IT Center Blog

Macros – E-mail Filtering at RWTH

March 25th, 2022 | by
Screen with 2 ladybugs, gear and envelope

Source: Pixabay

E-mails are a major gateway for cyberattacks. These attacks are no longer isolated incidents and are part of our everyday life. Especially the spreading of malware through attached documents with macros are very popular among cyber criminals. These macros can for example contain hidden malware. If the recipient activates these macros when opening the document, any malicious software they may contain can cause great damage. For this reason, a protection mechanism for e-mail macro filtering was installed for the RWTH e-mail service on November 16, 2021. Office documents are the most used, but also PDFs, e.g. containing form fields.

How does the e-mail macro filtering work?

E-mails with attachments sent from an email address outside the RWTH central exchange system to your email address on the RWTH central exchange system and containing documents with macros will no longer be delivered directly. Instead, you will receive an information mail explaining that the e-mail contains potentially dangerous macros. The sender address of the original e-mail will be replaced by the sender address The e-mail’s subject, however, will appear as exactly the same as the subject of the original e-mail. This information mail contains an explanation of how you should behave when dealing with such e-mails and what you should pay attention to.

This is one of many measures to improve IT security at RWTH Aachen University. It does not provide 100% security but is specifically intended to make users aware of specific risks.

How can I open the original e-mail?

The original email including the files with macros will be automatically attached to the information email. After you have read the information mail carefully and are aware of the risks, you can freely decide whether you want to open the original e-mail and the attached files. This will give you the opportunity to check the email more closely before opening it: Is the sender of the email someone you know? Is the attached file an expected file? If in doubt, it is always advisable to contact the sender personally to make sure that there are no malicious intentions behind the e-mail.

If the sender of the e-mail is trustworthy and the attachment is not suspicious, you can open the document attached to the information e-mail. Simply open the original e-mail by opening the attachment to the information e-mail. After opening the email, you will have access to the attachment of the original email. When you open the attachment, the document is first opened in protected view. You will need to activate the editing of the document manually. After activating the document, you will also be notified about the macros contained in the document. This content should only be activated for trusted files. After activation the macros will be executed. Detailed instructions with screenshots can be found in our documentation portal IT Center Help.

The original e-mail does not open. What am I doing wrong?

Every e-mail program handles attachments differently. To be able to open the original mail, it must be opened in .eml or .msg format. If the attachment of the information mail was saved as a .txt file, this file extension must be replaced in .eml or .msg. Opening the original mail is supported by email clients such as Outlook and Mail App for Windows. If you encounter problems, you should open the RWTH Mail App (OWA) to access the original mail.

Is there a way to bypass this filtering?

For security reasons, all emails sent from outside the RWTH’s central Exchange system that contain files with macros are filtered out. However, there are other ways to share files securely besides sending conventional e-mails. Members of RWTH can use services like Sciebo or Gigamove to share documents.

If you have any questions or problems with this measure, please feel free to contact us. Our colleagues from the IT-ServiceDesk will be happy to help you.


Responsible for the content of this article is Stéphanie Bauens.

Comments are closed.