Email Policy
Purpose
Marymount Manhattan College seeks to maintain an email system that balances access at appropriate levels for various constituents with the effectiveness, efficiency, and security of this system. Responsibility for achieving this goal rests with the Information Technology Office (IT) in partnership with the Marketing and Communications Office. This policy provides guidelines for how members of the MMC community utilize the College’s email system in ways that are informed by best practices related to cybersecurity.
Policy Scope
This policy covers all email communications that are initiated by members of the MMC community (i.e., those with an @mmm.edu email address). It does not cover emails that originate from outside the MMC email system.
Key Terms
• User Account: An individual email address within the MMC IT environment (i.e., an email address containing the @mmm.edu suffix).
• User Community: All of the email addresses contained within the MMC IT environment (i.e., all email addresses containing the @mmm.edu suffix).
• Email Distribution Groups: These are groups of individual user accounts configured and maintained by IT (e.g., Students, FT Faculty, Staff Members). A list of current Email Distribution Groups is included at the end of this policy.
• Official Communication via Email: A message intended for one or more Email Distribution Groups that is directly related to College business and/or operations. Such messages may not be of a personal nature. Official Email Communications may be sent from user accounts that are authorized to access one or more Email Distribution Groups. A list of current user accounts with such access is included at the end of this policy.
• Personal Identifiable Information (PII): Any information that can be used to identify and individual, either directly or indirectly, such as a person’s name, address, social security number, or date of birth.
• Phishing occurs when an attacker, masquerading as a trustworthy entity in an electronic communication, attempts to acquire sensitive information such as usernames, passwords, credits cards, and PII for malicious purposes. Smishing is the text-message equivalent of Phishing.
• Spam emails are unsolicited and undesired advertisements for products or services sent to a User Account.
Email Access
Most individual user accounts may include up to 40 recipients in one email message. Individuals with alumni user accounts may include up to 5 recipients in one email message. A limited list of user accounts have the ability to send messages to Email Distribution Groups. This list is developed and maintained by IT, in consultation with College leadership, informed by best practices related to balancing access and cybersecurity. The current list of user accounts that are authorized to send messages to one or more Email Distribution Groups is included at the end of this policy.
Official Communication via Email
It some instances, email may be a good option for circulating an official communication related to College business and/or operations to members of the MMC community. But before opting for email, users are expected to consider alternative methods for circulating such information, especially if the aim is to promote an opportunity or upcoming event. Such methods include:
-
MMC Engage (the College’s internal social app)
-
Events Calendar on the MMC website
-
Social media channels (college-wide and/or department/office specific channels)
-
MMC Today (monthly e-newsletter distributed by the Marketing and Communications Office)
-
Digital Signage
-
Brightspace (for student-focused communications sent from division/department/course-specific shells and for some faculty-focused communications, e.g., if related to learning assessment or advisement)
Individual users wishing to send an official communication to one or more Email Distribution Groups do so through the division/department/office from which the email will be sent using one of its approved user account (e.g., activities@mmm.edu, careerdevelopment@mmm.edu, safety@mmm.edu, academicaffairs@mmm.edu, etc.). These messages need to be reviewed by the director of that division/department/office prior to being sent.
Individual users who are unsure if their message should be sent through email or another method should consult with the Marketing and Communications Office (communications@mmm.edu).
Email Etiquette
Users should follow these practices when using MMC’s email system:
• Bcc – Email Distribution Groups should always be inserted in the Bcc field to prevent excessive or unintentional replies “to all.”
• Reply all – This should be used judiciously as replies should be limited to those who need the information being communicated.
• Signature Line – Email signatures should align with MMC email signature guidelines.
• Receipt of suspicious emails – Report suspicious emails to IT (usersupport@mmm.edu); when you are unsure whether a message is legitimate or not, it’s always better to report it.
Spam and Phishing Emails
Incoming emails are scanned for phishing, spam, and viruses. The IT Office uses sophisticated tools to detect suspicious messages, which are routinely blocked from users’ inboxes. However, because email threats are constantly evolving, complete protection from infected messages cannot be guaranteed. It is every user’s responsibility to be cautious before clicking on links in emails or responding to emails asking for personal information. Users should refer to IT security training for important safeguards.
Using MMC’s email system for spam and phishing is strictly prohibited.
Data Loss Prevention
MMC’s email system is configured for Data Loss Prevention (DLP). The DLP feature is triggered when an email containing PII is detected. The DLP feature assesses both inbound and outbound email messages. The email messages are assessed through an algorithm that searches for patterns in emails. Upon detection of three or fewer records, the email is delivered with a notification to the sender; however, if more than three PII records are detected in the email message, the message is blocked and both the sender and the system administrator are notified.
Retaining Emails
Retaining large numbers of emails poses a security risk. Therefore, users should avoid retaining a large number of emails in their inbox, sent folder, deleted folder, or personal folders. Users are expected to review MMC’s Record Retention Policy, which includes a schedule for purging records. Users who wish to retain important emails should consult with IT about options for archiving them.
Policy Violations
Please note that violations of this policy may result in one or more of the following:
-
Disciplinary action according to Marymount Manhattan College policies
-
Legal action according to applicable laws and contractual agreements