ACOM Email Policy

Provision of email accounts

All paid-staff, emeritus, and visitors with V1 status (paid by UCAR funds) in ACOM will be given a Google Apps for Government account which includes email and a username@ucar.edu email identity. 

Staff who aren't eligibile for Google Apps for Government include unpaid staff such as retired staff, volunteers, and visitors paid by other institutions.  Email for non-eligible staff must be provided by another institution or personal email provider and cannot be provided by UCAR.

Paid staff, emeritus, and V1 visitors may host certain mailboxes on ACOM's internal mail server.  But mail that is received, that is the INBOX, must be hosted by Google Apps for Government (gmail).  Any or all other mailboxes may be hosted on Google.  The quota on the Google Apps for Government (gmail) server is 30 GB.  Mail, documents, and content on Google Drive are counted against that 30 GB quota.

 

email retention

Even deleted and spam email is retained on the Google server for a minimum of 30-days and usually for far longer.  If an email is lost from the Google Server, ACOM Systems Staff may be able to perform recovery of the message from Google's Vault service up to a period of time during which the message is retained by Google's Vault service.

 

mailman email distribution lists

"mailman" distribution lists will eventually be replaced by equivalent group lists on Google Mail.  If an email distribution list still resides on mailman the following applies.

ACOM uses the system "mailman" for creating email distribution lists.  An email distribution list allows anyone to subscribe or unsubscribe. The ACOM Systems Staff can set up a mailman list (or take one down) for any discussion topic. They may designate a person as list administrator as per the request to set up the list. The procedure to set up a new email list is to open a work request and provide the following information:

  • The name of the list (e.g., "topse@acd.ucar.edu")
  • Who should administer the list
  • Any information you want to appear in the list's information page to orient a new user to the discussion list.
  • A list of initial subscribers

 

'acomonly' email announcement list

The Google list "acomonly@ucar.edu" may be used to send announcement to all of ACOM.  Subscribers to the list will be ACOM staff, many ACOM visitors, and others who have an interest in ACOM and want to keep up with the laboratory.

Since this list has a wide audience, please keep your audience in mind and use the list only for email that will be of interest to the entire laboratory.

Google Apps for Government maintains lists for internal tracking -- do not use any list starting with the characters "all" (e.g., all-acom@ucar.edu).  They will deliver email, but rarely to the audience that the name of the list implies.

 

UCAR communications by email (Internal provided by Google)

email is an important means of electronic communications at UCAR. It is a convenient way to disseminate information, send attachments to individuals, and otherwise conduct business in a way that keeps a record of the communications at hand. Communications should be professional and courteous. Communications by email, as with other communications must be in accordance with UCAR policy.   Be aware of possible restrictions vs. the content of your email: the transmission or receipt of unencrypted sensitive personal identifying information (e.g., passport and social security numbers), ITAR information, and HIPAA.  Never send a password encrypted by email.

 

UCAR communications by email (Outside)

When sending email outside of UCAR, be aware of the "public" nature of email. Mistakes sometimes happen, so messages which contain sensitive or personal information can be read unintentionally by others.

 

Privacy

Google Apps for Government publishes a privacy statement at https://support.google.com/a/answer/174120?hl=en

The privacy of email communications is important for us to preserve. For mailboxes hosted on ACOM mail servers, the systems staff will take measures to protect email privacy by setting permissions on system mailboxes and by maintaining overall server security.

Email is not completely private, however. As with paper memos, email is considered UCAR property and can be examined by administrators who are following UCAR policies. Email can also be examined as a result of a court-order.  Google does not scan email and does not present advertising under the Google Apps for Government agreement.  However, email may be scanned by system processes, such as for indexing and storage.

Whether email is hosted by Google or stored on ACOM servers and workstations, technical failures may occur which violate the privacy of email communications. For example, a system administrator may accidentally see a message when helping a user with an unrelated problem. Another staff member may see a message left up on a person's screen.

Because of the limits that we have on email privacy, each staff member must not leave email on NCAR equipment that would cause personal or legal issues to parties who are mentioned in the context of that email including the sender and recipient. Aspects of email such as complaint against another staff member, inappropriate aggression, offensive humor, sensitive documents, very personal communication, etc., are not apprioriate to leave stored on UCAR equipment or in Google Apps for Government and should be offloaded and stored privately.

 

Personal communications by email

We do allow our email addresses to be used for personal communications as long as those communications are in accordance with other UCAR policy. (For example, we can't allow UCAR email addresses to be used for political or profit-making business communications). If you do use email for personal communications, keep in mind that we store and back up email along with email used for business correspondance. If privacy is a concern, be sure to delete email messages after you have read them.  Mail may exist on Google Apps for Government and in its Vault service even after deletion.

 

Allowed Protocols and email clients

Both Google and ACOM-hosted email use two methods of access:

 ACOM officially supports one IMAP client: Mozilla Thunderbird (Mac, PC/Windows, or PC/Linux).  Other IMAP clients may be used, but support cannot be offered beyond offering IMAP settings that may enable the IMAP client to work.  Email software must be kept up to date as security updates are released by the manufacturer (Mozilla in the case of Thunderbird Mail).

