Email Security

Attackers can use email to infect your computer with malware and viruses, or to obtain passwords and other personal details via deception. Often, the sender details are fake, with genuine-looking emails appearing to come from some other organisation, or even some part of the University, such as HR, "The Helpdesk", or "The System Administrator".

Email safety advice

  • Treat all unsolicited email with suspicion, even if the sender appears to someone you trust.
  • If an offer in an email seems too good to be true, it probably is!
  • Avoid clicking on links or opening attachments in unsolicited email.
  • Never respond to any email asking you for your ID or passwords.
  • If a link in an email takes you to a log-in page, even if it looks similar to the page you normally use, do not log-in. Instead use one of these safe methods:
    • Go to the University home page or MyGlasgow and navigate from there.
    • Use a desktop icon or a bookmark you saved earlier.
    • Carefully type the URL address by hand.

Always err on the side of caution and if in doubt, contact the UofG Helpdesk.


Spam is a global problem and IT Services filter a huge amount every day. Some days over 90% of the email that arrives at the University is filtered out as spam! Whatever we do, some spam will always get through, as spammers find new ways to evade detection.

The University's spam filter service adds [SPAM?] to the subject line of emails it suspects to be spam.

If a spam message reaches you without [SPAM?] in the subject line, you can report this to help improve the filter: see Spam filter.


Phishing attackers alter the sender details (to appear as if they had come from somewhere else) and fraudulent websites designed to trick recipients into divulging personal data such as account usernames and passwords, financial data, etc.

By pretending to be some part of the University, or hijacking the trusted brands of well-known organisations, banks, online retailers and credit card companies, phishers are able to convince some recipients to respond to them.

Stay safe by following the advice above.

Spoofed email and collateral spam

Spoofed (or forged) email is where the spammers make it look as though the email came from another address. In some case, this may be a University address eg

In some cases, this causes non-delivery reports and out-of-office replies to be directed to the spoofed address; this is somtimes known as "collateral spam" or "backscatter".

Most organisations' email servers attempt to minimise this by rejecting the message during the initial stage, however this may not happen in all cases, so the spoofed email address receives junk non-delivery reports and out-of-office replies. There may also occasionally be replies to the spam message from the recipients of the spam email.

IT Services advise ignoring such emails. However, if in doubt about an email received, contact the IT Helpdesk