ACOM Email Policy

Revised: January 4, 2018

Also see:

 

Provision of Email Accounts

All paid staff, emeritus,and visitors with V1 status (paid by UCAR funds) in ACOM will be given a Google Suite account which includes email and a username@ucar.edu identity.

Staff who aren't eligibile for Google Suite include unpaid staff such as retired staff, volunteers, and visitors paid by other institutions.  Email for non-eligibile staff must be provided by another institution or personal email provider and cannot be provided by UCAR.

ACOM no longer provides mailbox services other than Google Suite.  The quota on the Google Suite server no longer has a 30GB limit; that is, you may store as much business related content as you need on Google Suite. 

Email Retention

Even deleted and some spam email is retained on the Google Suite server for a minimum of 30-days and usually for far longer.    However, email and other content on Google Suite is not backed up.  (Google "takeout" is a useful strategy for you to perform your own backups).

Google Groups

Google Groups are a part of Google Suite and offer a type of mailing list similar to the old "mailman" application we used to use.  Groups have one or more moderators and may be used to forward email to multiple recipients, or to keep discussion forum content.  To request a group, send a request to your ACOM system administrators providing the name of the group, who will administer it, and a brief description of the group's purpose.  Only currently-employed UCAR staff may act as group moderators.

'acomonly' announcement list

A special Google Group is designed to forward email to all currently-employed ACOM staff and visitors.  Subscribers may be such persons who have an interest in ACOM and who want to keep up with the laboratory.

Since the list has a wide audience, please keep your audience in mind and use the list only for email that will be of interest to the entire laboratory.

Google Suite maintains lists for internal tracking.  Do not use groups or lists which start with the phrase "all" (e.g., all-acom@ucar.edu).  Mail will get delivered but rarely to the audience that the name of the group or list implies.

UCAR Communications by Email

Email is an important means of electronic communications at UCAR.  It is a convenient way to disseminate information, send attachments to individuals, and otherwise conduct business in a way that keeps a record of the communication at hand.

Communications should be professional and courteous, following all of the rules and guidelines of workplace behavior as defined by UCAR and applicable laws and regulations.  Be aware of possible restrictions in the content of your email: the transmission or receipt of unencrypted sensitive personal identifying information (e.g., password and social security numbers), ITAR information, and HIPAA as well as other categories that are restricted by UCAR policy.  Never send a password encrypted by email.

Privacy

The privacy of email communications is important for us to preserve.  

Email is not completely private, however.  As with paper memos, email is considered UCAR property and can be examined by administrators who are following UCAR policies.  Email can also be examined as a result of a court order.  Google does not scan email and does not present advertising under the Google Suite agreement.  However, email may be scanned by system processes, such as for indexing, security, and storage.

Whether email is hosted by Google or stored locally, technical failures may occur which violate the privacy of email communications.  For example, a system administrator may accidentally see a message when helping a user with an unrelated problem.  Another staff member may see a message left up on a person's screen.

Because of the limits that we have on email privacy, each staff member must not leave email on NCAR equipment that would cause personal or legal issues to parties who are mentioned in the context of that email including the sender and the recipient.  Aspects of email such as complaints against another staff member, inappropriate agressive, offensive humor, gender-based or other based harassment, sensitive documents, very personal communication, etc., are not appropriate to leave stored on UCAR equipment or in Google Suite and should be removed, or offloaded and stored privately.

Personal Communications by Email

We do allow our email addresses to be used for personal communications as long as those communications are in accordance with other UCAR policy.  (For example, we can't allow UCAR email addresses to be used for political or profit-making business communications).  If you do use email for personal communications, keep in mind that mail may be viewable by others at UCAR.  If privacy is a concern, be sure to delete email messages after you have read them.   Mail may exist on Google Suite storage and its Vault service, even after deletion.

Allowed Protocols and Email Clients

Google uses two methods of access:

 

ACOM system administrators support one IMAP client: Mozilla Thunderbird (Mac, PC/Windows, or PC/Linux).  Other IMAP clients may be used, but support cannot be offered beyond offering IMAP settings that may enable the IMAP client to work.  Particularly problematic is Apple's Mail app on macOS, and we discourage its use.  (Airmail may offer a commercial alternative that works somewhat better than Apple Mail, but the best option at this time is Thunderbird).

