Mail at CIMS

Accessing Your Email
Downloading Email Using IMAP or POP
Outgoing Email, SMTP and Mail Relaying
Server Settings for using IMAP or POP, and SMTP
Remote Mail Clients
Mailing Lists
Spam
Phishing

Accessing Your Email

As of July 8, 2025 all email is automatically forwarded from your_netid@cims.nyu.edu to your_netid@nyu.edu. To set up an alias such that emails sent from your_netid@nyu.edu appear to have been sent from your_netid@cims.nyu.edu, please see these instructions. Also, please note that you should never forward email back from your NYU Home account ( nyu.edu ) to your CIMS account as this will result in your mail being discarded.

Server Settings for using IMAP or POP, and SMTP

IMAP

Server: imap.cims.nyu.edu
SSL: enabled
Port: 993

POP3

Server: imap.cims.nyu.edu
SSL: enabled
Port: 995

SMTP (Outgoing)

Server: smtp.cims.nyu.edu
Encryption: SSL
Port: 465
Authentication is required if outside Courant.

For detailed instructions on how to configure your settings for a specific mail reader, or "client," please look here.

Mailing Lists

Mailing lists are used to send messages to multiple users who share a common need to receive certain messages, whether they are students in a class, researchers interested in a particular topic or series of talks, or administrators who need to be notified regarding University events. There are three types of mailing lists presently in use at Courant:

NYU Groups

These are used for class mailing lists, seminars, departmental lists, and other functions. They enable interested parties to subscribe and unsubscribe over the web, and provide list administrators with the ability to manage the lists and moderate messages posted to them. They provides all the functionality of a mailing list, plus additional features such as online discussion forums and the ability to share content from Drive. Information about requesting a Group can be found here:

http://www.nyu.edu/servicelink/KB0013048

NYU Groups can browsed here, when logged in with your NYUHome credentials:
- groups.google.com

Spam

Normal, non-phishing spam can be forwarded to is.spam@nyu.edu

Phishing

Phishing is the act of trying to obtain confidential information from users of an e-mail service by crafting e-mail that looks legitimate and contains links to malicious websites. You should be suspicious of any e-mail that claims to be from NYU or CIMS, but contains many grammar/spelling errors, links to pages that don't begin with "cims.nyu.edu/" or "nyu.edu/", and other incorrect information. You can report phishing attempts to phishing@nyu.edu. And outside of nyu you can also report such scams to spam@uce.gov and/or reportphishing@antiphishing.org. When reporting phishing attempts, you should include the full email with full headers. In addition phishing attempts can also be reported as follows acording to the FTC.

------------------------------
How to Report Phishing
If you got a phishing email or text message, report it. The information you
give can help fight the scammers.

Step 1. Report the suspicious email to NYU IT using the PhishAlarm button in NYU Email (Google) and include specific information about the incident. If you don’t see the PhishAlarm button, forward the email to phishing@nyu.edu. You can also report a security incident through this service link form.

Step 2. If you got a phishing email, forward it to the FTC at spam@uce.gov and to the Anti-Phishing Working Group at reportphishing@apwg.org. If you got a phishing text message, forward it to SPAM (7726).

Step 3. Report the phishing attack to the FTC at ftc.gov/complaint.

------------------------------

Here is an example of a real phishing attempt that was sent to many of our users, followed by a bullet-point breakdown of how it could have been identified as illegitimate.

----------------------------------------------
<PHISHING EXAMPLE>
----------------------------------------------

From: New York University <abc123@anotheruniversity.edu>
Date: June 7, 2014 at 10:42:03 PM GMT+2
To: Recipients <abc123@anotheruniversity.edu>
Subject: Newsletter Subscription Service

Subscribe Now : EMAIL NEWSLETTER

Sign up to get monthly updates about our students, faculty, research, and alumni.with information on campus news and events, including plays, concerts, art exhibits, and athletic competitions, as well as local happenings. Click Here to receive weekly New Letter CIM.NYU.EDU/SUBCRIBE

Browse through the archives of our(NYU) past publications and get the latest news about what is happening within the NYU Steinhardt community. Learn about students working within the community and studying abroad, the academic research of our faculty, and the exciting work being done by some of our Alumni. (Note: If you have a CIMS Login you'll be asked to login through CAS.

