BNL Home

Electronic Mail Services

External Email Warning Tagging

Brookhaven National Laboratory uses Proofpoint for our email gateways which provide mail routing and protections for our inbound and outbound email to the internet.

Phishing and spoofing attacks are among the most common cyber threats we face. Adversaries often disguise their emails to look like they come from trusted colleagues or organizations. By clearly marking external messages, we reduce the risk of mistaking a malicious email for a legitimate one. Think of external email tagging as a visible reminder to pause, review, and verify before clicking links or opening attachments.

As of August 27, 2025, Brookhaven National Laboratory is implementing a feature to tag inbound email messages appropriately for assisting in this defense. This will apply a banner to the top of the message body which will help you assist in identifying malicious emails.

The banner does NOT mean the email is unsafe AND is NOT a foolproof method in identifying malicious emails. This is an addition tool for awareness. Normal phishing methods as indicated in your Cyber Security training should still be followed such as:

  • Always verify the sender's actual email address, not just the display name
  • Hover over links before clicking to check their true destination
  • Be extra cautious if the message urges you to act quickly or requests sensitive information like passwords or financial details

This will apply to inbound emails from the Internet. This will not apply to Intra-mail within BNL.

Incoming emails will have the following

  • Information tags in YELLOW
  • Warning tags in RED

Conditions

Potential tagging conditions and respective banners:

  • External Sender
    • This tag could appear when a received message originated from outside the organization.
  • Unknown Sender
    • This tag could appear when a received message is from an address that a user has not communicated with previously.
  • Unsafe Email
    • This tag could appear when a received message has been generally designated unsafe based on Proofpoint analysis.
  • Newly Registered Domain
    • This tag could appear when an email sender’s domain is less than 90 days old. Attackers commonly use new domains to launch their email attacks.
  • Mixed Script Domain
    • This tag could appear when a received message might contain links to a fake website.
  • Impersonating Sender
    • This tag could appear when a received message may be trying to impersonate another sender.
  • DMARC Authentication Failure
    • This tag could appear when the sender’s identity could not be verified and may be impersonating the sender.

Exceptions

There will be some exceptions to this new feature to address lab-wide services such as:

  • Workday
  • Everbridge
  • ServiceNow

They are considered known-good sources which have been vetted and will not be tagged; this exception list is not comprehensive and may evolve over time.

Sample emails

External Sender for the Information tag

  • HTML email
    • Light mode:
      example email
    • Dark mode:
      example email
  • Text-only email
    • Light mode:
      example email
    • Dark mode:
      example email

Get IT Support

For all support issues and service requests, please contact the ITD Helpdesk via email at itdhelp@bnl.gov or call 631-344-5522.