V. Electronic Mail Policy and Procedures Principles, Policies, User Responsibilities, and Information Technology (IT)

I. Purpose:

Proper usage. Electronic Mail (e-mail) is provided as a  professional resource to assist Metro State students, faculty and staff in fulfilling the educational, research, communication and service goals of MSCD. Incidental personal use is permitted as long as it does not have negative effects on any other e-mail account, jeopardize the e-mail system, interfere with your job or violate the law or any other provision of the Metro State Appropriate Use Policy or of any other policy or guideline of Metropolitan State  College of Denver. Each user is responsible for using the e-mail system in a professional, ethical, and lawful manner.

Material that is fraudulent, harassing, profane, obscene, intimidating, defamatory or otherwise unlawful or inappropriate; may not be sent by e-mail or by other forms of electronic communications. Metro State reserves the right to revoke e-mail and related privileges from any individual violating these policies.

II. Policy:

  1. Responsibilities. The use of each account is the personal responsibility of the account holder. The contents of e-mail will not be monitored, censored, or otherwise examined except with specific authorization and direction by the College Attorney or as part of the required system administration as described below.
  2. Disguising and or impersonating e-mail identities; "spoofing". Users should not disguise their identity or user name while using the Metro State e-mail system or alter the 'From:' line or any other indications of origin on e-mail or postings. Behavior of this type violates the guidelines for student and professional conduct and is equivalent to fabricating identities on any other written document.
  3. Chain e-mail. Users should not initiate or forward chain e-mail. Chain e-mail is a message sent to a number of people asking each recipient to send copies with the same request to others.
  4. Sending unsolicited e-mail; "spamming." Users should not
    send unsolicited, non-school related e-mail to persons with whom they do not have a prior relationship.
  5. Virus prevention: The e-mail server examines all messages flowing through it and will reject those that it determines to contain a virus. When this happens, a reply is sent to the message origin stating why the message was rejected. The ability of the e-mail server to ascertain virus content is not guaranteed. Additionally, if e-mail is being read on a personal computer (Webmail, Outlook, Eudora) either at home or in the workplace, the use of a virus scanner that will inspect messages before they are read is strongly urged. Be highly suspicious of any unsolicited messages that contain attachments, with file types of .exe., .com, .bin and .vbs where the sender, subject line, or content seem out of place.
  6. Court order or law enforcement investigation may require the examination and release of any document, including electronic files such as e-mail. Colorado law provides that communications of College personnel that are sent by e-mail may constitute "correspondence" and, therefore, may be considered public records subject to public inspection under Colorado's Public Records Act, C.R.S. 24-72-203. However, e-mail messages produced or stored using state-owned equipment or software generally are excluded from the definition of "records" subject to the provisions of the State Archives and Public Records Act, C.R.S. 24-80-101, et seq. [http://64.78.178.125/cgi-dos/statdspp.exe?L&doc=24-80-101] Also, e- mail of students may constitute "education records" subject to the provisions of the federal statute known as the Family Educational Rights and Privacy Act of 1974 (FERPA). The College may access,inspect, and disclose such records under conditions that are set forth in the statute.When a person affiliated in any way with the College is involved, IT will act only under the specific instructions of a member of the College Attorney's office to ensure that individual rights, including rights to privacy and due process, are maintained.
  7. Metro State employees and business associates may, under certain conditions, have e-mail files accessed by others when it is related to departmental functions. A special condition exists for a staff employee or business associate who receives e-mail associated with College business functions and where, in that person's absence, a supervisor or others in the department needs to have access to the e-mail. IT must continue to maintain the privacy of e-mail but on authorization from the Department Head or Dean may locate and copy specific messages. No person outside IT may review the entire contents of an account's system mailbox without authorization by the College Attorney.
  8. Mail moved by the account holder outside the e-mail system becomes personal files covered by other policies and procedures. Note that e-mail downloaded to files on a personal computer or outside of the Metro State e-mail system is covered by other policies and procedures. Those files on a personal computer are outside the system management of IT.
  9. IT administers the campus e-mail system in a manner consistent with the system's importance for campus communication and the need for privacy of e-mail messages. In the process of administering the e-mail system, certain members of the IT staff may have access to the contents of certain e-mail messages. Furthermore, information about the contents of e-mail must not be communicated to other members of the IT staff unless required to administer and support the system, and may not be communicated to anyone outside IT without the approval of the College Attorney (with the exception noted in (7) above).
  10. Although normally fast and reliable, delivery to on-campus e-mail addresses is not guaranteed. There is no assurance that the recipient will examine a particular message, nor can confidentiality be absolutely guaranteed. IT can provide advice on how to use additional procedures and software with the system when higher levels of security and confirmed delivery are required, for example with job applications or job searches.
  11. There are no assurances about the handling of e-mail received from or sent to addresses outside MSCD. Organizations managing e-mail systems elsewhere on the network may or may not have policies similar to those described here. Many are known to consider e-mail the property of the organization, subject to examination. Be aware of this possibility when you correspond with those elsewhere on the network. While IT may be able to provide some advice, Metro State has no direct influence on the handling of e-mail anywhere outside the local network.
  12. Some information about personal mail use is not confidential because of the way computer systems operate. Depending on how a person uses e-mail, the following information can be seen by other people:
    1. The fact that a person is running a mail application.
    2. The account to which mail is being addressed.
    3. The size of the account's mailbox (mail waiting to be read).
    4. The date and time mail was last read.
