The purpose of this policy is to describe the acceptable use of the University's email and related services, systems and facilities.
The Policy is maintained and regulated by Computer Services and is cross-referenced to, and by, a number of other University policies and regulations.
The Policy will be made available to users of the email and related services and facilities. There will also be periodic review of the Policy and, if necessary, amendment from time to time. This will be necessary with regard to the expected development of the system, the operational use of the system and generally recognised best practice.
Email services are provided by the University to support its primary role of education and research and associated functions related to this role. See Who can have an account for details of categories of people who are eligible for access to computing facilities.
2 Statement of authority and scope
This policy is intended to detail the rules of conduct for all members (generally staff and students) of the University of Bath who use email and related services. This Email Policy applies to the use, for the purpose of sending or receiving email messages and attachments, of any IT facilities, including hardware, software and networks, provided by the University. The Policy is applicable to all members of the University including staff, students and other authorised users of University IT facilities.
Only authorised users of the University computer systems are entitled to use email facilities. All members of the University who agree and abide by the University regulations, are entitled to use computing facilities and email systems at all times when the network is available.
The University complies with and adheres to all its current legal responsibilities including Data Protection, Electronic Communication, Regulation of Investigatory Powers (RIP), Human Rights, Computer Misuse, Copyright and Intellectual Property
3 Statement of responsibilities
Individual users are responsible for their own actions. The use of email facilities by individuals at the University of Bath assumes and implies compliance with this policy, without exception, and those Acts, Policies and Regulations referenced below and enacted or authorised by the University or other regulatory bodies. Every user of email systems has a duty to ensure they practice appropriate and proper use and must understand their responsibilities in this regard.
Senior management of the Digital, Data & Technology will be responsible for ensuring heads of Faculties, Departments, Schools, Centers and Units are aware of this policy; they in turn will be responsible for informing their people of this policy.
DD&T are responsible for providing and maintaining central email systems.
DD&T are responsible for email policy as a whole. Within each Faculty, Department, School, Center or Unit certain areas of IT and computer security will be delegated to local support. This will be with full cooperation and support from DD&T.
4 Acceptable use
The University's main purpose in providing IT facilities for email is to support the teaching, learning, research and approved business activities of the University. IT facilities provided by the University for email should not be abused. An absolute definition of abuse is difficult to achieve but certainly includes (but is not necessarily limited to):
- creation or transmission of material which brings the University into disrepute
- creation or transmission of material that is illegal
- the transmission of unsolicited commercial or advertising material, chain letters, press releases or other junk-mail of any kind
- the unauthorised transmission to a third party of confidential material concerning the activities of the University
- the transmission of material such that this infringes the copyright of another person, including intellectual property rights
- activities that unreasonably waste staff effort or networked resources, or activities that unreasonably serve to deny service to other users
- activities that corrupt or destroy other users' data or disrupt the work of other users
- unreasonable or excessive personal use (See 4.2 below)
- creation or transmission of any offensive, obscene or indecent images, data or other material (other than for reasons specified in 4.3 below)
- creation or transmission of material which is designed or likely to cause annoyance, inconvenience or anxiety
- creation or transmission of material that is abusive or threatening to others, serves to harass or bully others, discriminates or encourages discrimination on racial or ethnic grounds, or on grounds of gender, sexual orientation, marital status, disability, political or religious beliefs
- creation or transmission of defamatory material or material that includes claims of a deceptive nature
- activities that violate the privacy of others or unfairly criticise, misrepresent others; this includes copying distribution to other individuals
- creation or transmission of anonymous messages or deliberately forging messages or email header information, (ie without clear identification of the sender) or for 'flaming'
- the deliberate unauthorised access to services and facilities accessible via JANET
- the unauthorised provision of access to University services and facilities by third parties
4.2 Personal use
The University permits the use of its IT facilities for email by students, staff and other authorised users for a reasonable level of personal use. An absolute definition of abuse is difficult to achieve but certainly includes (but is not necessarily limited to):
- a level of use that is not detrimental to the main purpose for which the facilities are provided
- priority must be given to use of resources for the main purpose for which they are provided
- not being of a commercial or profit-making nature, or for any other form of personal financial gain
- not be of a nature that competes with the University in business
- not be connected with any use or application that conflicts with an employee's obligations to the University as their employer
- not be against the University's rules, regulations, policies and procedures and in particular this email policy
4.3 Research and related
It is recognised that, in the course of their work or research, individuals of the University may have a requirement to transmit or receive material that would normally be defined as offensive, obscene, indecent or similar. In the case of properly supervised or lawful research purposes it is acceptable to do so. If in doubt advice should be sought.
5 Quotas and limits
All users have access to the centrally-managed email server. All accounts have quota limits placed on them. All file partitions are backed up to tape on a regular basis. Accounts that are removed will have their files archived in accordance with the Account Closure and User Accounts policies. Unless specifically requested no archiving takes place.
