Guidelines for Stanford Secure Electronic Mail
Introduction
In order to reduce the risk of unauthorized access to Stanford University non-public information, email which contains Prohibited or Restricted information must be appropriately stored and transmitted. The following guidelines outline the requirements for email clients and servers which store and transmit email containing Prohibited or Restricted data.Mail Server Guidelines
Communications between the email servers transmitting Prohibited or Restricted data must be encrypted or be confined to a network segment which meets PCI-DSS guidelines.Email servers transmitting Prohibited or Restricted data must be configured to require an encrypted connection with clients downloading email from the server.
Email servers configured to transmit outbound email traffic must be configured to require an encrypted connection with clients sending email.
Email servers configured to transmit outbound email traffic must be configured to use the Secure Electronic Email system to insure email messages containing Prohibited or Restricted data send the message in a way which uses that system [e.g., triggers on "secure" in the Subject: line].
Mail Client Configuration Guidelines
Users transmitting Prohibited or Restricted data via email must configure their email client to use an encrypted connection when sending email.Users receiving Prohibited or Restricted data via email must not automatically forward their email outside of Stanford's secure email intranet.
Users sending email containing Prohibited or Restricted data to recipients outside of Stanford's secure email intranet must configure their client to use the Secure Electronic Email system and insure they are sending the message in a way which uses that system [e.g., triggers on "secure" in the Subject: line].
Users who need assistance configuring their email clients appropriately should contact their local computer support.
Last modified Fri Jun 18 09:41:02 PST 2010 TMD