Email Service Policy

Responsible Executive:  UC Berkeley's Associate Vice Chancellor for Information Technology and Chief Information Officer
Responsible Office:  Office of the CIO

Contacts:

Policy Summary

Campus Email Service supplies email and mailing list services in support of the University's mission of education, research and public service and to conduct the University's business. Access to and use of Campus Email Service is a privilege accorded at the discretion of the University. Use of campus email service is subject to legal and policy restrictions that apply to all University property and by constraints necessary for the reliable operation of electronic communication systems and services. The Berkeley Campus reserves the right to deny access to use campus email service when necessary to satisfy these restrictions and constraints.

Who Should Read This Policy

Campus Email Service applicants, service users, and service administrators.

Why We Have This Policy

This policy enumerates the principles and practices of operation for the Campus Email Service.

Responsibilities

A. Policy Administrators:

This Policy is issued by Information Services and Technology. The Office of the CIO IT Policy Manager is responsible for maintenance of this Policy.

B. Service Users:
  1. Appropriate Use

    Campus Email Service users must comply with the Data Use Agreement described in Appendix A to this Policy (see Related Standards tab).

    The Data Use Agreement also applies to campus departmental domain email users.

  2. Privacy Awareness

    Users of Campus Email Service should exercise extreme caution in using email to transmit confidential or sensitive matters. Confidentiality might be compromised by unintended redistribution or by the inadequacy of current technologies to protect against unauthorized access. The privacy of electronic communications is also limited by:

    1. laws that protect the public's right to know about the public business;
    2. policies that require employees to comply with management requests for University records in their possession; and
    3. technical requirements for efficient operation of University electronic communications resources.

    Also see Appendix B: Cautions in the Use of Email for more specific information.

C. Service Provider:
  1. Operation of this Service

    Campus Email Service endeavors to provide to the campus community the most reliable, high performance, electronic communication service possible, within the constraints of available resources and technological resources. To ensure that the service is administered in compliance with applicable regulations and principles, Campus Email Service is administered in accordance with the Guidelines for Administering Appropriate Use of Campus Computing and Network Services.

    The administrators of secondary domains may develop and require more comprehensive policies in addition to, and not less restrictive than, the provisions of this Email Service Policy and the Appendix A: Data Use Agreement.

  2. Publication of Information
    1. Service Information: Campus Email Service maintains and publishes material regarding this service in accordance with normal professional standards. See, for example: Who is eligible for an email account, Knowledge Base for Campus Email Service users, and the IST Systems Status site.
    2. Policy Requirements: Campus Email Service notifies all users of the requirement to abide by the Data Use Agreement. Notification is given:
      1. to new user applicants at the time an account is requested;
      2. to all affected users upon significant changes to the provisions; and
      3. as a reminder to all users, via the Campus Email Service home page.
      Service information and policy notifications may be in print or electronic form and shall include reference to an email address or other viable contact information to reach authoritative individuals who can answer questions.
       
  3. Protection of Privacy

    Campus Email Service systems support staff do not routinely inspect, monitor, or disclose email electronic communications without the holder's (creator's or recipient's) consent. Nonetheless, subject to the requirements for authorization, notification, and other conditions specified in the UC Electronic Communications Policy (ECP), Section IV. B., electronic communications may be inspected, monitored, or disclosed under very limited circumstances.

    During the performance of their duties, personnel who operate and support Campus Email Service may periodically need to monitor transmissions or observe certain transactional information to ensure the proper functioning and security of Campus Email Service resources. On these and other occasions, systems personnel might observe the contents of email electronic communications. Except as provided in the ECP or by law, they are not permitted to seek out the contents or transactional information where not germane to the foregoing purposes, or disclose or otherwise use what they have observed.

    Such unavoidable inspection of electronic communications by Campus Email Service support personnel is limited to the least invasive degree of inspection required to perform their duties. This authorization to perform system support duties does not exempt personnel from the prohibition against disclosure of personal and confidential information, except insofar as such disclosure equates with good faith attempts to route an otherwise undeliverable electronic communication to its intended recipients.

    Any personal and confidential information observed during the normal duties of system operation and maintenance will be treated with strictest confidentiality, except in cases where it is evidence for violations of law, or University policies. In these cases, the nature or contents of that information will be disclosed only to proper authorities.

