You are located in service: RWTH-E-Mail

E-Mail Macro Filter

E-Mail Macro Filter


E-Mails are frequently used as a distribution method for malware (viruses, trojans, etc.), as well as for phishing attempts. Attachments from unknown sources should be approached with particular caution.

The e-mail macro filter aims to inform users of the potential risk of suspicious incoming mails sent from external e-mail addresses. Suspicious attachments, in this case, are mainly office documents with active components, so-called macros.

This security measure is, however, only a part of the entire structure of "it-security". No protective measure can be 100% effective, and user caution is vital. This measure is not designed to be a blanket defence against cyber attacks via mail, but to draw attention to one specific feature - macros.

As such, please be aware that this measure does not filter all potentially dangerous attachments, and that there are other potential security risks in e-mails. We advise you to pay attention to suspicious e-mails, and to always double check before opening attachments from unknown or suspicious sources.


E-Mails with attached documents containing macros and sent from e-mail addresses that do not belong to the central exchange mailing system will be sent with a warning label. 

Specifically, this means that suspicious mails will not be sent directly to the recipient, but attached to an addition information e-mail.

The information mail will then be sent to the recipient in order to inform them of potentially risky content.

The information mail is sent from the address and has the original subject of the mail that has been sent to the recipient. 

Informationsmail im Posteingang

The information e-mail will contain the original mail as a text file attachment with original header information including the original sender of the mail.


The original text of the mail can be viewed by clicking on the attached document.

Please note:

E-Mail programs handle attachments differently. To open the original attached email, the email must be opened in .eml format. For example, this format is supported by Outlook or Mail App for Windows.

If you have difficulties opening the attached e-mail (e.g. e-mail is empty or no document is attached), please try to open the e-mail in the RWTH Mail App via browser (

Example: Workaround for AppleMail:
  • Log in to the RWTH Mail App
  • Open the attachment in the e-mail that you received from The original e-mail should now have been opened in a new window
  • Select the arrow next to the names of the attachments in the original e-mail and download them. It is not always possible to open the attachments in the e-mail by clicking on them directly

Originale E-Mail

If the sender of the original message is trustworthy, and the attachment proves not to be suspicious, you can then go ahead and open the attached document.

Example: Microsoft Office documents with macros

It will initially be opened in a read-only version, and you need to actively enable editing in order to make any changes to the document.

Geschützter Ansicht

When you enable editing on the document, you will receive another note on macros, and can then enable the active content of the document in order to use the macros.

Inhalt aktivieren



Further information on macros can be found in our blog:

In case you have further questions, please feel free to contact the IT-ServiceDesk.

last changed on 01/30/2024

How did this content help you?

Creative Commons Lizenzvertrag
This work is licensed under a Creative Commons Attribution - Share Alike 3.0 Germany License