“With email forwarding, it may be impossible to ensure and prove that an email was received and read. Thus, homework assignments, administrative inquiries or security advisories may never reach the students, or we may be unable to prove that they reach the students because of email forwarding.”
“http://en.wikipedia.org/wiki/E-mail_tracking”
Is more a personal issue and can always use receipts, but I do accept is a valid concern, I have had friends in Hawaii University that do get their emails late from time to time when receiving in Gmail.
Professors and management send confidential information by email. Yet, without full control of the email service, the University cannot ensure the needed confidentiality.
Do I really need to quote what happened recently with the so called climate gate, e-mails from a University were hacked, so being in the University offers no guarantee.
Does email forwarding matters at all ?
If you can have remote POP access to your account to retrieve your emails, that is good enough right ?
Muhammad Alkarourisays:
To give an opposite view, I can largely see the point of the IT department there. This may have to do with me being responsible for the mail service in a university some time ago, but here goes:
First, the difference between email forwarding from uni and reading from other clients using POP (say, gmail) is that once the email is fetched from the uni servers it is deemed to be read. In this case configuring gmail to check the uni email using POP is equivalent to using outlook or another mail client. Whether the student actually reads that is his/her responsibility. So it legally shifts responsibility from he university to the user. Of course this is subject to clarifications by your IT department and any other laws in effect (I am from the UK, no idea about Canadian laws).
Second, my guess is that universities became involved in providing email services at a time when free email was not available or convenient. That being said, the institutional email address gives much more confidence than a free one. To the extent that this is needed by students to get university’s work done, this service is needed.
That being said, some of the points mentioned seem to be non-issues for me.
(1) Infinite email loops due to forwarding are automatically handled by many servers. The case when it is deliberately created as a DoS attack can happen regardless of the existence of such a service and should be treated separately.
(2) “The University cannot ensure the needed confidentiality” whether they control the email service or not. They just try their best. If the University allows email access from outside through a web interface or POP then they are not providing more confidentiality than the assurances of servers like gmail for example. They may elect to white-list some outside services and blacklist others, but giving outside services is still an issue.
(3) Similarly, you cannot ensure that an email is received and read. If it is opened by an email client, Delivery Status Notification can always be disabled. If received here means reached the mailbox, this applies whether the mailbox is in the uni server or forwarded.
(4) Email forwarding may put students at risk is true, but is that risk more than the risk of them residing in the University’s servers? Security is usually about the weakest link, and I am not sure that in forwarding the weakest link will be gmail or other outside servers.
(5) The issue of forwarding email across international boundaries is a very important one, so I am going to pass on this one.
Innarsays:
It’s a political issue, not a technical one. So, chance the policies (~-> (budget allocation) changes-> enemies), ask directly from the email server administrator, or set up an external (automatic) forwarding (fetching) from POP3/IMAP whatever. I don’t see a problem! 🙂
Sylviesays:
Without consideration of the technical issues, the plus side of having a uni email address is that it gives easy to see credentials to someone who is emailing you out of the blue and makes it easier to figure out where that person is from if you want to do a Google search on them (particularly useful when a person has a very common name).
On the negative side, our IT people regularly block email from universities because they are a huge source of spam. Makes me wonder about the whole “security” issue there.
Homer Simpsonsays:
Who cares about mail forwarding ?
gmail will connect to any pop3 and transfer them automatically.
I completely agree with Muhammad (no. 5), You should not underestimate the problem of who should have legal responsibility for such an operation. Pulling emails via POP3 is fine, because it is done “at the user’s own risk”, but why should the IT dept be accountable for a service they do not fully have control on?
If we want to be picky, strictly speaking, Google and universities’ CS depts are competitors because they do research on the same field. Would you give all your work emails to your competitors even if they say “we are good guys?”
On privacy: I don’t know how it is Canada/US, and I am not a lawyer, but if you were in Europe you would have problems in transfering personal data to non EU-entities because of different legislation. You’d need to refer to Safe Harbor and stuff like that.
http://mail.google.com/mail/help/about_privacy.html
Here is the Gmail Privacy policy, which clearly states it does protect your privacy.
“Email forwarding mail create infinite email loops. These may disrupt services and require human intervention.”
http://en.wikipedia.org/wiki/E-mail_loop
Here are some measures server administrators can provide.
