Phishing and spam emails are among the most common methods cybercriminals use to try to gain access to the university’s systems or confidential information. To help improve email security and reduce the risk of phishing, staff and students will begin receiving a daily “Quarantine Notifications” email from Microsoft’s default sender address:

quarantine@messaging.microsoft.com
Display name: University of Derby Quarantine Notifications

Currently, high-confidence phishing and spam messages are automatically blocked and held securely by DS&S/IT Services. With this update, lower-risk spam and phishing messages will now generate a daily notification email, allowing staff and students to safely review and release any legitimate emails that may have been misclassified by the university's mail security tools.

What the daily notification email includes:

• Summary of emails placed in quarantine over the past 24 hours, including sender, subject line, and reason for quarantine.
• Emails are retained in quarantine for 30 days. Any emails not released within this timeframe are permanently deleted.
• Options to preview, release, or block senders or delete messages.

Note: High-confidence phishing or spam messages will remain visible only to IT administrators for your protection.

Managing your emails and shared Mailbox emails

You can also check your quarantined messages at any time via the Quarantine Portal with your university account:
 https://security.microsoft.com/quarantine

For Quarantine emails in shared mailboxes click the Quarantine page link in the email and sign in with your credentials to access.

Previewing your message allows you to inspect the email without risk, as no links or attachments are activated during preview.

How to preview a quarantined message:

1. Go to: https://security.microsoft.com/quarantine

2. Sign in with your university account.

3. Locate the message in the list.

4. Select Preview to view its content securely.

How to release or delete a quarantined message:

1. Go to: https://security.microsoft.com/quarantine

2. Sign in with your University account

3. Select the message

4. Choose Release or Delete

If it is confirmed that the email is legitimate, you can add the sender to your safe senders list. This will ensure that emails from that sender are delivered directly to your inbox moving forward.

 How to block sender:

1. Go to: https://security.microsoft.com/quarantine

2. Sign in with your University account

3. Select the message

4. Select 'More' and then select 'Block sender'.

How to add sender to safe senders:

After you have reviewed the email and it has been released, it will be delivered to your inbox.

Outlook:
1. Open the released email in your inbox.  
2. At the top of the message, click “Trust Sender”.  
3. The sender will be added to your safe list, and future messages should be delivered normally.

Important guidance:
If you’re ever unsure about a quarantined message, do not release it. Instead:

• Contact the IT Service Centre for advice using link https://itservicecentre.derby.ac.uk/hc/en-us
• Always double-check the sender’s address, subject line, and the content of the message, and never provide personal information or passwords or click on suspicious links. Hover over links to see the real URL before clicking, and do not open attachments from unknown senders.

How this helps you:

• Reduces the risk of missing important emails that were wrongly flagged.
• Helps you safely identify and handle suspicious emails without opening them in your inbox.
• Improves overall email security awareness across the University.

Thank you for your cooperation as we continue to strengthen our overall security.