Security Awareness E-mail FAQ

E-mail

Is spam illegal?

Maybe. (Note: The sending of any spam is prohibited in University acceptable use standards)
The Controlling the Assault of Non-Solicited Pornography and Marketing (i.e.,CAN-SPAM) Act of 2003 (15 U.S.C. 7701), effective January 1, 2004, establishes the United States' first national standards for the sending of commercial e-mail and requires the Federal Trade Commission (FTC) to enforce its provisions. CAN-SPAM defines spam as "any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose)."
The bill permits e-mail marketers to send unsolicited commercial e-mail as long as it contains all of the following:

an opt-out mechanism;
a valid subject line and header (routing) information; and
the legitimate physical address of the mailer.
a label if the content is adult

If a user opts out, a sender has ten days to remove the address. The legislation also prohibits the sale or other transfer of an e-mail address after an opt-out request. Use of automated means to register for multiple e-mail accounts from which to send spam compound other violations. It prohibits sending sexually-oriented spam without the label later determined by the FTC of SEXUALLY-EXPLICIT. This label replaced the similar state labeling requirements of ADV:ADLT or ADLT.
CAN-SPAM pre-empts existing state anti-spam laws that do not deal with fraud. It makes it a misdemeanor to send spam with falsified header information. A host of other common spamming practices can make a CAN-SPAM violation an "aggravated offense," including harvesting, dictionary attacks, Internet protocol spoofing, hijacking computers through Trojan horses or worms, or using open mail relays for the purpose of sending spam.
The legislation does not allow e-mail recipients to sue spammers or class-action lawsuits, but allows enforcement by the FTC, State Attorneys General, Internet service providers, and other federal agencies for special categories of spammers (such as banks).
While many unsolicited e-mail messages are annoying, only some fall into the illegal category. But even if a message does not violate federal or state anti-spam laws, it should still be viewed with caution. Messages may contain advertisements for pornography, get-rich-quick schemes and other ploys that violate state law, or are offensive or inappropriate for viewing. Clicking on links contained in spam messages can also expose Internet users to computer viruses.

Is there a maximum number of emails that I can save between all my email folders/boxes (e.g., inbox, sent mail, etc.)?

There is no uniform-standard regarding the number of active emails (i.e., emails that have not been deleted or put in the trash can) you can store in the email folders/boxes that are assigned to or created by you. Due to resource limits, different mail systems have different requirements for the storage of mail in mailboxes or file folders. Contact your email system administrator for more information.

Date Revised : 2006-03-22

If someone sends me unsolicited obscene material, am I liable for it in regards to inappropriate use of the computer or harassment?

No. You are not responsible for unsolicited mail sent to you regardless of its content as long as you do not share it with others other than email administrators assisting you in getting rid of the message or tracking down the message sender.

Date Revised : 2003-07-10

Can't the University prevent spam from being delivered to my email account?

Spammers often send email from different sources or through different relaying systems around the world. They are moving targets. The tools for generating spam and hiding the true source are sophisticated and techniques for verifying the origin in order to take action can be quite time-consuming. Blocking an entire range of email servers or an entire domain could prevent legitimate mail from reaching its intended recipients so we can not currently prevent all spam from being delivered to your email account. Most email systems have the ability to filter out messages based on words in the subject or body of the email. If you are interested in filtering messages to try to reduce the amount of spam you receive, you should look in manuals for your email software (e.g., outlook, Netscape, etc.) or use the Internet to search for information regarding how to use mail filters.

Date Revised : 2003-07-10

What can I do to avoid getting spam?

1. Never send e-mail or reply to an e-mail requesting that you be removed or to unsubscribe unless you are familiar with the company. Some use this method to verify the e-mail address is valid and may subscribe you to other mailing lists. If you do not know the individual or company simply delete the e-mail.

2. When filling out any type of form on the internet watch carefully for any type of check box that by default may be checked for you to receive a newsletter or share your e-mail with a third party.

3. If you are concerned about a company sharing your e-mail address set up a temporary e-mail account through Hotmail or other free e-mail service.

4. Be careful who you send your e-mail to. Sites that require you to sign up or request an e-mail for free products, free services, or contests commonly share your e-mail as a method of generating revenue.

5. Never forward an e-mail that claims that it is capable of tracking the e-mail as it is sent or will help generate revenue for a certain cause to the more people it is forwarded to. These e-mails are commonly referred to as a chain mail and are commonly false and help individuals get additional e-mail address for SPAM. Additionally, the sending of chain mail is in violation of University Data and Computing Guidelines.

6. Be careful where you post your e-mail address. In chat rooms or news groups for example anyone could quickly grab your e-mail address. Also avoid using your email address when setting up chat or FTP clients.