New York University :: Courant Institute of Mathematical Sciences :

----------------------------------------------
</PHISHING EXAMPLE>
----------------------------------------------

Breakdown:

Although the name in the From field is "New York University", the e-mail address that follows it is clearly not from NYU. Although not the case in this example, it is possible to fake the From address to look as though it came from a legitimate address. Never trust an e-mail based on the From field alone!
The very first sentence contains noticeably mistaken grammar ("and alumni.with information")
The second sentence displays inconsistency: the subject line refers to it as "Newsletter", and then the second sentence refers to it as "New Letter"
The URL provided is cim.nyu.edu/subcribe. This has TWO problems: 1) our domain is CIMS.nyu.edu (with an "s"). 2) they misspelled "subscribe".
In the original e-mail where the URL was a clickable link, the URL led to a "yolasite.com" address. This was observable simply by hovering over the link (no need to actually click it).
Spacing error: "our(NYU)"
"Alumni" is capitalized for seemingly no reason.
Their final "Note" has an opening parenthesis, without a matching closing parenthesis.
Most organizations, including CIMS, will not close an e-mail with something as vague as "New York University" or "Courant Institute of Mathematical Sciences" without some kind of contact information or link.

This is not to say that every e-mail that we will ever send will be perfect. However in the event that we do send out something as mangled and unprofessional as the above example, we will issue a correction e-mail.

----------------------------------------------

Here is another example of a real phishing attempt that was sent to many of our users. In this exampe we will delve a little more deeply into the full headers of the email. Note that this phishing example does not have a link to a website and instead relies on the recipient to respond via email. A particular email can appear to be sent from a legitimate address and yet not be. Each email includes a "From" header which can be easily forged and often is for legitimate reasons. A good way to think of an email’s “From” header is as the digital equivalent of the return address printed on envelope.

So, at first glance, an email can appear to be from a legitmate site such as your bank and yet not be. Scam emails like this often will include a link that will take you to a phishing site that is designed to look like a legitimate website. Before clicking on any link in an email, you should pass your cursor ver the link and make note of the URL it will take you to if you click on it. This is often all one needs to do to tell that the email is a scam.

However, not all scam emails have links to URLs in them and are instead designed to scam you once you reply. So how do you tell? The answer is simple, you just have to look at the full headers. All email applications have a way to do this. In Gmail, for example, you can examine this information by clicking the arrow at the top right corner of an email and selecting Show original.

Below is an example of an actual spam email with a forged email address. Notice the From line -> From: "Prof. Denis Zorin" <cs-chair@cs.nyu.edu>. This looks legitimate at first glance, but this line can contain anything like the return address printed on envelope. To find out where it's really from you have to follow the chain. Start from the bottom to find out where it originated from. Look for the "Received: from" headers. The important one has been highlighted below. You will see, in the example below, that it originated from "reagan.com" which would be a red flag in this case and indicate that there is something fishy going on. Also note the "Reply-To: godoverevery@gmx.com", which is another clue that this email is far from legit.

