External Email Tags

CUIMC email accounts have an email flagging feature that serves as a visual indicator and reminder to take pause to review and confirm the authenticity of the sender and message content.

Any message you receive in your CUIMC account that is outside of the organization (see FAQs below for full details) adds the word [EXTERNAL] to the subject line.  The [EXTERNAL] tag will remain if you forward a message to others within the organization. Email message showing EXTERNAL tag in subject line

Email flagging is a common solution used by many organizations to heighten awareness around messages received from entities external to the organization. These capabilities complement IT security and awareness efforts, with the addition of the [EXTERNAL] tag acting as a warning flag so you know to scrutinize the message further before replying, clicking a link, opening an attachment, or otherwise acting on the contents of the message.  The tag will identify if someone has "spoofed" a CUIMC email address, which malicious actors may do to make an email seem as if it came from within your organization. 

When you see the [EXTERNAL] tag on a message:

For additional help with phishing and unwanted messages please see:


Should I not open messages with the EXTERNAL tag?

The tag only means the message came from someone outside of CUIMC, it does not necessarily mean that it is a phishing or other type of malicious email.  It does not mean you shouldn't read the message, just be cautious if you do not recognize the sender.

Can I get an exemption or stop the tag from showing?

Exceptions can't be made for your individual CUIMC email account to prevent the EXTERNAL tag from appearing. It is a security measure added to all CUIMC email accounts, and simply shows that the message is from an outside sender.

If you want to request that an outside email domain (the part of the email address after the "@" symbol) is excluded from having the EXTERNAL tag applied to their messages, please contact us with the following:

Requests will be reviewed by CUIMC Information Security on a case by case basis.

Will messages I send outside of CUIMC be marked as EXTERNAL?

Generally no; the tagging we have implemented only applies to messages coming in to the CUIMC email system from outside.  However other organizations may use the same EXTERNAL tag as a security precaution for their own email system and accounts.

What companies are considered to be outside of our organization?

For tagging, email accounts that are not part of one of these entities will generally have the EXTERNAL tag applied:

There may be other companies not listed here that are excluded upon request and approval by CUIMC Information Security, however the vast majority will have the EXTERNAL tag applied.