Email Hygiene
The Email Hygiene Project is part of 黑料社区's initiative to improve email security, reduce spam and phishing threats, and enhance the overall safety of digital communications across campus.
We conducted a side-by-side comparison of various email hygiene tools to identify the solution that best meets our campus needs. During this evaluation, the tools operated in detection mode, meaning no emails were blocked. The Information Security Office assessed which tool most effectively detected malicious emails that currently bypass Google's filters, along with other criteria such as performance, false-positive rates, and user experience.
After a thorough evaluation, we have selected our email hygiene solution because it aligns well with our campus requirements. This decision will strengthen our defenses against malicious email threats while simultaneously improving overall email performance, incident response, and troubleshooting processes. You should not notice any changes to how email is delivered.
Frequently Asked Questions
What is the Email Hygiene Project?
The Email Hygiene Project is a university-wide effort to strengthen email security by implementing advanced filtering technologies.
Why is this project important?
Email remains one of the most common vectors for cyberattacks. By improving email hygiene, we reduce the risk of phishing, malware, and data breaches, helping protect personal and institutional information.
What changes should I expect?
In general, you shouldn't notice any changes in how emails are delivered, aside from a reduction in suspicious emails. However, some malicious emails may evade initial detection, leading to a delay in their removal. As a result, you might find that an email has ‘disappeared’ from your inbox. Please continue to report any suspicious emails you encounter.
Will legitimate emails be blocked or quarantined?
It is highly unlikely, but not impossible, for a legitimate email to be mistakenly flagged as suspicious and removed from your inbox. If you believe this has happened, please report it to the Computing Services Help Center at it-help@cmu.edu or by calling 412-268-4357 (HELP).
Does this protect all of my email addresses?
This tool currently protects email addresses provided through Carnegie Mellon’s central Google Workspace, including @andrew.cmu.edu, @cmu.edu, @cs.cmu.edu, and @ece.cmu.edu.
Should I continue to report suspicious email?
If you encounter any questionable emails—such as those with urgent subject lines, misspellings, or unfamiliar email addresses—please continue to report these using the "three dot" menu (upper right) of the message > Report Phishing (Gmail) OR by forwarding the email to report-phish@andrew.cmu.edu.
How can I learn more about email safety and phishing awareness?
The Information Security Office offers training and resources on email safety. Visit the Secure Computing section of the Computing pages for guides, videos, and awareness materials.
Can I opt out?
You are not able to opt out.
What if I deal with sensitive data in my email?
Email and email hygiene providers have completed due diligence and established contractual agreements to protect Carnegie Mellon’s data in line with our standards and relevant laws and regulations. However, we recommend against storing restricted or sensitive information in your email account for long-term use. Threat actors who successfully compromise Andrew accounts often access email to find banking information, delete security alert messages, and retrieve other content for malicious purposes. For long term sharing and storage, consider using services like Google Drive and Box.