Skip to main content
Ministry of Education New Zealand
On this page

What email filtering is

Email filtering is a process that automatically sorts your incoming and outgoing emails according to certain criteria that you can set. For example:

  • sorting unwanted emails like spam into another mailbox
  • blocking content with offensive language
  • blocking malicious emails like phishing.

Why email filtering is important

Email is the most common way schools or kura are targeted by cyber attacks. Email filtering can protect student and staff information by supporting your school’s:

  • security – by blocking harmful emails like phishing or spam
  • safety – by preventing bullying or inappropriate content from being spread via school email systems
  • productivity – by keeping your inbox free of junk or spam, so only important communication gets through
  • compliance – by protecting important information from leaving your school email system, to comply with the New Zealand Privacy Act 2020.

Privacy Act 2020 – New Zealand Legislation

Types of email filters

Spam filters

Spam filters can detect and block unwanted or unsolicited emails by looking for characteristics of a typical spam email. This might include:

  • where the email comes from
  • email content
  • the subject line
  • how many people it might have been sent to.

Content filters

Content filters scan the content of emails, including:

  • the subject line
  • body text
  • attachments.

It looks for specific keywords, phrases, or patterns that indicate spam, phishing, or other unwanted content, like marketing emails.

Attachment filters

Attachment filters use different techniques to scan attachments for:

  • malware
  • viruses
  • and other malicious content.

You can also block specific file types, like Excel documents or PDFs, if your school thinks they are unsafe or unnecessary.

Allowlist/denylist filters

Allowlist and denylists are lists of senders that you trust and permit emails from, or you don’t trust and want to block.

Mail filters normally have a pre-made denylist of known spam or malicious senders. They will automatically send emails from these senders to the spam folder.

How to set up email filtering

We recommend your school or kura uses Network for Learning (N4L)'s service, which is fully funded.

Google and Microsoft have baseline email filtering built into their services. These can be further customised by an information technology (IT) lead to better protect your students and staff.

See our guidance on how to set up N4L or customise your Google or Microsoft settings.

What to do if you have clicked on a phishing email

If a staff member or student accidentally clicks on a link or enters information from a phishing email, remain calm. Refer to your incident response plan and do the following:

  • have the person reset all their account passwords and tokens
  • ensure they have two-factor authentication (2FA) enabled where possible
  • run a virus scan on the device
  • alert your IT provider if you have one
  • notify N4L as they can block the phishing link for other users on Email Protection, and can quickly identify if anyone else has clicked on the link.

For the next several days, have them closely monitor their device, emails, and applications they use to see if anything unusual happens.

If they do notice something out of the ordinary happening on their device, email [email protected] or [email protected].

THIS PAGE IS FOR
  • Education professionals