Campus Email Delays Caused by Malicious Email Activity

IT Services has taken steps to address an issue that caused delays in some campus email this week. No messages were lost during the delays.

IT Services, working with Sophos support, determined the delay was caused by spikes, reaching 5 million incoming messages on both April 1 and 2, that included significant traffic from IP addresses associated with malicious email activity. IT Services normally processes about 1.5 million emails per day, and the increased traffic overloaded the Sophos appliance that manages spam, phishing, and virus control, slowing email processing to a crawl. As a result, the campus community was at increased risk from phishing scams for a short time, and IT Services recommends extra caution when clicking links sent through email.

To resolve the issue, IT Services has increased the number of Sophos servers, processed the backlog of delayed messages, and temporarily shut off advanced phishing prevention to increase the processing speed for mail currently in queue. IT Services will continue to investigate a variety of solutions to prevent this kind of issue in the future.