{"id":1314,"date":"2026-03-03T09:34:24","date_gmt":"2026-03-03T14:34:24","guid":{"rendered":"https:\/\/www.montclair.edu\/phish-files\/?p=1314"},"modified":"2026-03-04T13:08:03","modified_gmt":"2026-03-04T18:08:03","slug":"understanding-the-external-email-tag","status":"publish","type":"post","link":"https:\/\/www.montclair.edu\/phish-files\/2026\/03\/03\/understanding-the-external-email-tag\/","title":{"rendered":"Understanding the [External] Email Tag: What It Means for You"},"content":{"rendered":"<p><span style=\"font-weight: 400\">To strengthen email security and help our campus make informed decisions, Montclair has implemented External Email Tagging. Messages sent from outside our email system will now display [EXTERNAL] in the subject line. This added awareness tool aligns with best practices across higher education to help reduce phishing and fraud risks, while encouraging safer email habits.<\/span><\/p>\n<h2><strong>What the [External] Tag Means<\/strong><\/h2>\n<p><span style=\"font-weight: 400\">When you see [EXTERNAL] in an email subject line, it means the message came from outside the Montclair network.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><strong>It doesn\u2019t automatically mean the email is unsafe<\/strong><span style=\"font-weight: 400\">. (It could be from your mom!)<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">The tag is applied to all external emails and doesn\u2019t affect delivery.<\/span><\/li>\n<li style=\"font-weight: 400\">Think of it as a <strong>visual reminder<\/strong><span style=\"font-weight: 400\">: pause and double-check before clicking links, opening attachments, or sharing sensitive information.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">External email tags help users:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Spot messages that may need extra examination<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Recognize phishing or impersonation attempts more easily<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Build safer email habits without blocking legitimate messages<\/span><\/li>\n<\/ul>\n<h2><strong>Practical Tips for Handling [External] Emails<\/strong><\/h2>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Stop and verify if the email claims to be from an internal office (HR, IT, Career Services) but is marked [External]<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Always check the sender\u2019s email address. Official Montclair messages typically come from our university domain, but some legitimate communications from partners or affiliated services may come from other addresses. (e.g. Canvas)<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Watch for mismatched details: display name, signature, and reply-to address should all align<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Be cautious with urgent requests or unexpected links\/attachments<\/span><\/li>\n<\/ul>\n<p><strong>Remember:<\/strong> <span style=\"font-weight: 400\">Use the [EXTERNAL] tag as a cue to think before you click, and report anything suspicious using the <\/span><strong><a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/pab\/\">Phish Alert Button (PAB)<\/a><\/strong><span style=\"font-weight: 400\">.<\/span><\/p>\n<h2>Frequently Asked Questions (FAQ)<\/h2>\n<h3><strong>What is External Email Tagging?<\/strong><\/h3>\n<p><span style=\"font-weight: 400\">Starting on March 16th, the Office of IT will automatically add [EXTERNAL] to the subject line of messages sent from outside the university. It\u2019s intended to be a visual reminder that the message originated beyond our email domain.<\/span><\/p>\n<h3><strong>Why is Montclair implementing this?<\/strong><\/h3>\n<p><span style=\"font-weight: 400\">Email is one of the main ways cybercriminals target higher education organizations. To help protect our campus community, Montclair will now add [EXTERNAL] to the subject line of emails sent from outside the university.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">This tag helps faculty, staff and students:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Quickly recognize messages from external senders<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Pause before clicking links or opening attachments<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Reduce the risk of phishing, fraud, and impersonation scams<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">External tagging also protects sensitive university and personal data. Higher education institutions frequently face threats such as:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Payroll scams<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Fake account deactivation messages<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Job offer and financial scams<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Research data theft<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">By providing a simple visual reminder, the [EXTERNAL] tag adds a powerful layer of awareness to protect\u00a0 the organization\u00a0 and your personal information.