IMAP-based Email software must be kept up to date as security updates are released by the manufacturer.

Malware and Spam

Spam has become not just an annoyance full of unwanted marketing, but a serious security threat.  Techniques include scams, scripts, phishing (with links to pages that look like legitimate sites), malicious HTML or attachments, and Ransomware.  Phishing is desgined to capture sensitive personal information or to entice a reader to download software that can further compromise a system.  Organized crime has become involved in spam, and with recent FISMA security standard and other standards of security compliance, it is more important than ever to be cautious with unsolicited email that may contain malware or spam.  Fortunately Google Suite (gmail) does a good job of filtering a great deal of malicious content.  Beyond that, be aware of these guidelines:

  • Spam may appear to come from legitimate users -- even your systems administration staff.
  • It is not always easy to tell from the context of a message that it's spam.
    • One good way to tell is to pay attention to the reply address.    If you get a FEDEX delivery notice and the reply is "fedex.boguswire.ru" for instance, you have a strong clue that the message is trying to scam its reader.
    • Be aware of the types of spam that can occur seasonally -- delivery notices at Christmas, wedding announcements in the summer, political messages, etc.
    • Be skeptical -- beware of the the ways in which spam can entice a reader -- for example, promising that urgent action is required.
  • Never open attachments unless you are absolutely sure they are trustworthy, and never click on unsolicited links contained within email messages.  Doing so may put you and our institution at risk in terms of network security.
  • Always use plugins that restrict or disallow scripts in browsers.  We recomment uBlock origin.  

 

Unfortunately it is difficult to avoid receiving spam email.  Gmail filters most spam, but not all.  Our general recommendation is to delete spam email when it's encountered.  Don't read it, send it to anyone else (including the Systems Staff), or respond to it in any way.  Don't respond to "unsubscribe" links -- these are often links to phishing sites and at the least provide information to a sender that you received and read their spam.   Look into using gmail filters to further reduce unwanted email.

Hoaxes

Hoaxes are a variant of malware.  Often they are benign in terms of security, but recently have been used to manipulate readers (such as in politics).  Such messages usually implore you to forward the message to others and usually try to establish credibility with their language.  For example, a hoax email may look like a news announcement with a headline "The FCC is about to ban all religious broadcasting".    These are a form of unsolicited email which should not be forwarded.  As with other spam, looking skeptically at the reply address or recipient list is usually a good way to identify that a message is a hoax.  Chain letters as well as lobbying to send postcards to a sick or dying individual also fall into this category.

Email Requests 

There are a few requests your system administrators cannot honor regarding email -- either because of the need to protect email privacy, the need to follow UCAR policy (see policy 3-6 linked at the top of this page), or the need to meet other regulatory, legal, and ethical obligations.  ACOM system administrators cannot:

  • Extract an email message from a mailbox to give to another user without mailbox user's permission.
  • Remove an email message from another user's mailbox 
  • Guarantee that an old email will be deleted.  (This is because that email may exist in copies on an individual's desktop machine, saved in a separate document, or copied in an application's cache or history).
  • Report on the contents of an email message to another user
  • Deny a court-order request to examine an email message.  (System Administrators are obligated to work under the direction of UCAR's attorneys when this situation occurs)
  • Decrypt an encrypted email

  

UCAR Policy 3-6 goes into further detail about these types of requests.

 

Email for Departing Staff/Visitors

UCAR does not retain email or accounts beyond the date of departure of a staff member or visitor.  Therefore, it is vital that you work with the system administration team in ACOM to make arrangements to copy your email to a non-UCAR provider.  For that, we recommend a personal gmail account.  Some email may require as much as a couple of weeks to copy and it must be done while the Google Suite account is still active.  Google Takeout must also be performed before an employee's departure date if gmail, Google Drive, or other Google Suite content needs to be saved off-line.

 

 

References

UCAR/NCAR Share

                  

                  

ACOM | Atmospheric Chemistry Observations & Modeling