Internet and e-mail services are vital for the University of Moratuwa (UoM) to function as a modern higher learning and research institution, and to further its vision and mission. However, these resources could be misused, either accidentally or intentionally, without a governing framework on the acceptable use of the resources.
To minimize these risks, the objective of this Policy is to protect the essential interests of the UoM without unduly restricting the use of e-mail, web, and social media facilities and services which have been established for the greater benefit of the students, staff, and the UoM generally.
e-mail Accounts
- A user will be issued an e-mail account as per the User Account Creation procedure outlined in the University User Accounts and Password Policy. The format of an e-mail identifier (ID) and validity of an account are further specified in the User Accounts and Password Policy.
- In addition to an e-mail account issued to an individual based on his/her legal name or for a pre defined format (in case of students), role-based accounts (e.g., dean-eng, sar-exams, and info) are also issued with the objective of unifying and archiving the communications regardless of the individual who play that role at a given time.
- Some users may have more than one affiliation with the University. For example, a faculty member who is also an alumnus, a staff member who may be a student, and a faculty member who is a director of a center. A person with multiple roles may receive multiple accounts. In such cases, the respective account must be used for the appropriate communication. For example, a staff member who is a student should use his/her student account to engage with the research supervisor.
- An administrative e-mails related to a user’s role must originate from the role-based account. Those accounts need to be handed over to the successor when the user leaves the position.
- Departments, divisions, and projects may have their own e-mail under sub-domains of the university subject to the prior approval of the Director, CITeS. In such cases, relevant policies need to be developed by the respective department, division, and project in line with this Policy, and those policies must be approved by the University IT Strategy Committee within three (3) months of the launch of service. Else, the e-mail service must be terminated.
Use of email
- Account holders who are granted a University e-mail account are expected to check it regularly to receive University communications.
- For all official University communication, all users must only use their username@uom.lk e-mail. For role-specific communication, the role-based username must be used.
- Use of all e-mail accounts must comply with the Permitted and Prohibited Activities specified in the University Acceptable Use Policy (AUP).
- The University highly discourages the use of e-mail to communicate research or business sensitive data. To avoid inadvertent disclosure of sensitive data, users should exercise caution when responding to or forwarding e-mail messages. As a further precaution, all potentially sensitive attachments must be encrypted and protected with a password of sufficient complexity (as outlined in User Accounts and Password Policy). The password must be securely shared off-line (i.e., through other means than e-mail).
- All e-mail received on a personal/external account that relates to University business should be forwarded to the recipient’s University-issued e-mail account. The recipient should also notify the sender to use the University e-mail for future correspondence. However, spam and other unsolicited messages may be deleted immediately without notifying the sender.
- Users may automatically forward e-mails received on a University-issued e-mail account to a personal e-mail account. However, e-mails received on a role-based account can be forwarded only to a University-issued personal e-mail account. When forwarding, a copy of the message must be kept in the original account regardless of whether it is a University-issued personal or role-based account.
- The University highly discourages a user sending messages from personal e-mail account such that they appear to be from a University-issued e-mail account. Such messages are likely to be marked as spam by the recipient’s e-mail system or may not be delivered at all as domain authentication is not set up for third-party mail services.
- Each mailbox has a limited quota which varies depending on the user’s role. Once the quota is reached, user will not be able to send or receive e-mail. Thus, a mailbox should be regarded as only a limited and temporary repository for e-mail. Messages and attachments should be deleted, if no longer needed, or more permanently stored on a persistent data store (e.g., hard drive or cloud backup).
- From time-to-time CITeS may set the following limits as per the availability of resources and the technologies advances (details will be specified at CITeS website):
- Size of an e-mail (including attachments) that can be sent or received.
- Number of recipients that may be addressed in an e-mail.
- Number of messages that can be sent per minute/hour.
- Number of total messages/recipients that can be sent per 24-hour window.
- Messages in Junk/Spam e-mail folder may be automatically deleted after 30 days.
- Change of mailbox quota or exceeding the above limits is allowed only in exceptional cases and under the prior approval of the Director, CITeS.
- From time-to-time CITeS may set the following limits as per the availability of resources and the technologies advances (details will be specified at CITeS website):
- While CITeS takes reasonable measures to backup the e-mails to protect against system failure; however, recovery is not guaranteed under all cases. Items removed from a user’s Deleted Items cannot be recovered. Hence, users are recommended to backup their own mailboxes or selective messages.
- No University-issued e-mail address can be used to create a profile on social media or other online tools utilized for personal use.
e-mail Lists
e-mail is a strategic tool for carrying out the University’s mission where it can be used to communicate with large groups of people effectively. Recognizing this need, regularly replenished bulk, e-mail groups are established to enable high-level offices, departments, and divisions to reach large segments of the University community.
- Generally, official messages come from the administration or its representatives, to be sent to the entire University community or large subgroups. Therefore, University-wide communication that has been authorized as an official communication should be received and read as any other official document at the UoM, as they may affect day-to-day activities and responsibilities.
- University-wide communication is restricted to those e-mails that meet one or more of the following tests:
- The message is essential to the proper execution of the daily business of the recipient group(s).
- It notifies the recipient group(s) of significant events or changes in governance, policy, and practice.
- It alerts the community on situations around health and safety, e.g., crime alerts.
- It keeps segments of the recipient group(s) informed of their business. For example, an instructor sending an e-mail to the students about course-related matter, and a convener of a committee sending messages with minutes, updates, and announcements.
- Messages that do not meet these requirements of urgency and/or critical information are blocked; hence, should seek other methods of relaying their information. Messages may also be automatically blocked when certain words in the message are identified as potential spam.
- The membership list of a particular group belongs to the offices/roles which maintain them. As such, these e-mail list owners have the right to communicate with their constituents as they deem best, without the need for further authorization. These offices/roles may delegate to other offices or individuals the authority to communicate with these groups. However, it is expected that this delegation will parallel the existing delegation models of paper-based communication.
- To create a new mailing list, relevant details and justification should be sent to the Director, CITeS for approval. A request will not be honored, if it does not meet the requirements specified in Item 2 on this section. Once approved, e-mail list will be created and authorized user(s) who could send messages are pre-assigned. CITeS will maintain University-wide e-mail lists while delegating authorized users to send messages to the respective group.
Privacy and Surveillance
- An e-mail which is created or received by a University e-mail account in connection with the transaction of official business of the University is considered a public record, and is subject to inspection and copying in accordance with the national law.
- While e-mails created or received for personal use, are not generally considered public records and do not fall within the definition of public records by virtue of their placement on a government-owned computer system. However, if the University identifies any misuse of the e-mail system, personal e-mails that are identified as being in violation of the University policy may become public record as part of an investigation.
- A compromised University e-mail account will be promptly remedied through appropriate actions outlined in the Information Security Policy. Accounts that exhibit a repeated pattern of compromise will be suspended until the completion of an inquiry. Where applicable, the account holder may have to complete appropriate training.