Electronic mail (email) messages delivered to University email addresses are part of an important service that is used to conduct official business as well as personal business. IT Services strives to protect the core missions of the University, which are education and research, and actively works to mitigate risk to the University community. When an email message or an email server interferes with or endangers those core purposes, action will be taken to mitigate that danger.
The University reserves the right to not deliver, alter (to neutralize or remove the threat), or remove previously delivered messages that have been determined to be dangerous.
Email messages that might be altered or not delivered include the following:
- Email sent from a server that does not comply with email delivery specifications and standards.
- Email that appears to be spam or unsolicited commercial email (UCE).
- Email that appears to contain content, links, or attachments designed to obtain user credentials (phishing), install viruses or other malware, or attempts to evade security controls or trick a user into giving up sensitive information.
The University affirms that removal of a previously delivered message will:
- Only be used for malicious emails that present a potential information security risk to the University (e.g., phishing, social engineering, ransomware, viruses, or other malware).
- Not be used to remove content that is not a serious security risk. For example, it would not be used to remove objectionable or controversial content.
The University will not notify either the sender or recipient of a failure to deliver in the case of messages that appear to be spam or potential malevolent software (malware).
Responsible University Officer(s): Kevin Boyd, Chief Information Officer
Responsible Offices: Office of the CIO
Effective date: October 1, 2020
Last Updated: August 15, 2014
Questions regarding this Policy may be directed to:
IT Risk Program