Your email

The University email service is called Nexus365 and is run by IT Services. You will have been registered automatically for an Oxford email account as soon as your University card was created. To access your account:

• ensure you have activated your Oxford username
• use your Oxford username and password to log in to the IT Services' self-registration service and find your email address (click on 'User info' in the left-hand sidebar and then select 'Email' in the blue bar in the web page).
• you can then access your account via the MyOxford app or https://outlook.office.com.

Log in to your email or download the MyOxford app for quick email access. 

• You can configure your secure email clients (for example, Outlook, MacMail, Mozilla Thunderbird, etc) to work with your University email.
• Change your account settings, such as the default address, at Account Settings.
• All University-related emails will be sent to your ox.ac.uk email account.

Oxford email also provides an online calendar. You can give other people access to your calendar, and schedule meetings, share contacts, tasks, files and folders with your colleagues.
 

Your entitlement to IT and digital services continues until your course completion. For research graduates this is usually the date that Leave to Supplicate is granted. For most other students this will be at the expiry date on your University card. If you have been offered a place on a course at Oxford starting in the next academic year, access to your email account will be extended over the Long Vacation. If you take up the offer your email account will be further extended to the end date on your new University Card. If you are changing college, or starting a graduate course, you may be assigned a new email address. This will be assigned once your University Card is updated. You should continue to use your existing username.

Junk mail and phishing

As with any email account, some of the messages you receive will be unwanted and unsolicited email often referred to as junk email or spam. Always delete junk email - never reply.

Phishing is the name given to the type of cyber attack where criminals use emails, text messages, phone calls, social media, or fake websites to trick you into revealing personal or financial information, login details, or multi-factor authentication (MFA) codes. Attackers often impersonate trusted organisations, which could mean the University, Student Fees and Funding, IT Services, your bank, or a delivery company, for example.

You should never share passwords, one-time passcodes, or MFA approval requests with anyone — even if the request appears to come from the University or another trusted organisation. 

Tips to avoid being caught out by phishing

•    Never share your passwords via email, text, phone call, messaging apps or social media – The University will never ask you to share your password or MFA code.
•    Never approve unexpected MFA login requests – If you get a login approval request you didn't initiate, deny it and report it via the IT Service Desk.
•    Be cautious of urgency or pressure – Phishing messages often try to create a sense of urgency to make you act immediately.
•    Check the sender carefully – Be alert to misspellings or unusual email addresses. Remember that sender names can be spoofed.  
•    Check links carefully before clicking – Hover over links (on a desktop) to see the real web address before clicking. Be cautious of slight misspellings or unusual domains.
•    Verify sites independently – Bookmark official links and university/college sites. If you're unsure about a link or website, go directly to the organisation’s official website by typing the address into your browser yourself. 
•    Watch out for unusual requests – Be wary of unexpected messages, especially from faculty or supervisors asking things like, “Can you buy this for me?” or “I need your number urgently.” Always verify the request.
•    Look into unusual payment requests – Be alert to unexpected payment requests, such as tuition fees or accommodation deposits that you weren't expecting.
•    Be wary of offers that seem too good to be true – This could include anything from parcel deliveries to cheap accommodation or scholarships.
•    Don't click links or open attachments in unexpected or suspicious messages.
•    Take extra care on mobile – It's often harder to spot suspicious links.
•    Check website security – If you're entering sensitive information online, check the URL begins with https:// and there's a padlock icon. A padlock means the connection is encrypted – it does not guarantee the website itself is legitimate.

If you think you may have entered your details into a fake site or via a suspicious link, change your password immediately (especially if you also use it elsewhere) and contact the IT Service Desk for advice.