Guidelines for Stanford Secure Electronic Mail
Introduction
In order to reduce the risk of unauthorized access to Stanford University Restricted information, email which contains Restricted information must be appropriately stored and transmitted. The following guidelines outline the requirements for email clients and servers which store and transmit email containing Restricted data.Mail Server Guidelines
Communications between the email servers transmitting Restricted data must be encrypted or be confined to a network segment which meets PCI-DSS guidelines.Email servers transmitting Restricted data must be configured to require an encrypted connection with clients downloading email from the server.
Email servers configured to transmit outbound email traffic must be configured to allow an encrypted connection with clients sending email.
Email servers configured to transmit outbound email traffic must be configured to use the Secure Electronic Email system to insure email messages containing Restricted data send the message in a way which uses that system [e.g., triggers on "secure" in the Subject: line].
Mail Client Configuration Guidelines
Users transmitting Restricted data via email must configure their email client to use an encrypted connection when sending email.Users receiving Restricted data via email must not automatically forward their email outside of Stanford's secure email intranet.
Users sending email containing Restricted data to recipients outside of Stanford's secure email intranet must configure their client to use the Secure Electronic Email system and insure they are sending the message in a way which uses that system [e.g., triggers on "secure" in the Subject: line].
Last modified Thu Feb 5 15:37:02 PST 2009 PK