Department of Information Technology

Email security enhancement implemented on Thursday, August 15, 2019

Due to an increasing number of fraudulent email messages (also known as phishing) targeting Harvard users, Harvard University Information Technology is implementing an email authentication tool called Sender Policy Framework (SPF) on Thursday, August 15, 2019.  SPF email authentication is widely used by other institutions and has been tested across many Harvard schools and departments over the last several months.

If SPF validation fails, the recipient will see a warning at the top of the email message similar to the one below.

WARNING: Harvard’s email systems could not validate that the sender of this message is legitimate. Please be cautious in opening attachments, clicking any links, or following any other instructions in this email. [This message was automatically added by Harvard’s email systems because of an SPF Hard Failure/Soft Failure/Temporary Failure/Permanent Error]

What you should know:

If you receive an email with this warning above the body of the email, you should take extra precautions before replying or clicking on any included links.

HUIT Security recommends the following actions to evaluate a suspicious email:

  • Look carefully at your email. Don’t assume an email is legitimate because it appears to come from a sender you recognize. Some cyber attackers are using personal and institutional information readily available online to mimic a legitimate email. Be especially wary of unexpected emails that use scare tactics, and/or ask you to share personal or account information, open attachments, follow links, or send money.
  • Get familiar with the common signs of phishing at https://security.harvard.edu/click-wisely#widget-3 so you can spot the frauds.
  • Do not click on links or open attachments. When in doubt, go to the source. Call the sender or go to the known official website to verify its legitimacy.
  • If you suspect you have received a phishing email, please forward the email to phishing@harvard.edu. Alerting our information security office to phishing emails can greatly minimize the potential impact to you and the University.

If you have any additional questions, please submit a ticket or call 617-495-7777.

Best Regards,
HUIT Collaboration Services Team