Users receive email notification when approaching their quota limit and are encouraged to follow guidance in this email to manage their account. The final email that is received which takes an individual over their limit will always be delivered. Once over quota no further email can be delivered to an individual's inbox until they have reduced their storage below their limit. Email that fails to be delivered because a user is over quota is held in the local mail queues for four days and the system will retry periodically to deliver. After four days the email is returned to sender.
There are limits on the size of an email that can be received and transmitted. No email greater that 10 Mbytes can be accepted for delivery to a Bath account. No email greater than 10 Mbytes can be accepted for transmission by the email servers.
6 Virus checking
Computer viruses, trojan horses and worms are collectively known as malware. One common method of distributing malware is via email. All email communication through the Computer Services email gateways is checked for malware. Checking strategies include: refusing messages containing executable attachments, scanning messages for known malware or a combination of both techniques. Please note that this is a separate procedure and not related to the virus scanning policy applied to the central fileserver.
Messages containing malware will be retained for up to a month for administrative reasons. The sender of such messages will be informed of the viral content of their email. A similar message will be sent to the administrator(s) of the email gateways.
7 Aliases and lists
All members of staff will be allocated email aliases based on their initials and surname. Email alias duplications are possible so it is sometimes not possible to offer the exact email alias to users. Specific email aliases can be requested for individual or group use if there is legitimate requirement. Email aliases will not be changed for arbitrary or trivial reasons and the final decision on whether a reason is valid lies with DD&T.
Email lists can also be created. Generally individuals requesting a list will be responsible for the ownership and management of the list.
8 Automatic email forwarding
Automatic forwarding or redirection of email to other mail domains is possible. DD&T absolve all responsibility for email forwarded off the campus network. It is the individual's responsibility to set forwarding up and make sure the forwarding address is correct and the email service being used is reputable and reliable. Users must exercise caution when automatically forwarding any email to an outside network and question the need to even do so. All our email services are accessible to authorised users from the Internet.
Automatic forwarding or redirection of email within the bath.ac.uk mail domain is not allowed. Allowing other people to access email can be achieved directly by sharing email folders and mailboxes.
Traffic through the Computer Services email gateways is logged. Logs include details of the flow of email but not the email content. Transaction logs are kept online for up to a month. Backups of these logs are kept for up to 3 months. Logs are available to authorised systems personnel for diagnostic and accounting reasons.
Standards are adhered to wherever possible. The Computer Services email gateways will attempt to verify the source and destination of email before being passed on. The postmaster and abuse email addresses are implemented in accordance with RFC 2142.
11 Spam and junk mail
Spam can be defined as "the mass electronic distribution of unsolicited email to individual email accounts". Junk mail is usually a result of spamming. In reality spam and junk mail are regarded as interlinked problems.
A certain amount of junk mail is blocked at the mail gateways based on the UKERNA subscription to Realtime Blackhole Lists. UKERNA has subscribed to these services on behalf of all JANET customer organisations. Any mail reaching the email gateways which has been marked by these services will be rejected.
Incoming email is also checked against other Realtime Blackhole Lists and if successfully matched is marked locally with the insertion of an additional header flag. Email matching the databases is NOT blocked, it is simply marked and passed as normal. There are methods individuals can use to filter this email.
12 Remote access
Remote access to University IMAP email servers (for reading email) is possible via the Internet or via the University's dial-in Remote Access Server (RAS). Remote access to other POP3 or IMAP mailboxes off campus is permitted via secure methods only.
Access to remote SMTP servers for sending mail is not permitted and is blocked at the firewall. In line with JANET guidelines and accepted practice all machines on the campus network must be configured to use the University's SMTP server, smtphost.bath.ac.uk, for outgoing mail. Access to the university's SMTP servers from off campus is permitted for encrypted and authenticated connection only.
13 Incident handling and data protection
The University will investigate complaints received from both internal and external sources, about any unacceptable use of email that involves DD&T IT facilities. DD&T, in conjunction with other departments as appropriate, will be responsible for the collation of information from a technical perspective. It should be noted that logs are only kept for limited periods of time so the prompt reporting of any incidents which require investigation is recommended.
Where there is evidence of an offence it will be investigated in accordance with the University's disciplinary procedures applicable to all members of the University. In such cases DD&T will act immediately with the priority of preventing any possible continuation of the incident. That is, accounts may be closed or email may be blocked to prevent further damage or similar occurring.
14 Related documentation
- University Regulations
- Acceptable Use Policy
- Janet Acceptable Use Policy
- Proper Use Guidelines
- Junk Mail
- Data Protection
- Electronic Communications Act 2000
- Regulation of Investigatory Powers Act 2000
- Human Rights Act 1998
- Computer Misuse Act 1990
15 Document Control Information
Version Number: 1.1
Approval Date: February 2016