  13. The administrators of MSCD's e-mail facility may, within certain limits, block e-mail (including external, unsolicited, bulk e-mail --"spam"). The annoying, potentially resource intensive, and sometimes offensive nature of unsolicited bulk e-mail being sent by commercial or quasi-commercial organizations may require MSCD's e-mail administrators to block receipt of mail from some locations on the Internet. This blocking action is permitted if justified and where such blocking minimizes the likelihood that legitimate e-mail to Metro State account holders will be blocked as well. E-mail administrators are not permitted to use the content of the message or of the subject line in the mail heading to block or divert delivery of any message, except to block e-mail containing spam, computer viruses (or similar destructive content).
  14. The account holder must maintain password security. E-mail addressed to an account is delivered to a mailbox file that can be accessed through a variety of computer programs (e.g., Outlook, Pine, Webmail, Netscape, Eudora) under account password control. The account holder is responsible for maintaining strict confidentiality of that password, as described in the general statement on computer ethics and responsibilities.
  15. The account holder is expected to manage all mail delivered to that account. It is the responsibility of the account holder to manage her/his e-mail by suitably disposing of mail in the account's Inbox folder (deleting messages, moving messages to personal folders on the e-mail server, or moving them to a PC). Managing e-mail also requires account holders to suitably control the automatic delivery of messages from services such as mailing lists (e.g., Listserv).
  16. Electronic storage for Inboxes is limited and the IT staff must ensure that sufficient space is available for the on-going delivery of new messages. IT will establish a maximum permissible Inbox folder size. When this size is exceeded, the entire Inbox contents may be moved to a new folder on the mail server, where it will be accessible by the account holder. An e-mail message notifying the account holder that this action has been taken will immediately be sent, providing information about where the e-mail has been placed.
  17. Electronic storage for personal mail folders is limited on the
    E-mail server    . Students, faculty and staff each receive a portion of centralized storage space for personal e-mail folders. This allotment is given when the e-mail account is created for the first time and generally appropriate for most use. IT will double the initial amount upon request. Student requests for amounts beyond this require the support of a faculty member. Requests for more than twice the general allotment must be made in writing to the College's CIO.
  18. Unread Inbox messages will be deleted from the server 180 days after they were sent. Unread e-mail that remains in the Inbox folder creates processing overhead for the post office mail server. Unread e-mail that resides in the Inbox folder is not archived during system backups. Unread e-mail messages in personal folders (moved from the Inbox) is not subject to deletion and is archived as part of normal system backup processing
  19. The accumulation of a large volume of mail in an account's Inbox may require IT to take management action. If an account receives a volume of e-mail that causes network degradation, mail processing slow downs, storage problems; IT will take actions to reduce the volume. In cases where, over a period of a week or longer, an account receives a large volume of mail and the account holder retains it in the Inbox, IT will begin a series of responses to safeguard the account holder's mail, protect performance of the e-mail system, and help the account holder gain control over the amount of mail being received.
    These are the response stages:
    1. Whenever the Inbox is moved to a personal folder, IT will send an
      informational message that will offer assistance and advice on how to manage the
      receipt of mail. It will alert the account holder to the need for him/her to
      take action in managing the account.
    2. IT will contact the person by phone or conventional mail to alert that
      person to the problem, to request that immediate action be taken, and to offer
      advice on how to proceed.
    3. IT will request permission from the appropriate Dean or Vice President to
      deactivate the account.
  20. Extraordinary action may be required under specific constraints.Certain circumstances may require IT to take extraordinary action in administering the e-mail system. This might be caused by system malfunction or malicious actions by an individual. IT must take steps to:
    1. protect the privacy of mail,
    2. protect the functionality of the e-mail system,
    3. protect account holders from disruption of their use of the e-mail
      system.
    Extraordinary action taken by IT to limit an individual's access to the system or to inspect and/or alter the contents of a mailbox is subject to review by the College Attorney.
  21. Group e-mail accounts-A group e-mail account is a single, Metro State e-mail address used by more than one person for conducting official business of the college. A group e-mail account is different from a Lyris mail list or class-cluster mail list. The purpose of a group e-mail account is to provide an easy to understand functional name for the sender, provide a single depository (Inbox) for incoming e-mail, and to allow any group member to see, service, and respond to messages. The employee replying to an e-mail message can either do so anonymously through the group e-mail account or can forward the message to a personal account if a more personal reply is desired. An e-mail alias is an alternative to a group e-mail account. Unlike a group account, an e-mail alias acts as a synonym for personal e-mail addresses. When a message addressed to an e-mail alias is received, the message  is automatically forwarded on to one or more personal e-mail addresses. The sender is not aware they are addressing their message to an alias address. An e-mail alias does not have an Inbox nor can e-mail be sent from an e-mail alias. E-mail aliases are created and maintained by the System Administrator.
  22. Requesting a group e-mail account-Group e-mail accounts introduce special security concerns. Unlike a personal account, which is used by
    only one person-harassing, threatening, or otherwise inappropriate e-mail cannot be traced to any one person when the message originates from an account used by multiple employees. Requests for group e-mail accounts must be made in writing to the Vice President of Information Technology (CIO) and include the following:
    1. A description of the business function that will be served by such an
      account,
    2. A description of the volume of messages that will pass through the account,
    3. A description of the number of people and their job responsibilities who
      will share the account, and
    4. The signature of the department head agreeing to take personal
      responsibility for the additional security risks presented by group e-mail
      accounts.

Notes: Portions of this document were taken from similar e-mail policies in place at Harvard Medical School, Colby College and the University of Colorado at Denver and Health Sciences Center.

Approved December 2001