<\/span><\/p>\n<h3><strong>What will it look like?<\/strong><\/h3>\n<p><span style=\"font-weight: 400\">If an email comes from a non-@<\/span><span style=\"font-weight: 400\">montclair.edu<\/span><span style=\"font-weight: 400\"> email address, you\u2019ll see [EXTERNAL] added at the beginning of the subject line.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Example: [EXTERNAL] Updated Payroll Information<\/span><\/p>\n<h3><strong>Are all outside emails dangerous?<\/strong><\/h3>\n<p><span style=\"font-weight: 400\">No. Many legitimate emails come from external partners, vendors, parents, and prospective students. The tag simply distinguishes from emails that originate outside of the university, i.e., emails that are not sent from an @<\/span><span style=\"font-weight: 400\">montclair.edu<\/span><span style=\"font-weight: 400\"> address.<\/span><\/p>\n<p><span style=\"font-weight: 400\">The tag is a reminder to use caution, especially if the message:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Creates urgency<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Asks for passwords or MFA approvals<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Requests payment, gift cards, or wire transfers<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Includes unexpected attachments or links<\/span><\/li>\n<\/ul>\n<h3><strong>Why don\u2019t internal emails have the tag?<\/strong><\/h3>\n<p><span style=\"font-weight: 400\">Messages sent between Montclair email accounts remain untagged because they originate within our environment.<\/span><\/p>\n<p><span style=\"font-weight: 400\"><strong>NOTE:<\/strong> If an internal account is compromised, attackers may send messages that look legitimate. Always stay alert for unusual requests even from colleagues.<\/span><\/p>\n<h3><strong>What should I do if an external email looks suspicious?<\/strong><\/h3>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Do not click links or download attachments<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Do not reply with sensitive information<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Report the message using the <\/span><a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/pab\/\">Knowbe4 Phish Alert Button<\/a><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">If you already provided your personal information, please reset your password as quickly as possible.\u00a0<\/span><\/p>\n<h3><strong>Can the tag be removed?<\/strong><\/h3>\n<p><span style=\"font-weight: 400\">The tag cannot be removed from individual messages. It is automatically applied to protect the entire campus community.<\/span><\/p>\n<h3><strong>Where can I learn more about email and phishing safety?<\/strong><\/h3>\n<p><span style=\"font-weight: 400\">Montclair State University | <\/span><a href=\"https:\/\/www.montclair.edu\/phish-files\/\">Phish Files<\/a><\/p>\n<p><span style=\"font-weight: 400\">Montclair State University | <\/span><a href=\"https:\/\/www.montclair.edu\/information-technology\/security\/\">Information Security<\/a><\/p>\n<p><span style=\"font-weight: 400\">Cybersecurity &amp; Infrastructure Security Agency (CISA) | <\/span><a href=\"https:\/\/www.cisa.gov\/secure-our-world\/recognize-and-report-phishing\">Recognize and Report Phishing<\/a><\/p>\n<p><span style=\"font-weight: 400\">Federal Trade Commission (FTC) | <\/span><a href=\"https:\/\/consumer.ftc.gov\/articles\/how-recognize-avoid-phishing-scams\">How To Recognize and Avoid Phishing Scams<\/a><\/p>\n<p><span style=\"font-weight: 400\">Federal Bureau of Investigation (FBI) | <\/span><a href=\"https:\/\/www.fbi.gov\/how-we-can-help-you\/scams-and-safety\">Do Yourself a Favor: Be Crime Smart<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>To strengthen email security and help our campus make informed decisions, Montclair has implemented External Email Tagging. Messages sent from outside our email system will now display [EXTERNAL] in the subject line. This added awareness tool aligns with best practices across higher education to help reduce phishing and fraud risks, while encouraging safer email habits. [&hellip;]<\/p>\n","protected":false},"author":349,"featured_media":222,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5],"tags":[],"class_list":["post-1314","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/1314","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/users\/349"}],"replies":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/comments?post=1314"}],"version-history":[{"count":4,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/1314\/revisions"}],"predecessor-version":[{"id":1475,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/posts\/1314\/revisions\/1475"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/media\/222"}],"wp:attachment":[{"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/media?parent=1314"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/categories?post=1314"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.montclair.edu\/phish-files\/wp-json\/wp\/v2\/tags?post=1314"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}