update your UF credentials, consider using a passphrase.

UFIT also recommends setting up multi-factor authentication (MFA) on your non-UF critical accounts. MFA solutions for external applications work like how Duo Mobile works at UF: your mobile device generates a one-time access code that you enter to access the account. By configuring MFA on your accounts and using the ‘Authenticator App’ option when doing so, you add an extra layer of security even if hackers compromise your password. All mobile devices can store MFA codes in the same Duo Mobile app you already use for UF. Alternatively, Apple devices can store those MFA codes in iCloud Keychain, where they will sync and autofill across your personal devices (including Windows via the iCloud application).

Beyond MFA, some companies now offer support for passkeys. A passkey uses an on-device verification mechanism, such as Face ID or a screen lock passcode, to verify your identity and allow access to an online account. Passkeys by design are more secure than passwords and provide protection against phishing, because they don’t require you to remember anything! Check out this demo to discover how passkeys work and visit the Passkey Directory for a list of websites that support passkeys today. 

Taking steps to secure your accounts is an investment in protecting your identity, money, and online image and reputation. For more information on creating secure passwords: https://security.ufl.edu/learn-security/passwords/ 

Connecting Students with Tech Resources

UF Information Technology (UFIT) hosted its annual Tech Fair on Wednesday, Feb. 28. Tech Fair allows students to explore various free campus tech resources and services available, regardless of major. Among the resources for students to discover this year were AI tools for building e-portfolios, AI prompts for effective studying, and the Career Connections Center’s AI resume-reviewing tool, Quinncia.

Camila Diaz-Borges, a classical studies freshman, said she left Tech Fair with a deeper understanding of the AI certificate offered to UF students after speaking with Career Connections Center staff.

“I think I might apply for the AI certificate now that I know more about it,” Diaz-Borges said.

Students explored equipment available to check out from the George A. Smathers Libraries and how to make the most of their free, UFIT-provided LinkedIn Learning subscription. Students also had a chance to learn what IT training is offered by UFIT and Help Desk staff were also providing on-site IT assistance.

Rachael Yacuzzo, a junior history and women’s studies double major, stopped by the ONE.UF booth, where students were encouraged to share what improvements should be made to the mobile app.

“Something that I found really troublesome with the app was that I could never [open] my degree audit on it, so I’m glad they asked for feedback,” Yacuzzo said.

Computer science graduate student Nicholas Sily and general business freshman Jenna Vell said the range of equipment available to rent from Smathers Libraries caught their interest.

“I’m really impressed with the video-filming equipment that students can check out from the libraries,” Sily said.

“We’re learning about 3-D printing in class, so it’s great to know we have 3-D printing services right here in Marston,” Vell said.

This year’s event tracked 523 student interactions. For any questions about the 2024 Tech Fair, email UFIT Communications at it-comm@ufl.edu.

The Institutional Impacts of a Cyberattack

Higher education is facing an exponentially growing threat: Cyberattacks. Check Point Software reports educational institutions experienced an average of 2,507 cyberattack attempts per institution per week in the first three months of 2023 alone! Universities and colleges are at a high risk of suffering a data breach or a ransomware attack because the amount and types of data created and stored is extremely valuable to cybercriminals–data like student records, banking information, protected health information, and research data. Restricted data falling into the wrong hands can be devastating for UF, its constituents, to university business partnerships, and for funding from federal and state agencies. The welfare of the campus community and even our recruitment capabilities are all on the line.

Information security is our shared responsibility! Faculty, students, and staff must all be aware of what’s at stake, and do their part to help protect UF from cyberattacks. According to a 2023 IBM Security report, data breaches initiated through compromised credentials (such as GatorLink login information) take the longest for institutions to resolve and can be incredibly costly. Help prevent data breaches by practicing caution when opening any email received in your GatorMail marked [EXTERNAL EMAIL]. These emails come from outside the UF organization and could potentially be phishing attempts. Pay close attention to any email requesting your GatorLink login or other personally identifiable information, and report suspicious messages directly to UFIT with the phish alert report button in the top right corner of your GatorMail.

UFIT’s Information Security Office’s website has recently refreshed its online presence with new resources. Take some time to visit https://security.ufl.edu/protect-yourself/social-engineering/ and learn about different types of cyberattacks and some best practices for protecting yourself…and UF.

Use of Mass Email Platforms Changing

Sending bulk emails through third-party email marketing platforms (e.g., Mailchimp, Constant Contact, Brevo) will require UF departments to act before February 1, 2024.

Google and Yahoo recently announced new email authentication and spam-prevention policies.  Beginning February 1, 2024, both email providers will begin blocking and aggressively filtering incoming email traffic that doesn’t meet domain authentication and procedural requirements.

What does this mean for UF?

Many UF administrative divisions, colleges, and units use third-party apps to keep stakeholders informed. This is often done with a visually attractive newsletter or e-Card format. Third-party apps are also used to send bulk emails for surveys, ticket sales and event announcements, and appointment reminders.  Any unit using an email marketing program to send mass marketing emails to the UF community or to externally-focused stakeholders need to refer to the vendor’s documentation on domain authentication (or DKIM) and work with UFIT to complete the domain authentication process prior to Feb. 1.  The steps required to comply with Google’s and Yahoo’s new policies on domain authentication vary by the bulk-mail application used.

