to Homepage
You are located in service RWTH-E-Mail
General information
IT Center Help

You are located in service: RWTH-E-Mail

E-Mail Macro Filter
Print page

E-Mail Macro Filter

 

guide

This page describes email macro filtering for incoming emails.

 

Background

Emails are frequently used as a distribution method for malware (viruses, trojans, etc.), as well as for phishing attempts. Attachments from unknown sources should be approached with particular caution.
The email macro filter aims to inform users of the potential risk of suspicious incoming mails sent from external e-mail addresses.
Suspicious attachments, in this case, are mainly office documents with active components, so-called macros.

This measure should be viewed as one component of the overall "IT security" structure. It does not increase security to 100%, but draws attention to certain critical features (in this case, macros).
Please note that not all potentially dangerous attachments may be filtered here and that there are other security risks when handling emails. We would like to remind users once again to always be vigilant.

E-Mails with attached documents containing macros and sent from e-mail addresses that do not belong to the central exchange mailing system will be sent with a warning label. 
Specifically, this means that suspicious mails will not be sent directly to the recipient, but attached to an addition information e-mail.
The information mail will then be sent to the recipient in order to inform them of potentially risky content.
The information mail is sent from the address NoReply-sec@itc.rwth-aachen.de and has the original subject of the mail that has been sent to the recipient. 

Informationsmail im Posteingang

 

Opening filtered emails

The original email is attached to the information email from NoReply-Sec@itc.rwth-aachen.de with the name OriginalMessage.
This attachment contains the original email with the original header information, i.e., the header also includes the original sender.

To open a filtered email, follow these steps. Please check beforehand whether it is really a trustworthy email.

Step 1
Open the information email.

Informationsmail

Step 2
Click on the email attachment named OriginalMessage.

Some email clients convert the OriginalMessage email into a text file (.txt extension). You cannot open this file in this format.
Please save the file manually as a mail file (.eml extension) and open it separately.

If you have difficulties opening the attached email (e.g., if the email does not display any text or no attachment is visible), please try the process again using the RWTH MailApp.

Step 3
The original email should now open. The original attached file with macros is attached to this email.
If the sender is trustworthy or the attachment is not suspicious, the file can now be opened or downloaded.

Originale E-Mail

Example: Microsoft Office documents with macros

It will initially be opened in a read-only version, and you need to actively enable editing in order to make any changes to the document.

Geschützter Ansicht

When you enable editing on the document, you will receive another note on macros, and can then enable the active content of the document in order to use the macros.

Inhalt aktivieren

 

Additional information:

Further information on macros can be found in our blog: https://blog.rwth-aachen.de/itc/2021/09/01/makros-2/

In case you have further questions, please feel free to contact the IT-ServiceDesk.

last changed on 01/29/2026

How did this content help you?

Creative Commons Lizenzvertrag
This work is licensed under a Creative Commons Attribution - Share Alike 3.0 Germany License
Chat