----------------------------------------------
<PHISHING EXAMPLE>
----------------------------------------------

Delivered-To: xyz123@nyu.edu
Received: by 2002:ac2:43d6:0:0:0:0:0 with SMTP id u22csp2630521lfl;
        Tue, 9 Apr 2019 07:57:05 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxnV1v3qKhHyCwWJIEPZqQAVQSPqiSyeeCK/ZpTOg80Oe5X2HC1SyeSwFdMTmEz1/c7y/hH
X-Received: by 2002:ac8:28d0:: with SMTP id j16mr31540318qtj.15.1554821825630;
        Tue, 09 Apr 2019 07:57:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1554821825; cv=none;
        d=google.com; s=arc-20160816;
        b=QKEv1S0d3Q+LQ4wkIG61+3mRhPd1a42/pnQcYlVYQ9WEYMuyJvboveAEkKUwpPuChJ
         d4bhTX+EZccndsUy292AQ/v8feZ9fSqCeVx4/2LKydNpLJhs9DgRnFxEO363L751+25n
         52QK9O/RfyQGH/RVxMR/4KUboOKkI3CtzeAFQ0n5uhGuYARG9+FD8lF283GUB9hnc3Sx
         N2euEzBxEWXXOn8b7/kWRzc7LHZZpEIMkzGWHd8dqhBu7ybY2Fz8ZIHPLu4cwn6RE6T2
         1wEI0wX+YtRITGvNoIh5rn47st/UMPMai+dhuQUqITWRG+cGnE+QoMFdP/csLED6LmEP
         jlow==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=message-id:importance:mime-version:reply-to:to:from:subject:date;
        bh=3mQVOIq5q7fsJp8KJljRhEzq8zmfYdV5CNPusP+1Rgw=;
        b=cNWcV5n+kh6wkNFnPf0G7K7uT2D/w82tC/8jisxHBnGjjR3KwYcujpaMmAaNbDinS+
         zXCEBD0v65Udf3B49Ad+0IpB+Mv5iSbD/WpUuZSHS9P7+lKIebCIT9wEebdgftlgDaeG
         8FyBB8bDIMA8IvDx7/M+gCCPZtz28eEu2TTQpL2ff7iYNbkEBu3cdXVq+qU+qj/Kij+c
         rVRUg+802L1OIS454YH+T7eYmlz9BCJJO/bNQR1J+OAiLQq9/OudXse3//wjRz/gk/+y
         PzobZOfR5GY/DU2qLEK7nLTYrsUt5K7FRvcORfVEaBfsNzu49lsHj0NKBIs1IhVh2ZN6
         evNg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of jdoe@mail.cims.nyu.edu designates 128.122.49.90 as permitted sender) smtp.mailfrom=jdoe@mail.cims.nyu.edu
Return-Path: <jdoe@mail.cims.nyu.edu>
Received: from gmx3.home.nyu.edu (gmx22.home.nyu.edu. [216.165.32.213])
        by mx.google.com with ESMTPS id a15si1608065qtk.344.2019.04.09.07.57.05
        for <xyz123@nyu.edu>
        (version=TLS1 cipher=AES128-SHA bits=128/128);
        Tue, 09 Apr 2019 07:57:05 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of jdoe@mail.cims.nyu.edu designates 128.122.49.90 as permitted sender) client-ip=128.122.49.90;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of jdoe@mail.cims.nyu.edu designates 128.122.49.90 as permitted sender) smtp.mailfrom=jdoe@mail.cims.nyu.edu
Received: from mx3.nyu.edu (mx3.local [10.100.100.243]) by gmx3.home.nyu.edu (8.14.9/8.14.9) with ESMTP id x39Ev4U6009127 for <xyz123@nyu.edu>; Tue, 9 Apr 2019 10:57:04 -0400 (EDT)
Received: from mx0b-00256a01.pphosted.com (mx0b-00256a01.pphosted.com [67.231.153.242]) by mx3.nyu.edu (8.14.9/8.14.9) with ESMTP id x39Ev4st009091 for <xyz123@nyu.edu>; Tue, 9 Apr 2019 10:57:04 -0400 (EDT)
Received: from pps.filterd (m0119692.ppops.net [127.0.0.1]) by mx0b-00256a01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x39Ev3e0125652 for <xyz123@nyu.edu>; Tue, 9 Apr 2019 10:57:04 -0400
Authentication-Results: ppops.net; spf=none smtp.mailfrom=jdoe@mail.cims.nyu.edu
Received: from mail.cims.nyu.edu (mail.cims.nyu.edu [128.122.49.90]) by mx0b-00256a01.pphosted.com with ESMTP id 2rruwdtddf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for <xyz123@nyu.edu>; Tue, 09 Apr 2019 10:57:04 -0400