7. Avoid posting your email address in a web page. There are programs that "harvest" email addresses by looking for mailto: codes in HTML documents

Date Revised : 2003-06-05

Can employees send emails of a political nature over public University email lists/forums?

It depends. The general rule from the State Ethics Commission under Massachusetts General Law (i.e., MGL) Chapter 268A and the Campaign Finance Commission under MGL Chapter 55 is that state employees are prohibited from engaging in partisan political activity during working hours and may not use public resources to advance political candidacies or to promote or oppose ballot questions.

However, if an email is sent over what is considered a "public forum" bulletin board maintained by the University, that email is protected by the First Amendment and would not be regarded as the use of public resources in violation of MGL Chapter. 55 or 268A (provided an employee is not using significant work time for this purpose).

Date Revised : 2003-07-22

Why can't the University censor email from spam sources that I report?

Spammers often send email from different sources or through different relaying systems around the world. They are moving targets. The tools for generating spam and hiding the true source are sophisticated and techniques for verifying the origin in order to take action can be quite time-consuming. Blocking an entire range of email servers or an entire domain could prevent legitimate mail from reaching its intended recipients. Most email systems have the ability to filter out messages based on words in the subject or body of the email. If you are interested in filtering messages to try to reduce the amount of spam you receive, you should look in manuals for your email software (e.g., outlook, Netscape, etc.) or use the Internet to search for information regarding how to use mail filters.

Date Revised : 2003-07-10

What is the policy on sending e-mail to everyone on campus or the University?

Each campus functions differently so you should contact your campus email administrator to find out the correct process to send an email campus or University wide. Please note that such emails should be for University business purposes only. Nonbusiness emails sent to an entire campus or the University is considered spam.

Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF)

Date Revised : 2006-03-22

What should I do if I am receiving unwanted spam?

If you are receiving unwanted, unsolicited spam, obscene or otherwise, notify your email administrator. Don't open attachments or follow links to other sites. Don't reply to the message or attempt to contact the source without assistance. Chances are that the spam was designed so that a reply would generate bizarre amusement for someone, possibly at the expense of an unwitting third party, and confirms that your email address is legitimate. Some sources of bulk email are reputable, and may offer instructions to have your email address removed from their list. Making that determination however can be difficult and should be left to your email administrator.

Date Revised : 2003-07-10

What is "spamming"?

Spamming refers to the sending of unsolicited e-mail messages to a large quantity of recipients. Spamming unduly slows down a network.

Date Revised : 2006-03-22

Can University students use electronic mail (i.e., e-mail) for personal use?

Students are allowed to use e-mail for personal use but must abide by University student codes of conduct and acceptable use standards/guidelines/policies.

Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF)

Date Revised : 2006-03-22

How can I ensure that an email is actually being sent by the person in the FROM: line of the message?

In general, without specific add on security, the authenticity of an e-mail message cannot be assured. This means that the authorship or source of an e-mail message may not be as indicated in the message. Internet Mail Extensions (S/MIME), digital signatures, and certification authorities can help to confirm sender authenticity however the use of these methods is not included as part of a basic email package and must be purchased separately.

Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF)

Date Revised : 2006-03-22

Can I send a message I received to a 3rd party?

You should not "rebroadcast" or send information obtained from another individual that the individual reasonably expects to be confidential. Remember, email is a store and forward technology so be aware that anything sent via email can be saved, printed and forwarded.

Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF)

Date Revised : 2006-03-22

Who has the authority to approve the monitoring of email?

The Chancellor or their designee may authorize that electronic mail be monitored if a legitimate administrative purpose exists. The Chancellor or their designee may also authorize that electronic mail be locked or copied to prevent destruction and loss of information.

Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF)

Date Revised : 2006-03-22

Someone sent me an email and the content is "inappropriate". What do I do?

The University can not control the content of electronic mail. If you receive electronic mail that you consider harassing, threatening or offensive, contact your email administrator for assistance.

Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF)

Date Revised : 2006-03-22

Does the University monitor email?

The University does not routinely monitor the content of electronic communications. However, the University has the responsibility and authority to access, review and release electronic information that is transmitted over or stored in University systems. The University also has the responsibility and authority to monitor individual accounts if the University determines this monitoring is necessary for legitimate administrative purposes. Legitimate administrative purposes include:

1.Compliance with legal requirements or process, such as subpoenas, writs, warrants, Patriot Act, or HIPAA compliance;

2.As part of an investigation of a suspected violation of law or University policies, procedures or codes of conduct.

3.The need to maintain or protect the integrity or operations of University computing systems;

4.To obtain information needed to deal with an emergency; or

5.In the case of University employees and officials, if such information is needed for the ordinary business of the University. The Chancellor or their designee may authorize that electronic communications may be locked or copied to prevent destruction and loss of information.

Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF)

Date Revised : 2004-02-24

Who can use University email systems?

