The University of Texas at San Antonio

Office of Information Technology

Office of Information Security (OIS) Standards

 

OIS 13 – Standard for Email Management

 

I. STANDARD STATEMENT

UTSA provides electronic mail accounts for use by students, faculty members, staff and others affiliated with the university, and sets policy for the appropriate use of email to further its mission and goals. This standard supplements the email policies articulated in the UTSA Acceptable Use Policy .

 

II. RATIONALE

This standard supports HOP Policy 8-12 Information Resources Use and Security Policy.

 

III. SCOPE

This standard applies to all UTSA faculty, staff, and students.

 

IV. CONTACTS

If you have any questions about OIS 13 – Standard for Email Management contact the following office:

 

The Office of Information Security

informationsecurity@utsa.edu

 

IV. PROCEDURES  

1. Email is not to be used for commercial purposes, for personal financial gain, to support political candidates or fund raising, or to support outside organizations not otherwise authorized to use University facilities. Additionally, email may not be used to transmit unencrypted confidential information, obscene materials, hoaxes, scams, false warnings or similar materials.

 

a. All students registered for classes at the University are provided an email account, but they may choose to have University email sent to an alternate address. Students are responsible for reading official University email in a timely manner
b. Faculty members and staff are assigned an email account upon their home department’s approval to grant them access to UTSA email. Faculty members and staff will frequently receive official notices and email through the central UTSA email system
c. Faculty members and staff may not use a non-UTSA email account to conduct university business, except in emergency situations (disasters, etc.).
d. UTSA email carries no guarantee of absolute privacy. Computer users should be aware that email messages are considered to be state records; email messages are subject to legal disclosure and discovery, as well as to copyright laws.
e. Email must be used in a manner that does not expose UTSA to risk.

 

 

RETENTION OF EMAIL MESSAGES

2. Email must be managed in accordance with the UTSA Records Retention policy and schedule. The staff of OIT will back up email messages* according to announced schedules, but the owner of the account is responsible for maintaining records pursuant to the UTSA Record Retention Schedule and deleting records that are no longer needed, as indicated in the Records Retention policy. Most casual email messages are “transitory records” and can be discarded after their purpose is served.

      Standard Email Retention Guidelines 

ROLE RETENTION PERIOD
emeritus faculty retain for as long as emeritus status is active
faculty (retired) 1 year + 90 days from date of retirement
staff (retired) 180 days from date of retirement
separated employee 180 days from separation date
separated student-worker 180 days from separation date

 

 

THIRD-PARTY EMAIL SOLUTIONS

 

3. University staff and/or faculty that contract with external third parties should be aware that some third-party hosted solutions contain their own email delivery systems that are outside of OIT control. Some of these third-party hosted systems will attempt to impersonate official University email addresses (ending in “@utsa.edu”) to send email directly on behalf of University users.  These methods may result in University email getting marked as “spam” or rejected due to concerns about the authenticity of the sender.

 

OIT will assist with integrating third-party hosted email systems utilizing the following solutions:

  1. External domain – The third-party hosted solution uses its own domain to send emails, and does not need to impersonate official UTSA email addresses.
  2. Subdomain – A new or existing subdomain belonging to the department making the request will be created or re-purposed. All official emails sent by the third-party hosted solution will use “@subdomain.utsa.edu” and not “@utsa.edu”.
  3. Authenticated SMTP relay –An SMTP relay requiring username and password, can be utilized for the hosted service to use in order to send email through the official UTSA email system (Microsoft Exchange Online). The emails sent via this system will conform to all UTSA and Microsoft policies regarding message size, attachments, and limits on the volume of email that is sent.

 

The use of Sender Policy Framework (SPF) to impersonate official UTSA email addresses by a third-party hosted service is not allowed.

__________________________________________________________________________

Effective Date: June 15, 2011

Last Revised: June 7, 2018

Last Reviewed: June 7, 2018