Received: from mail.cims.nyu.edu (localhost [127.0.0.1]) by mail.cims.nyu.edu (8.15.1+Sun/8.15.1) with ESMTPS id x39Ev3DQ024631 (version=TLSv1.2 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for <xyz123@nyu.edu>; Tue, 9 Apr 2019 10:57:03 -0400 (EDT)
Received: (from jdoe@localhost) by mail.cims.nyu.edu (8.15.1+Sun/8.15.1/Submit) id x39Ev3Fh024628 for xyz123@nyu.edu; Tue, 9 Apr 2019 10:57:03 -0400 (EDT)
Received: from mx2.cims.nyu.edu (mx2.cims.nyu.edu [216.165.22.57]) by mail.cims.nyu.edu (8.15.1+Sun/8.15.1) with ESMTPS id x39Ev25i024618 (version=TLSv1.2 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for <jdoe@mail.cims.nyu.edu>; Tue, 9 Apr 2019 10:57:03 -0400 (EDT)
Received: from smtp124.iad3a.emailsrvr.com (smtp124.iad3a.emailsrvr.com [173.203.187.124]) by mx2.cims.nyu.edu (8.15.1+Sun/8.15.1) with ESMTPS id x39Ev074009373 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <jdoe@cs.nyu.edu>; Tue, 9 Apr 2019 10:57:01 -0400 (EDT)
Received: from smtp32.relay.iad3a.emailsrvr.com (localhost [127.0.0.1]) by smtp32.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 9384A5793 for <jdoe@cs.nyu.edu>; Tue,
9 Apr 2019 10:38:20 -0400 (EDT)
Received: from app21.wa-webapps.iad3a (relay-webapps.rsapps.net [172.27.255.140]) by smtp32.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 832AF56B3 for <jdoe@cs.nyu.edu>; Tue,
9 Apr 2019 10:38:20 -0400 (EDT)
X-Sender-Id: preacherco@reagan.com
Received: from app21.wa-webapps.iad3a (relay-webapps.rsapps.net [172.27.255.140]) by 0.0.0.0:25 (trex/5.7.12); Tue, 09 Apr 2019 10:38:20 -0400
Received: from reagan.com (localhost.localdomain [127.0.0.1]) by app21.wa-webapps.iad3a (Postfix) with ESMTP id 6E03B60054 for <jdoe@cs.nyu.edu>; Tue,
9 Apr 2019 10:38:20 -0400 (EDT)
Received: by webmail.reagan.com
    (Authenticated sender: preacherco@reagan.com, from: cs-chair@cs.nyu.edu)
     with HTTP; Tue, 9 Apr 2019 09:38:20 -0500 (CDT)
X-Auth-ID: preacherco@reagan.com
Date: Tue, 9 Apr 2019 09:38:20 -0500 (CDT)
Subject: Hello James
From: "Prof. Denis Zorin" <cs-chair@cs.nyu.edu>
To: jdoe@cs.nyu.edu
Reply-To: godoverevery@gmx.com
MIME-Version: 1.0
Content-Type: multipart/alternative;boundary="----=_20190409093820000000_81464"
Importance: Normal
X-Priority: 3 (Normal)
X-Type: html
Message-ID: <1554820700.448429513@webmail.reagan.com>
X-Mailer: webmail/16.3.0-RC
X-Greylist: inspected by milter-greylist-4.6.2 (mx2.cims.nyu.edu [216.165.22.57]); Tue, 09 Apr 2019 10:57:01 -0400 (EDT) for IP:'173.203.187.124' DOMAIN:'smtp124.iad3a.emailsrvr.com' HELO:'smtp124.iad3a.emailsrvr.com' FROM:'preacherco@reagan.com' RCPT:''
X-Greylist: Delayed for 00:18:34 by milter-greylist-4.6.2 (mx2.cims.nyu.edu [216.165.22.57]); Tue, 09 Apr 2019 10:57:01 -0400 (EDT)
X-Virus-Scanned: clamav-milter 0.97.4 at mx2
X-Virus-Status: Clean
X-Scanned-By: MIMEDefang 2.80 on 216.165.22.57
X-Loop: beenherebefore
X-CLX-Shades: MLX
X-Orig-IP: 128.122.49.90
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-04-09_07:,, signatures=0
X-Proofpoint-Spam-Reason: safe

----------------------------------------------
</PHISHING EXAMPLE>
----------------------------------------------