Overview
To protect the university's faculty, staff, students, information resources, educational capabilities, and network access, Texas A&M Technology Services employs several methods to block access to webpages known to harbor malicious software. URLs in email that lead to phishing websites or sites which host malware are rewritten and blocked by our email servers. Attempts to connect to known botnet websites are blocked by our firewall. The campus DNS server blocks domain names used by malware which may be accessed by a web page.
All three methods of blocking are fully automated and based on subscriptions to lists of sites that are known to host malicious content. These lists are maintained and provided by companies who receive and analyze data from companies and internet service providers around the world to ensure that they are as up-to-date and accurate as possible.
Email
TAMU Technology Services uses Proofpoint to scan and compare them against a list of URLs and websites maintained by Proofpoint. The message is either deleted at the server if it's a known malicious message, quarantined for inspection if it may be spam or possibly malicious, or delivered to the recipient based on the content of the message. Through URL re-writing, a URL in a delivered message that is determined to be malicious will be blocked from connecting to the malicious webpage. Instead, clicking on the URL will redirect to a page indicating that the site has been blocked.
Outlook, Teams
Links sent internally through Texas A&M Exchange or Microsoft Teams are scanned for malicious content through Microsoft 365 Defender. Links are rewritten to include safelinks.protection.outlook.com. The original link can be seen by hovering over the URL, however, you will not be able to copy it.
In Teams, URLs will appear as normal, but a loading screen will appear when clicked, indicating the link is being checked for malicious content. The loading screen can be skipped after the URL is visited in a browser.
If the link is found to be malicious, a warning will appear and you will not be able to visit the site unless you click the “continue anyway” link, which is not advised.
Firewall
The TAMU Technology Services firewall is configured to block access to websites that are known to host and control "botnets". A botnet is a network of compromised computers and devices around the world, which are used for often-illegal functions, most commonly denial of service attacks. When traffic from within the campus firewall attempts to connect to a known botnet page, the traffic will be blocked and redirected to a page indicating that the page is a known botnet page.
DNS
Texas A&M's domain name system (DNS) is provided by Infoblox. When a webpage request passes through the Texas A&M DNS server, the domain name is compared to a reputation list maintained by internet security organizations. If the reputation of the page indicates that the page is potentially malicious, traffic to that page is blocked and redirected to a webpage indicating this. If you believe the webpage you were trying to access is not malicious, or you feel that it has been blocked incorrectly, you can use the report button to email TAMU Technology Services to request that access to the page be restored.