ACOM does not recommend or support the Apple Mail client, although the client can sometimes be made to work.

 

spam

As of late 2006 and early 2007, spam has become not just an annoyance full of unwanted marketing, but  a security threat. Techniques include scams, scripts, phishing (with links to pages that look like legitimate sites), malicious HTML or attachments, various methods to acquire sensitive personal information, and other malicious payloads designed to compromise systems, adding them to ever-growing networks of computers which are then used in targeted attacks. Organized crime has become involved in spam, and amounts reached percentages near 90% of all email during the Fall of 2006. For this reason, it has become important to the security of our institution to take spam seriously, and to take measures to reduce the spam we receive.

spam may appear to come from legitimate users -- even your systems adminsitration staff. Sometimes, but not always, it is easy to tell from the context of a message that it may be spam. Our general recommendation is never to open attachments unless you are absolutely sure they are trustworthy, and never click on unsolicited links contained within email messages. Doing so may put the institution at risk in terms of network security.  And always use plugins that allow or disallow scripts per site you visit (NoScript for Firefox or ScriptSafe for Chrome).

Unfortunately it is difficult to avoid receiving spam email.  To reduce the amount of spam you recieve, the institution implements spam and malware filtering.  This is in effect whether mail is hosted by ACOM or by Google.  Google offers a 'spam' folder where you check for legitimate messages misidentified as spam.  ACOM's mail server offers a 'caughtspam' folder.

In spite of the best filtering technologies, you will receive spam.  Our general recommendation is to delete spam email. Don't read it, send it to anyone else (including the Systems Staff), or respond to it in any way. Responding to "unsubscribe" links offered by spam email mail just verify to the spam email sender that they have hit an actively used email account. The identity of that account is then sold to other spam email senders.  For spam or commercial email that is sent repeatedly, you should use filters in Google Mail to either delete the unwanted mail, or redirect it to the spam folder.

ACOM is not responsible for email which is lost as a result of measures to filter spam. If legitimate email is being blocked check into Google filters first.  ACOM Systems Staff are available to help set up filters if needed.

 

Malware, Virus Hoaxes, and Scams

Malware (which we used to refer to as "viruses") are most often, but not always contained in email attachments. We require the use of Forefront Endpoint Protection (antivirus) on PC/Windows systems, or appropriate antivirus software on other systems in the division.

Attachments containing malware are now filtered by the Google Apps for Government (gmail) server.  Some executable attachments are automatically filtered, even if archived within zip files (.exe files for instance).

"email hoaxes" and scams are sometimes more common than email malware. If your message sounds like any of the following, it is probably a hoax or a scam:

  • "You have rached the storage limit on your mailbox"
  • "Account Upgrade/Maintenance All Webmail accounts"
  • "Craig Shergold is dying of cancer and wants postcards"
  • "The FCC is about to ban all religious broadcasting"
  • The "Good Times" virus
  • "Join the Crew"
  • "Win an iPad"
  • "Make Money Fast"

 

Such messages usually implore you to forward the message to others, and usually try to establish credibility with either technical-sounding language, or by association (pretending to be from the government, Microsoft, AOL, or even your divisional system administrator).

A good way to tell if a message appears to come from an NCAR staff member, is look at the reply address.  If it doesn't end in "ucar.edu", or if the link they give you doesn't end in "ucar.edu", then it is probably not from us. 

If you receive a hoax, do not inform the systems staff -- as with spam email messages (see above), simply delete them.   Train Google Mail filters if they occur repeatedly.  Also, if you receive a hoax or scam message, do not forward it to others. Be very careful that any message that you forward to another person contains truthful information. In particular, do not circulate "virus" warnings without checking with technical staff to assure their validity. Serious virus warnings will usually be sent by organizations such as CERT, ASSIST, Technet, etc., through system administrators who in-turn will send announcements informing their staff. Chain letters may also fall into this category and should be deleted without forwarding them to other users.

 

What the Systems Staff cannot do

There are a few requests we cannot honor regarding email -- either because of the need to protect email privacy, the need to follow UCAR policy, or the need to meet other legal and ethical obligations. The Systems Staff of ACOM cannot:

  • Extract an email message from a mailbox to give to another user without that user's permission
  • Remove an email message from another user's mailbox (except where sensitive personal information disclosure is involved)
  • Guarantee that an old email will be deleted. (This is because email can exist on individual desktop machines, in multiple locations, or saved as separate documents).
  • Guarantee that an email message can be recovered from backups (Because it may have aged off of the backup system in place).
  • Report on the contents of an email message to another user
  • Deny a court-order request to examine an email message
  • Decrypt an encrypted email.

 

Email for departing staff/visitors

It is not ACOM's responsibility to accept and store email for those staff and visitors who have left.  Email will most likely be deleted when an account is closed. For departing staff and visitors, at least one month in advance, be sure to make arrangements with your primary Sysadmin in order to have mail forwarded to a new address. Such email forwarding may occur even if the ACOM accounts have been deleted.

 


 

 

Update history:

  • 2014-05-22 - Update to include Google Apps and other recent decisions regarding email support (tef)

UCAR/NCAR Share

                  

                  

ACOM | Atmospheric Chemistry Observations & Modeling