External Email Banner Project

Information Technology Services (ITS) has introduced external email notification banners for UTmail+ (Microsoft 365) for all faculty, staff and students. This banner will help to protect U of T from hackers and phishing attempts, and will also protect valuable information.  

Phishing emails often ask recipients to click on links or open attachments, and frequently appear to come from internal senders. This warning banner appears on all emails originating from outside U of T systems and will serve as a reminder to treat external emails with caution. Messages from legitimate U of T senders will not display the banner. 

Beginning in March 2020, ITS consulted extensively across all three campuses and piloted the banner with close to 1,000 users and made adjustments based on that feedback.

We have evaluated the concerns raised regarding the impact of the banner on the general quality of communications with known external colleagues and the limited email preview pane. To alleviate these concerns, we have significantly shortened the banner and associated text.  The revised banner will be rolled out to the university beginning November 19, 2020.   

Here are some FAQs to address further preview issues.

This is how the banner will appear at the top of your email on Thursday, November 19, 2020: 

External Email banner that will appear at the top of emails

Exemption requests can be submitted for specific email sources but not for individual recipients. If you are using on-premises relays or legitimate third-party SaaS apps or newsletter bulk mailers that need to be exempt, please submit a ticket via the Enterprise Service Centre using the following link: https://uoft.me/eeber.

Reminders when clicking on links or opening attachments in emails:

  • Ensure that the sender and email domain are legitimate
  • Review the content and consider if the message is typical for the sender
  • Hover over links to review addresses before clicking (or press and hold a link for a preview on a mobile device)
  • Ensure you recognize the sender’s name or department

What to do if you receive a phishing attempt:

Click on “Report Message” in  your email.

Screenshot of how to report a message in Microsoft Outlook