The University makes e-mail facilities available to both students and staff. It is not a provider of email services to the general public. Some campuses also make email systems available to retirees. If you are unsure of who can use your campus email facilities, contact your mail administrator.

Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF)

Date Revised : 2006-03-22

How long can I keep a message in my mailbox?

There is no uniform standard regarding how long an undeleted message can be kept in a person's mailbox. Deleted (including mail in a trash folder) and expired mail will be unretrievable after 30 days because of resource utilization concerns. This standard applies to deleted mail (including mail in trash can folders) only. It does not apply to mail in users mailbox or electronic mail file folders. Due to resource limits, different mail systems have different requirements for the storage of mail in users mailbox or file folders. Contact your email system administrator for more information.

Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF)

Date Revised : 2006-03-22

Are the emails I send private?

University considers a personal e-mail message to be private correspondence, however, the privacy and security of documents and messages stored in and transmitted via electronic mail cannot be guaranteed. Messages might become available to others. The University will take reasonable steps to protect the rights to privacy granted by the Federal Family Educational Rights and Privacy Act of 1974, as amended, 20 U.S.C. Sec. 1232g, the Electronic Communications Privacy Act of 1986, Pub. L. 99-508, the Massachusetts Fair Information Practices Act, M.G.L. c. 66A, and other applicable laws. The content of some electronic communications may be deemed public records under the Massachusetts Public Records Act, M.G.L. c. 66.

Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF)

Date Revised : 2006-03-22

Is email an official form of University communication?

Yes. You should use e-mail in a responsible manner consistent with other business communications (e.g., phone, correspondence) being aware of the records retention periods of the business related information you are sending/receiving.

Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF)

Date Revised : 2006-03-22

What should I do if I receive unsolicited/unwanted e-mail?

Contact your email administrator for assistance.

Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF)

Date Revised : 2006-03-22

What should I do if I receive unwanted/unsolicited offensive e-mail?

If you receive offensive e-mail, contact your email administrator for assistance.

Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF)

Date Revised : 2006-03-22

Are there restrictions regarding what I can send on a University email system?

Yes. You are prohibited from sending, posting or, publicly displaying or printing unsolicited mail, chain e-mails or materials that may be of a fraudulent, defamatory, harassing, abusive, obscene or threatening nature on any University system. The sending of such messages/materials will be handled according to University codes of conduct, policies and procedures

Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF)

Date Revised : 2006-03-22

Can I use someone else's email account?

Individuals are prohibited from using an electronic mail account assigned to another individual to either send or receive messages. If it is necessary to read another individual's mail (e.g., while they are on vacation, on leave, etc.), surrogacy or message forwarding should be used.

Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF)

Date Revised : 2006-03-22

What is email spoofing?

Email spoofing is when an email message appears to have originated from one source when it actually was sent from another source. Email spoofing is often an attempt to trick you into making a damaging statement or releasing sensitive information (such as passwords). Examples of some email spoofs include emails: claiming to be from a system administrator requesting you to change your passwords to a specified string and threatening to suspend their account if you do not comply claiming to be from a person of authority requesting you to send them a copy of a password file or other sensitive information requesting you to verify account information sometimes including credit card numbers. Note that while you may occasionally be requested to change your password, you should not tell anyone what you changed it to. If you suspect that you may have received a spoofed email from someone with malicious intent, you should contact your system administrator immediately.

Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF)

Date Revised : 2006-03-22

Can University employees use electronic mail (I.e., e-mail) for personal use?

Email is made available to employees for the purpose of conducting University-related business, but occasional social/personal use is allowed providing it does not interfere with University business. An employees manager/supervisor is responsible for determining if social/personal use of email is affecting the performance of University business.

Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF)

Date Revised : 2006-03-22

Can I send "chain" letters via email?

No. Chain e-mails/letters should not be forwarded/sent via email. This is an inappropriate use of University computer systems and networks. Sending chain emails/letters ties up university computing resources and could prevent legitimate university business from taking place.

Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF)

Date Revised : 2006-03-22

What is a "chain" email or letter?

Chain Email/letter refers to several types of e-mail messages including virus hoaxes, good luck/bad luck messages, and fake fund raisers that are sent out to several users and those users are asked to send the message to several more e-mail users and so on.

Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF)

Date Revised : 2006-03-22

Do I "own" emails that I send/receive on University computers?

For purposes of public records issues, "personal" emails, even if stored on university computer systems, are not University records, just as personal notes, etc., are not University documents, even if kept in desks, file cabinets, etc. University business emails are University records.

Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF)

Date Revised : 2006-03-22

How can SPAM be used to scam someone?

Users can be sent scammed by sending money in response to bogus emails. For more information go to http://onguardonline.gov/spam.html

Date Revised : 2006-03-29

Printer Friendly | E-mail this page

Virus Alerts

Current Security Tip