    Except as authorized under the conditions specified in the ECP Section IV. B., systems personnel shall not intentionally search email electronic communications records or transactional information for violations of law or policy. However, as required by Business and Finance Bulletin G-29, Procedures for Investigating Misuse of University Resources, they shall report violations discovered inadvertently in the course of their duties.

Procedures

A. Access to the Service
  1. Individuals:

    Current students, faculty, emeriti and staff are eligible to apply for individual Campus Email Service accounts. Others, such as visiting scholars, post-doctoral researchers, retired staff, and affiliates may gain eligibility as described in Who is eligible for a Campus Email Service account.

  2. Departments:

    Departments or other organizational or administrative units of the Berkeley Campus may apply to set up Campus Email Service accounts for shared use to conduct the University's business. For details, see the Departmental accounts webpage.

B. Use of the Service

"How-to" information about using Campus Email Service features is available from bConnected.berkeley.edu. Consultation is also available from consult@berkeley.edu.

C. Restrictions of Service
  1. Related to Possible Misuse

    Access may be wholly or partially suspended or rescinded without prior notice and without the consent of the user as described in the Electronic Communications Policy section III-E, "Access Restriction".

    Subject to any legally-authorized limitations, intentional action restricting a user's Campus Email Service in response to suspected misuse will follow relevant procedures that assure due process, such as Student Conduct Policies, Faculty Code of Conduct, Staff Contracts or Policies, or other Affiliation Agreements.

  2. Related to Service Administration, Changes, or Outages

    Normally, users shall be notified in advance of any planned temporary outages or changes affecting their use of Campus Email Service that are necessary due to system support requirements. Unless unforeseen circumstances dictate more immediate action, service notifications will be planned to allow sufficient time for users to make provisions for accommodating service outages or changes, to the extent possible.

    Unintentional service outages for reasons outside the control of Campus Email Service providers, such as infrastructure failures, may occur without notice.

    System status information is maintained at http://systemstatus.berkeley.edu. This site will be updated whenever there is a change in system status that will affect system availability for more than 15 minutes.  Campus Email Service status news items also may be posted on the bConnected home page and/or the campus IT News page.

D. Backup Copies, Archiving

Campus Email Service does not maintain central archives of all email sent or received. Email is normally backed up only to ensure system integrity and reliability, not to provide for future retrieval, although back-ups may at times serve the latter purpose incidentally. Campus Email Service staff are not required by this Policy to retrieve email from such back-up facilities upon the Holder's request, although on occasion they may do so as a courtesy.

E. Traffic Controls
  1. Flow Control Limit

    Campus Email Service imposes various limits and automatic restrictions in order to protect the service and its users. These limits are intended as protection from both malicious and accidental abuses of the system. These limits include (among others):

    • maximum message size
    • number of messages an account can send or receive per unit of time
    • number of simultaneous connections a single host can make

    Additional limitations and security measures may be imposed at any time, either temporarily or permanently, either as needed or as part of ongoing improvements to the service.

  2. Malware Filtering

    Campus Email Service employs virus detection processes to automatically delete or reject email messages containing commonly-accepted indicators of known malware, such as viruses.

  3. Spam Tagging

    Campus Email Service automatically identifies and marks incoming email messages which have a high probability of being unwanted, unsolicited, email ("spam").

  4. Phishing

    Phishing is an illegitimate attempt to trick people to reveal sensitive information, such as passwords and credit card or bank account numbers, by impersonating as someone trustworthy. Spear phishing is a highly targeted type of phishing that may be harder to identify and is commonly deployed against the Campus Email Service system.

    Campus Email Service uses automated techniques, including blacklists, to reject emails phishes; however, updating these blacklists is often dependent upon escalated reports from Campus Email Service users.

    If you receive an email you are not sure about, forward the email—don't reply—to the Campus Email Service Consulting Staff at consult@berkeley.edu. Please forward the email as an attachment, so that full headers are included.

Glossary

Use of terminology in this document corresponds to the definitions in the ECP's Appendix A — Definitions. Additional terms include:

account
The administrative mechanism for authorizing any use of Campus Email Service.
host
A computer connected to a network.
malware
Malware (for "malicious software") programs or files that are developed for the purpose of doing harm. Thus, malware includes computer viruses, worms, and Trojan horses.
spam
To exploit electronic communications systems for purposes beyond their intended scope to amplify the widespread distribution of unsolicited email.
user
The individual or department associated with each authorization account (see above).

Appendices