E-mail ramblings

This rambling includes e-mail security/insecurity, archiving and content filtering.

 

The University of Washington has posted the following information on their web site:  (http://www.washington.edu/itconnect/connect/email/)

  • Privacy:  The UW email systems are provided to support UW activities and are subject to state laws and UW policy.
  • Do not send sensitive information by email. This includes personnel data, patient records, student information, and financial information.
  • Email messages can be kept and forwarded. Never assume email is private, even when using encryption technologies. The message you send to one person can easily spread to many more.

 

What e-mail security infrastructure is in place at WOU?

  • SSL is the predecessor to TLS
  • What is TLS?
    • Transport layer security is an encryption protocol that is implemented by e-mail systems and other services to prevent eavesdropping and tampering.
  • Always choose TLS rather than SSL, if TLS is an option
  • What does Google say about TLS?  Why should I use TLS?
    • This encryption makes it more difficult for hackers to intercept and read messages.
  • Transport Layer Security is available for incoming and outgoing WOU mail accounts.
    • TLS is on by default when you use the web-based mail client.
    • If you are using an external mail program such as Macmail, Outlook or a mobile device, confirm that TLS or SSL is turned on for both inbound and outbound mail.
  • When mail is sent from a WOU mail account to another WOU mail account the transmission will utilize TLS/SSL, as long as sender and recipient have TLS/SSL turned on.
  • When sending mail to a non-WOU account, all bets are off.
  • You can ensure encryption on the mail receiver end by using active encryption
    • Information regarding active encryption can be found here.

 

Is WOU e-mail filtered?

  • Spam, anti-virus and content filtering is configured.
    • Examples of content filtering include:
      • Nigerian get rich schemes, etc.
      • When there is content with malicious intent that gets through the content management system, we manually enter a rule into the system.  This would include the “Your Mailbox Is Full” email.

 

Do you have trouble finding your e-mails on occasion?

  • They may be in your spam folder
  • All unfiltered e-mails are sent to the mail archiver.
    • The archiver currently contains about three years of e-mail.
    • Your mail that ended up in trash, was deleted or sent to the spam bucket, can be found on the mail archiver.
    • The archiver is located at https://archive.wou.edu
    • Use your Pawprint credentials to login to the archiver.
    • I recommend that you click on the Advanced Search link.

 

E-mail encryption

WOU uses Barracuda to provide e-mail encryption.

Barracuda both actively and passively encrypts e-mails.  Active encryption can be accomplished by entering the keyword #secure# in the subject line of your e-mail.  Passive encryption occurs when Barracuda finds social security or credit card numbers in the body of the e-mail.

Encryption can only be performed on e-mail that is sent to an e-mail address other than @wou.edu E-mail sent to @wou.edu will not be encrypted.

There will be a link embedded in the e-mail that the recipient will click on.  The first time a recipient receives an encrypted e-mail from WOU, they will be asked to create an account.  For all future encrypted e-mails, the recipient will use the login credentials they created the first time they received an encrypted message.

After the user logs into the encrypted site, via the link that is embedded in the e-mail, they will be able to view the contents of the e-mail at the encrypted site.

 

Below is a sample of the recipient’s view of an encrypted e-mail.


 

You have a new encrypted message from <username>@wou.edu

WOU_encryptedMailService

You have received an email message from <username>l@wou.edu that has been encrypted for privacy and security by the Barracuda Email Encryption Service.

To view the email message, click here to log into the Barracuda Message Center. You’ll be prompted to either create a password or enter the one you may already have. You can also paste the following URL into your browser to access the Barracuda Message Center:

https://encrypt.barracudanetworks.com/login?nid=xxxxx

The secure message will expire in 30 days. Need Help?

Disclaimer: This email is confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender.

Copyright 2013 Barracuda Networks, Inc. All rights reserved

E-mail Security

E-mail is not secure.  E-mail can be intercepted on the path from sender to receiver.  If the e-mail is sent to/from an open list-server, Google can scan it and post the results in Google searches.  These are just a couple of the many ways your e-mail can be viewed.  If you don’t want the contents of your conversations showing up in the newspaper, don’t put it in an e-mail.

If you need to send HIPPA, FERPA or other confidential information using e-mail, then encrypt the e-mail.  In the subject line use the keyword encryption or #secure#.  This only works when sending e-mail to an e-mail address outside of @wou.edu.  Only the body of the e-mail will be encrypted.  The subject line will be in clear text, available to the public.

More on encryption can be found here.