Department of Medicine IT

Email Security

Triangle Flagging on External Emails

In an effort to help easily identify email from external sources Department of Medicine IT Services has begun tagging the subject of such messages with a triangle symbol (▲). This symbol can show you at a glance that an email originated from a system outside of the UW or select partner organizations, allowing you to address them with a higher level of scrutiny.

Please keep in mind that you should still exercise your best judgement when addressing emails. This will not flag messages sent from compromised accounts on trusted systems, so continue to exercise caution if you receive a request that is out of the ordinary or otherwise suspicious in any way.

As always, UW business should be conducted using official UW email services. Emails sent from private accounts will be flagged as external.

External Message Flagging FAQ

Q: Who does this affect?
A: This change applies to users with Outpost email accounts. This includes all accounts that end with: @medicine.washington,edu, @cardiology.washington.edu, @cdi.washington.edu, @derm.washington.edu, @kri.washington.edu, @nephrology.washington.edu, @neurosurgery.washington.edu, and @uwmedres.washington.edu.

Q: What is the point of this? I know what messages are from my colleagues and which aren’t.
A: Bringing awareness to external messages helps combat phishing and spoofing attempts. Such attacks in the last few years include credential theft (activate your email account, reset your password, etc.) and gift card scams (where somebody gets duped into purchasing gift cards to help out a colleague needs them with promise of reimbursement  – but they are actually sent to the scammer and no reimbursement is possible). The techniques used by scammers are becoming more sophisticated all the time.

Q: Most of the messages I receive are from external senders. With so many of my messages flagged with triangles, what’s the point?
A: The triangles are meant to help bring awareness to messages that come from external sources to combat phishing and spoofing scams. You should not expect an email from a colleague/supervisor at the UW or UW-trusted organization to be sending from an untrusted or personal account, so a flagged message from them should serve as an initial warning to be suspicious about the message.

Q: The triangle is distracting. Can we use a tag, such as ‘[EXTERNAL]’, that other organizations use instead? What about putting it at the end of the subject?
A: After careful consideration the triangle was chosen because it stands out while also being as short and to the point as possible, only adding two characters (counting a space) to not be obtrusive. Placing the symbol at the end of the subject would detract from the attention it is meant to garner, leading to a drop in efficacy.