This is a spacer. No Picture here. JMU Home  | Accounts Info  | Computing  | Downloads  | Forms  | Passwords  | Self-Help    
Search Computing

» Self-Help
AVP Information Technology
» Computing Support
»» E-Mail Home


General E-mail Info
- Reporting Problems
- E-mail Security and Privacy
- Appropriate Use
- Junk Mail
- Labels and Bulk Mailing
- Mailing Lists (listservs)

News & Updates
» Computing Quick Start
» System Alerts
» Security and Virus News
» JMU Technical Advisory


Related Links
» Accounts
» HelpDesk
» Passwords
» Self-Help
» Training
» Tutorials


James Madison University

PUBLISHER:
JMU Office of Information Technology
MSC 0602,
Harrisonburg, VA 22807
PHONE: (540) 568-3555


FOR INFORMATION CONTACT:
Computing

Privacy Statement
Last Modified: August 08, 2007

Electronic Mail Security and Privacy

Security issues with E-mail can be broken down into four main areas:

 

Inappropriate behavior not specific to electronic mail

Threatening or offensive communications of any type are undesirable regardless of the delivery mechanism - e-mail, telephone, postal mail, anonymous notes, or in person. Similarly, intentional disclosure of confidential information constitutes inappropriate behavior regardless of the medium.

JMU IT can assist in determining the source of such e-mail messages and sometimes assist in blocking them but inappropriate behavior must ultimately be stopped at the source. JMU IT will make relevant information available to law enforcement or judicial organizations when necessary to prosecute perpetrators.

E-mail messages can be used to commit all types of fraud just as regular postal mail or the telephone system is used for such purposes.

 

Malicious e-mail messages taking undesired actions on the client computer

Today's e-mail systems and clients support attachments and other functionality that can lead to software being run on your computer against your will or intent. Defensive measures include:

 

Abuse of service

The increasing volume of unsolicited bulk e-mail, otherwise known as SPAM, fills our mailboxes and forces to take time to deal with unwanted messages. Sometimes the messages are offensive.

JMU IT takes steps to protect people using the JMU e-mail services from such abuse using anti-spam filters. Unfortunately, the nature of electronic mail and communications in an academic environment makes it impossible to proactively stop messages with any degree of certainty. In addition, the more stringent the filters, the more likely valid messages will be blocked.

If you find your mailbox being filled with messages (i.e. mailbombed), JMU IT will take steps to prevent the activity and provide law enforcement or other judicial organizations relevant information for prosecutorial purposes.

A SPAM information web page is available under the JMU Computing Security web site.

 

Loss of privacy or anonymity

Web Bugs

If you use an e-mail client that renders HTML e-mail, senders of HTML e-mail can send you a message that causes your computer to contact them when you read your e-mail.

Compromise of messages on intervening servers or communications paths

Electronic mail is a store and forward technology. Messages are routed over the Internet, often through intervening mail systems.

If mail systems are compromised or maintained by unscrupulous individuals, all messages passing through those systems are subject to compromise.

If messages pass unencrypted over communications lines, persons with the ability to intercept traffic on those communications lines, either directly or by routing subterfuge, may gain access to the messages.

Other than hardening the infrastructure of mail systems, communications paths, and routing mechanisms, the only defense is end to end encryption of messages. The two most standard ways to provide end to end encryption are with the use of S/MIME or PGP.

These encryption technologies are designed so individuals or organizations may publish public encryption keys for senders to use to encrypt messages bound for them. The individual or organization then uses a secret, private key to decrypt the resulting messages. The two methods differ mainly in the way public encryption keys are tied to an individual or organization. PGP depends upon a network of peers extending trust to each other. S/MIME depends upon a more formal trust hierarchy depending upon recognized certificate authorities.

At the present time, there is no plan for global deployment of end to end encryption technology although implementation of a JMU certificate authority to enable such a service is being explored.

The encryption offered by the E-mail 2003 Upgrade project only encrypts traffic as it travels between the mail client and the JMU e-mail system. It does not encrypt messages inside the JMU e-mail system or between the JMU e-mail system and other mail systems. Its main purpose is to protect the e-mail system passwords as they are passed over the network.