“Email forwarding may put students at risk if remote accounts are stolen or lost.”
I would pit Google security systems against any system in the world any day
http://www.google.com/corporate/security.html
“With email forwarding, it may be impossible to ensure and prove that an email was received and read. Thus, homework assignments, administrative inquiries or security advisories may never reach the students, or we may be unable to prove that they reach the students because of email forwarding.”
“http://en.wikipedia.org/wiki/E-mail_tracking”
Is more a personal issue and can always use receipts, but I do accept is a valid concern, I have had friends in Hawaii University that do get their emails late from time to time when receiving in Gmail.
Professors and management send confidential information by email. Yet, without full control of the email service, the University cannot ensure the needed confidentiality.
Do I really need to quote what happened recently with the so called climate gate, e-mails from a University were hacked, so being in the University offers no guarantee.
(sigh)
” We might have less control, and we are smarter than you. ”
From my personal history, all the evidence is not in favor of that conclusion (for any “we”) … and I am being “nice”.
The superficial answer to the original question is:
DARPA
Does email forwarding matters at all ?
If you can have remote POP access to your account to retrieve your emails, that is good enough right ?
To give an opposite view, I can largely see the point of the IT department there. This may have to do with me being responsible for the mail service in a university some time ago, but here goes:
First, the difference between email forwarding from uni and reading from other clients using POP (say, gmail) is that once the email is fetched from the uni servers it is deemed to be read. In this case configuring gmail to check the uni email using POP is equivalent to using outlook or another mail client. Whether the student actually reads that is his/her responsibility. So it legally shifts responsibility from he university to the user. Of course this is subject to clarifications by your IT department and any other laws in effect (I am from the UK, no idea about Canadian laws).
Second, my guess is that universities became involved in providing email services at a time when free email was not available or convenient. That being said, the institutional email address gives much more confidence than a free one. To the extent that this is needed by students to get university’s work done, this service is needed.
That being said, some of the points mentioned seem to be non-issues for me.
(1) Infinite email loops due to forwarding are automatically handled by many servers. The case when it is deliberately created as a DoS attack can happen regardless of the existence of such a service and should be treated separately.
(2) “The University cannot ensure the needed confidentiality” whether they control the email service or not. They just try their best. If the University allows email access from outside through a web interface or POP then they are not providing more confidentiality than the assurances of servers like gmail for example. They may elect to white-list some outside services and blacklist others, but giving outside services is still an issue.
(3) Similarly, you cannot ensure that an email is received and read. If it is opened by an email client, Delivery Status Notification can always be disabled. If received here means reached the mailbox, this applies whether the mailbox is in the uni server or forwarded.
(4) Email forwarding may put students at risk is true, but is that risk more than the risk of them residing in the University’s servers? Security is usually about the weakest link, and I am not sure that in forwarding the weakest link will be gmail or other outside servers.
(5) The issue of forwarding email across international boundaries is a very important one, so I am going to pass on this one.
It’s a political issue, not a technical one. So, chance the policies (~-> (budget allocation) changes-> enemies), ask directly from the email server administrator, or set up an external (automatic) forwarding (fetching) from POP3/IMAP whatever. I don’t see a problem! 🙂
Without consideration of the technical issues, the plus side of having a uni email address is that it gives easy to see credentials to someone who is emailing you out of the blue and makes it easier to figure out where that person is from if you want to do a Google search on them (particularly useful when a person has a very common name).
On the negative side, our IT people regularly block email from universities because they are a huge source of spam. Makes me wonder about the whole “security” issue there.
Who cares about mail forwarding ?
gmail will connect to any pop3 and transfer them automatically.
Why students have e-mail boxes at university’s server? They can use Gmail boxes for everything.
I completely agree with Muhammad (no. 5), You should not underestimate the problem of who should have legal responsibility for such an operation. Pulling emails via POP3 is fine, because it is done “at the user’s own risk”, but why should the IT dept be accountable for a service they do not fully have control on?
If we want to be picky, strictly speaking, Google and universities’ CS depts are competitors because they do research on the same field. Would you give all your work emails to your competitors even if they say “we are good guys?”
On privacy: I don’t know how it is Canada/US, and I am not a lawyer, but if you were in Europe you would have problems in transfering personal data to non EU-entities because of different legislation. You’d need to refer to Safe Harbor and stuff like that.