System administrators and computing service managers need to answer these questions for faculty and staff in their units:

Is undeliverable mail discarded, examined for delivery clues, or automatically returned to sender?

Is message content stripped from rejected or undeliverable mail?

Are messages stored in clear text or encrypted while waiting to be delivered? How are they stored after delivery?

What effect does file system backup have? Is e-mail backed up? How long are backups retained? How often are backups made?

Where is mail stored while waiting to be delivered and after delivery? How secure is that location?

When I delete a message is it gone?

Does the system make a copy of rejections? With text or without?

If I go off campus, how long is my mail held for me? Are there limits on how much mail I can receive, store, have waiting?

How long will my machine try to deliver outgoing mail before returning it as undeliverable?

Is there a way my mail can be absolutely private?

Should I send sensitive documents by e-mail?

Can I encrypt mail?

What kind of security features are available to me now? What is planned for the future, and when will that become available?

Recommended actions

Use encryption software packages.

Install a filter to keep text from view of postmasters or others.

Require postmasters and others to adjust windows on their screens in order to exclude text.

Train and expect those with special access privileges to “attention out” before the text of a message scrolls by.

Set a standard of asking the user’s permission prior to looking at text.

Train and expect those with special access to use special self-restraint or to ignore the content of any private message or file.

Tags:

• archive