IT Professionals,
On February 23, 2023, IU will begin rolling out new security measures to prevent individual faculty and staff email accounts from sending unusually high numbers of emails. If faculty or staff exceed the limit they will receive a non-deliverable report (NDR). Additionally, they will be blocked from sending email until midnight UTC (currently 7pm ET) or until unblocked by the Support Center. If the account is blocked, the status will be visible in CCI Tools, and faculty and staff should contact their campus Support Center.
This change is in response to recent phishing campaigns where attackers have gained access to IU email accounts and used those accounts to send phishing and scam emails in large numbers. These changes will increase security, help with detecting potential compromises, and reduce the negative impact on our community. Email communications for clients with typical use patterns should not be impacted. We have analyzed network traffic and compiled a short list of clients who are exceeding the proposed threshold with legitimate emails. We have added them to an exception list which will not be subjected to the proposed threshold. You may want to follow up with your clients on the exception list to discuss alternate options for sending email to large recipient groups. These options include a group account, email list or messaging via Canvas because these methods will not be affected by the threshold.
For more details regarding current email policies, we recommend you review the following documents from the IU Knowledge Base:
About IU’s policy on mass email
Use of Electronic Mail
Security guidance for senders of mass email and workflow email
Excessive Use of Information Technology Resources
Thank you for your partnership in keeping IU secure.
If you have any questions, please contact Tier 2 Support at sct2@iu.edu.
–IT Community Partnerships on behalf of the University Information Security Office