OIT is sending out e-mail messages similar to the one below. The recent legislative audit identified some account and password practices that OIT should strengthen. One practice we need to discontinue is allowing people to send their username and password unencrypted to a server.
Please do not be alarmed by this messages. Please do not mistake these messages for Spam or a Phishing scam of any type. We have posted this message to verify that the messages you are receiving are in fact legitimate.
----------Email Message Begins Here-------------------------------
Dear "Enter Name Here":
The Office of Information Technology is sending you this message to inform you that we have plans to strengthen our e-mail security. While much of this can be done centrally on our servers, the remainder must be completed on your local e-mail client (e.g. Outlook, Thunderbird etc.). We plan on making these changes permanent on May 25th, 2006
Many UMBC account holders have some form of e-mail client installed on their PC or Mac computers. In order for you to utilize the increased security features we are requesting that you modify your e-mail client settings. In most cases this is very easy to do.
Instructions regarding these configuration changes can be found at:
http://www.umbc.edu/oit/sans/helpdesk/configuremail.html
***Which Machine Should I Change My E-mail Settings On?***
Part of the challenge we face is identifying the machine or machines that you have connected from. This is important because your office machine may in fact be setup with the most recent security features while your home PC or Mac may not be. To help you identify which machine needs to have the e-mail client settings updated we have included the IP Address or domain name where you last connected from.
Don't worry if this is a little confusing for you. We are including this information for those that may find it useful. If you are just not sure what this means then we simply recommend that you check the settings on all of the e-mail clients that you use. Below you will find the hosts where your connection was detected from.
Our logs over the past week have detected that you have
used an unencrypted "IMAP or POP" session to access your MyUMBC email
account named "USERNAME HERE". These logins occurred from the following hosts:
"HOST INFORMATION HERE"
*** How Soon Do I Need to Make These Changes?***
Don't be alarmed, you are not in imminent danger of being compromised. We are taking these steps as part of a campus wide security campaign. We plan on disabling unencrypted IMAP and POP e-mail on May 25th, 2006. You have until this date to update your e-mail clients.
For more information about making these changes please visit:
http://www.umbc.edu/oit/sans/helpdesk/configuremail.html
If you have any questions, please feel free to contact the OIT helpdesk via email (helpdesk@umbc.edu), or at 410-455-3838 (x5-3838)