Office of Information Technology
Home
Calendar
Map
 Home
 Computing
Library
Search

Security: Policies & Guidelines

Security Home Statistics Virus/AntiVirus POlicies &tc How-To Guides Get Our Attention
UMBC IT-03: Guidelines for Using Electronic Mail
DRAFT DATE: March 27, 2002; October 7, 2001
SUBJECT: UMBC Guidelines for Using Electronic Mail
SOURCE: Office of Information Technology
GUIDELINE NUMBER: IT-03
REVIEWERS: IT Steering Committee
Faculty Senate Computer Policy Committee
Provost Council - 10/12/01
DATE Finalized: Draft 2

RATIONALE:

Electronic mail (email) is used ubiquitously for communicating with colleagues on and off campus. Daily, we see as many as 50000 email messages sent to and from campus. As a result, email is a powerful communication tool but it is not without risks and limitations. These include the threat of viruses, Freedom of Information (FOI) requests, legal subpoenas, and SPAM. This guideline describes the level of privacy we can provide, discusses best practices, and provides information to help you use email safely and successfully.

GUIDELINES:

For an overview of the principles governing computing services at UMBC, please refer to the UMBC Policy for Responsible Computing: http://www.umbc.edu/newsevents/Student/umbc-aup.html. While not specifically addressing email privacy issues; this policy affirms that access to computing resources is a privilege to be exercised within the context of the principles of academic freedom. Accordingly, a user's privacy will be preserved to the extent possible in the electronic environment present in a public setting, Thus, your privacy may be affected by the Maryland Access to Public Records Act, other applicable state and federal laws, and the needs of the University to meet its administrative, business, and legal obligations. OIT will not arbitrarily search email or files without administrative approval and without following campus policies; however, this does not guarantee the privacy of your files and care should be taken. UMBC is a public agency and employee email use is subject to state policies and law that could affect or limit your privacy.

The Responsible Use policy requires the Office of Information Technology (formerly University Computing Services) to consult with the Vice President for Academic Affairs and follow existing University procedures before accessing any files belonging to a user, including email. In addition, the policy states that the University must notify users within one week if they are under investigation or if their files have been accessed. Since crucial University business is sometimes conducted through an individual user's email account, UMBC's administration may have a need to access that user's files or email without the user's explicit prior consent (as in cases of termination, long-term absence, etc). The affected area's Supervisor or Department Chair, or a UMBC administrator may be given access to and/or control of such an account through OIT under these guidelines, based on written requests which justify such action as being necessary to protect the University's interests.

BEST PRACTICES:

  1. Do not write anything in email that you would not write in a memorandum.
    Email provides a quick and informal way for people to communicate; however that informality often leads to a lack of caution in communications. People write things in email which they would never write or say in another context. As a result, email has become a common target during the discovery phase of litigation proceedings and has played a damaging role in many court cases.
  2. Get a second, non-UMBC, email account for personal email correspondence.
    UMBC policy does not prohibit use of UMBC email accounts for personal communications which are not intended for outside commercial activities and are not in violation of other university policies .However, UMBC email is subject to Freedom of Information (FOI) requests and if lawfully requested, your personal email can be released. To avoid this result, users with an outside ISP should use that account for personal use, or establish a second account with one of the free web-based email providers such as Hotmail or Yahoo. Most email clients can be easily configured to support multiple email accounts.
  3. Do not automatically open attachments and make certain that you have up-to-date virus protection on your computer.
    Many recent viruses, such as Sircam, promulgate by selecting random files from the hard disk, attaching a virus to those files and sending them to people listed in the local address book.. As a result, you could receive a message from someone you know that contains a virus. Be cautious about opening unexpected attachments. Your best defense is to stay up-to-date with your virus protection.
  4. Use your mail client to filter unwanted email and SPAM.
    Wading through junk email and SPAM in your inbox is time consuming. At a campus level it is very difficult to block this email without inadvertently blocking legitimate mail. However, most email programs can filter email. Using this to block repeated emails from a specific address is an option to consider. If your email program does not have this capability, OIT has a utility named procmail to assist you.
  5. Keep attachments in mail messages below 5 megabytes in size.
    Mail servers have a configuration parameter that controls the maximum mail size of a message, including attachments. At UMBC this limit is 5 megabytes. however some non-UMBC servers may have a lower limit and so care should be taken to break up messages that have many attachments.
  6. If you leave UMBC, make arrangements for your email account.
    UMBC does not guarantee continued access to email accounts for departing faculty and staff. An account may be kept active at the discretion of a department chair or director for university business reasons or as a transitional courtesy for departing employees. Please notify OIT through email oit@umbc.edu. of the effective date when you no longer need access to a UMBC account. A vacation message can used to advise writers of your departure.

DEFINITIONS:

SPAM - SPAM is widely used as a term for unsolicited email, the official definition is mail that is sent with a fake reply address and with no way to remove your address.

PROCEDURE REFERENCE:

Reports of security incidents should be sent to abuse@umbc.edu.

Virus resources can be found at the OIT Web site: http://www.umbc.edu/oit/virus

For situations requiring immediate assistance or response by security engineers, local campus computing support centers have paging information for ITSO staff by contacting the OIT Helpdesk, 410-455-3838 or the Chief Information Officer, 410-455-2582. A response from someone should be expected with 60 minutes.

RELATED POLICY REFERENCES:

IT-01 UMBC Policy for Responsible Computing



RESPONSIBLE ORGANIZATION:

UMBC Office of Information Technology
oit@umbc.edu
http://www.umbc.edu/oit


OIT Security: Footer
NOTE: " Outbound Link" Indicates a link to an external (non-UMBC)

Last modified: 3/6/2003
Office of Information Technology • Main Office: ECS 125 • Phone: 410-455-3838 • Email: oit@umbc.edu