If you are using an app (such as Constant Contact or a Microsoft Mail-Merge plug-in) where you type in a personal or a college/department.ufl.edu, address as the From” address, then you will need to verify that domain authentication is in place to meet Google’s and Yahoo’s new requirements.  Otherwise, intended recipients whose emails end with gmail.com, googlemail.com, or yahoo.com may not receive what you send. Again, refer to the vendor’s documentation on domain authentication (or DKIM) and work with UFIT to complete the domain authentication process before you begin creating that next issue of your newsletter or developing a new survey. For additional assistance in clarifying steps about bulk email, submit a myIT ticket to the Help Desk and UFIT will provide expert consultation.

Please refer to the Google and Yahoo announcements for detailed technical information about authentication requirements. While acknowledging that bulk mail applications are popular because they enable staff to design and deploy visually beautiful emails, issues about deploying mass emails within the university community can easily be overcome by creating a UF listserv. Visit https://lists.ufl.edu/ and use the “Request creation of a new mailing list” link to create a new list. It is also recommended that applications used to create content and store UF email addresses be pre-approved for use. Faculty and staff can check what mass mailing applications are approved for university use on the Fast Path Solutions website.

Phishing vs. Spam

Most of us receive phishing and spam email daily. Phishing emails are intentionally deceptive and designed to scam personal information by impersonating known organizations, people, or companies. Spam emails are unsolicited junk emails that contain commercial or sometimes misleading information and are sent frequently, even from legitimate company or organizational email addresses.

Unlike emails sent legitimately from companies or organizations, phishing attempts often begin with impersonal greetings, such as “Dear Client,” instead of addressing you by name. They also frequently contain grammar or spelling errors and urge you to click on a malware-infected link. Always hover your mouse over a link to see if it leads to the intended site or use the URL Decoder on mail.ufl.edu. Spam emails don’t have as many defining characteristics, but they are usually advertisements sent frequently to alert recipients of sales, or that urge you to do something, like completing a survey or visiting a website.

You should always report phishing emails received in your UF GatorMail email. Also, you may be able to cut down on the amount of spam you receive by unsubscribing from company and organizational marketing emails. Students, faculty, and staff can use the Phish Alert Button in their GatorMail to report phishing attempts. For spam emails, unsubscribe from all of the sender’s communications by looking for an “Unsubscribe” link at the bottom of the email (usually in small text) of each spam message received.

Learn more about email safety: https://security.ufl.edu/resources/email-safety/.


Email Encryption Options in GatorMail

GatorMail’s security features like the phish alert button, spam folder, and email encryption help protect users from cyberthreats and provide a secure email experience. GatorMail email encryption is a proactive way to require authentication, protecting sensitive or restricted information from being seen by unauthorized viewers. Note that encryption options are only available for UF community members who have the Outlook desktop app or its web client version run from a computer. Neither Outlook’s mobile client or the web version when being used on a mobile device offer the encryption options.

GatorMail offers four encryption options:
Encrypt Only: Encrypts email contents and may require authentication to read
Do Not Forward: Prevents recipients from forwarding the email
UF Confidential: Allows recipients to modify content but blocks copy/print privileges
UF Confidential – View Only: Read-only permission for the recipients

UFIT has screen captures showing step-by-step visuals for encrypting emails. Encrypting an email means its contents are only readable by the person you sent it to, and cannot be intercepted. Faculty and staff who would like assistance with GatorMail are welcome to call (352-392-HELP/4357), email, or visit (132 Hub) the UFIT Help Desk.

Updated Info Security Training for 2023

Just in time for the new academic year! UF’s Information Security Office has updated its mandatory annual training. Faculty and staff will receive an email reminder on their one-year anniversary of their previous training completion date, but can take the training any time. There are six modules in the training and they take approximately 35-45 minutes to complete. Visit this page to take the training.

The number one cause for compromised GatorLink accounts is when a student, faculty, or staff member opens and responds to a phishing email.

Students can take the phishing module that’s part of the full training. The stand-alone phishing module is a great way to become better informed about how cyber-criminals operate. Now that you’ll be interacting with campus departments and faculty (who cyber-criminals will try to impersonate), students are strongly encouraged to learn how phishing works. Students can find the link to the phishing module training in the ONE.UF menu. The 15-20 minutes you invest in taking the phishing training can pay off in a big way when you learn how to spot and report malicious emails, instead of opening one and inadvertently bringing on a world of hurt on yourself…and potentially your university.

Changes Coming to GatorMail – Nov. 1

On November 1, changes will be made to improve the security of UF GatorMail. UFIT will implement Microsoft 365 features into email, including how faculty and staff manage spam. With these updates, for the first time students can use a spam filter with their UF email. The bullets listed below detail the changes included in this effort. More information on how to work with the new quarantine, spam, and the block/allow features are on the GatorMail website.

Starting November 1, spam quarantine notification emails will come from quarantine@messaging.microsoft.com, rather than proofpoint-pps@ufl.edu
The web portal URL for managing quarantine emails is located at https://security.microsoft.com/quarantine
The Microsoft spam filter can be used to manage the blocking and allowing of senders through options in Outlook. Everything is all in one application, instead of a separate service

For more information, please visit the GatorMail how to check for spam webpage. Your local IT support can also assist you, as well as the UF Computing Help Desk (352-392-HELP/4357, helpdesk@ufl.edu).