A large portion of email sent globally is junk. By now we all know this and that junk email (much like physical junk mail) will likely never go away completely. Also, there is a significant enough overlap between what is junk and what is outright malicious that we can reasonably lump these two large – and largely useless – categories of email together.
Enter: your junk inbox. This special place for suspicious email could be seen, metaphorically, as a recirculating water filter where all the email you receive to your Texas State email address is an incoming water stream, and our email protocols are the filter. Unfortunately, the stream is polluted because the open internet is not a sanitary place but is also the vehicle for nearly all timely communications worldwide. Therefore, the incoming stream must be filtered for waste products, like spam, junk email, and malicious phishing.
The junk inbox is the filter where all the waste ends up since Texas State doesn’t delete email from your inbox automatically. You might be tempted to ask why we don’t automatically remove all junk or suspicious email, but the answer is simple: your Texas State email address is yours to give out to whom you see fit, and we can’t always know who is going to send malicious email. This puts the responsibility on you to know how to manage your junk email as well as email that makes it through the filters to your primary inbox.
What to do with junk
The cathartic thing about the junk email box is that you can delete everything in it if there is nothing substantial in there to you – yes, sometimes valid messages get filtered into the junk inbox, so it’s advised to at least look at it before clicking “delete all.”
The filters that populate the junk inbox with unwanted email are designed to notice specific patterns, source IP addresses, or other digital markings common in spam and malicious email. Those filters are further refined as more email that make it through are reported and added to the list.
Truly, though, the freedom to “delete all” is what’s so gratifying about the junk inbox. So, feel free to skip reporting the messages already sorted into the phishing inbox since we already know about them, and just click “delete all.” Then, bask in the joy of a tidy junk inbox.
What makes it through
Sometimes the filters miss things, and this is normal. Unfortunately, a malicious email will occasionally make it into your inbox, and you’ll have to know what to do. Fortunately, we also have systems to help you manage this type of email. We want to make this as easy as possible for our users so that everyone can help keep a clean digital university community.
You have two reporting options: 1. You can use the built-in reporting tools in your browser or email tool, or 2. You can send suspicious or known emails as an attachment (this part is important) to abuse@txstate.edu.
When to use built-in reporting tools
If you want to inform us that you found a phishing or junk email, the best way is to use the built-in reporting tools. Those go straight into our automated system, and we would only reply if we thought there was a risk to you or if you reported something requiring our feedback.
When to message the abuse inbox
If you have questions about a suspicious email, the best thing to do is forward the email as an attachment to the abuse inbox mentioned above. Then, you can write a message to the Information Security Office and to get your questions answered.
There’s a lot of junk
As mentioned earlier, junk email will never go away, but we can always improve our systems, responses, and behaviors to minimize the impact of malicious and junk email. Hopefully, this summary of the junk inbox and how it works will help reduce your worry about phishing and empower you to make good choices in the future. If you ever have questions about the Information Security Office, phishing, email, or any other cybersecurity-related topic, email infosecurity@txstate.edu and we will do our best to answer your questions.
Happy deleting!
Joel Ausanka is an IT projects coordinator for the Information Security Office.
