Chief information security officer explains amendments to the procedure for using email service
University of Tartu Chief Information Security Officer Risto Rahu explains the changes that will be made in the email service at the beginning of 2024. The amendments concern forwarding the ut.ee email to external email addresses, archiving emails and managing the mailing list service.
What are the changes related to email forwarding?
We will discontinue forwarding emails from the ut.ee addresses to non-university email addresses. This concerns university staff and students who have forwarded their university emails to a personal email address.
For example, in the future, students will get lecturers’ emails and Moodle notifications only to their ut.ee email address.
After 29 January 2024, 15:00, emails will no longer be forwarded and must be read in the university inbox. More detailed information will be sent by email.
Those who have not forwarded emails to a non-university email address do not have to do anything.
Why is email forwarding discontinued?
Firstly, email is one of the main channels through which cyber attackers attack institutions. Fraudulent and phishing emails have become commonplace, and there is an ongoing fight to mitigate their impact. The main concern is that it is harder for users to identify forwarded fraudulent emails. Users who view their emails from a non-university email server will not see any additional sender information in the university emails. Also, other information that could help identify fraudulent emails can get lost in the forwarding process. As a result, the users can open fraudulent emails or reply to them.
Forwarding makes it more difficult to delete malware-containing emails automatically. Our antivirus software can delete or quarantine such emails in the university’s inbox even after they have arrived (for example, if new instructions about detected malware are received later), but there is no such safeguard for forwarded emails. When the university sends malware-containing emails due to forwarding, there is a risk that our servers will be automatically blacklisted and blocked because of distributing malware. This will require extra work from IT specialists and prevent us from receiving other emails.
Secondly, if the mailbox has been forwarded, the user will reply to an email from an external address, which can be misleading for the recipient and thus increase the possibility that fraudulent emails sent under the name of the university (for example, from gmail.com instead of ut.ee) are opened.
Thirdly, it is necessary to consider that forwarding emails sent to the university’s email address to a third party may violate national data protection requirements or the university’s obligations to protect data.
Fourthly, using a separate mailbox can help make a clearer distinction between university-related tasks and personal correspondence and reduce the risk of important information being overlooked.
In addition, Google will update its anti-spam rules as of 1 February 2024, which includes setting new limits on the number of emails arriving simultaneously and imposing stricter security controls. Today, we know that the number of emails forwarded from the university email address to Gmail exceeds these limits significantly, and this would lead to more frequent situations where the forwarded emails do not reach the non-university mailbox and the user does not receive the emails. We have already encountered such cases, and the university’s IT helpdesk cannot do anything then to help or support.
What possibilities for reading emails do I have after the forwarding has been turned off?
We have a couple of simple solutions to ensure that information is not lost.
The university email can be added as the second mailbox to the email app of your computer or smart device. Alternatively, you can read your university email on the kiri.ut.ee website, where you can log in with username@ut.ee and password.
Please note that two-factor authentication is required for all email accounts of university staff and students.
More information on authentication and turning off email forwarding is available on the IT helpdesk wiki pages. Questions can also be sent via the portal it.ut.ee.
How long will the emails of former staff and students be stored after they leave the university?
So far, the archive of the emails of staff and students has been retained for two years, but a change concerning the students will enter into force on 18 March 2024. Students’ emails will be deleted after the end of their last semester at the university when also their accounts will be closed. For example, the email account of a bachelor’s student graduating from the university in June 2024 will be closed at the beginning of the new academic year, i.e., September 2024. However, the accounts and emails of students who continue their studies at the master’s level will be retained.
If a student graduates in the middle of the academic year, i.e. after the autumn semester, their emails will be deleted, and the account will be closed at the beginning of the spring semester. Please note that in this case, if the student takes up master’s studies in the next academic year, their old emails are no longer available.
Nothing changes for the employees; their emails remain in the archive for two years after they leave the university.
For those who are both employees and students of the University of Tartu, the accounts will not be closed, and emails are not deleted at the end of their studies.
What are the changes related to mailing list management services?
As of 29 January 2024, mailing lists can be managed and created only with the university’s user account. Non-university email addresses can be used to join the mailing lists. This change concerns only mailing list owners and managers, who will receive more detailed information by email.
IT helpdesk contact details: 737 5500, arvutiabi@ut.ee, https://it.ut.ee
More on the same topic
