Phish Files
Abstract Aliens On Flying Saucers Northern Lights Lighthouse Mountains Water Tree Sun Background Gradient Unidentified Flying Object Ufo Stars Vector Design Style Landscape
Phish Files Articles
March 3, 2026

Understanding the [External] Email Tag: What It Means for You

Posted in: News

Breaking News image of a fish in a fishbowl in space

To strengthen email security and help our campus make informed decisions, Montclair has implemented External Email Tagging. Messages sent from outside our email system will now display [EXTERNAL] in the subject line. This added awareness tool aligns with best practices across higher education to help reduce phishing and fraud risks, while encouraging safer email habits.

What the [External] Tag Means

When you see [EXTERNAL] in an email subject line, it means the message came from outside the Montclair network.

  • It doesn’t automatically mean the email is unsafe. (It could be from your mom!)
  • The tag is applied to all external emails and doesn’t affect delivery.
  • Think of it as a visual reminder: pause and double-check before clicking links, opening attachments, or sharing sensitive information.

External email tags help users:

  • Spot messages that may need extra examination
  • Recognize phishing or impersonation attempts more easily
  • Build safer email habits without blocking legitimate messages

Practical Tips for Handling [External] Emails

  • Stop and verify if the email claims to be from an internal office (HR, IT, Career Services) but is marked [External]
  • Always check the sender’s email address. Official Montclair messages typically come from our university domain, but some legitimate communications from partners or affiliated services may come from other addresses. (e.g. Canvas)
  • Watch for mismatched details: display name, signature, and reply-to address should all align
  • Be cautious with urgent requests or unexpected links/attachments

Remember: Use the [EXTERNAL] tag as a cue to think before you click, and report anything suspicious using the Phish Alert Button (PAB).

Frequently Asked Questions (FAQ)

What is External Email Tagging?

Starting on March 16th, the Office of IT will automatically add [EXTERNAL] to the subject line of messages sent from outside the university. It’s intended to be a visual reminder that the message originated beyond our email domain.

Why is Montclair implementing this?

Email is one of the main ways cybercriminals target higher education organizations. To help protect our campus community, Montclair will now add [EXTERNAL] to the subject line of emails sent from outside the university. 

This tag helps faculty, staff and students:

  • Quickly recognize messages from external senders
  • Pause before clicking links or opening attachments
  • Reduce the risk of phishing, fraud, and impersonation scams

External tagging also protects sensitive university and personal data. Higher education institutions frequently face threats such as:

  • Payroll scams
  • Fake account deactivation messages
  • Job offer and financial scams
  • Research data theft

By providing a simple visual reminder, the [EXTERNAL] tag adds a powerful layer of awareness to protect  the organization  and your personal information.

What will it look like?

If an email comes from a non-@montclair.edu email address, you’ll see [EXTERNAL] added at the beginning of the subject line.

Example: [EXTERNAL] Updated Payroll Information

Are all outside emails dangerous?

No. Many legitimate emails come from external partners, vendors, parents, and prospective students. The tag simply distinguishes from emails that originate outside of the university, i.e., emails that are not sent from an @montclair.edu address.

The tag is a reminder to use caution, especially if the message:

  • Creates urgency
  • Asks for passwords or MFA approvals
  • Requests payment, gift cards, or wire transfers
  • Includes unexpected attachments or links

Why don’t internal emails have the tag?

Messages sent between Montclair email accounts remain untagged because they originate within our environment.

NOTE: If an internal account is compromised, attackers may send messages that look legitimate. Always stay alert for unusual requests even from colleagues.

What should I do if an external email looks suspicious?

  • Do not click links or download attachments
  • Do not reply with sensitive information
  • Report the message using the Knowbe4 Phish Alert Button

If you already provided your personal information, please reset your password as quickly as possible. 

Can the tag be removed?

The tag cannot be removed from individual messages. It is automatically applied to protect the entire campus community.

Where can I learn more about email and phishing safety?

Montclair State University | Phish Files

Montclair State University | Information Security

Cybersecurity & Infrastructure Security Agency (CISA) | Recognize and Report Phishing

Federal Trade Commission (FTC) | How To Recognize and Avoid Phishing Scams

Federal Bureau of Investigation (FBI) | Do Yourself a Favor: Be Crime Smart