Undergraduate admissions open through Nov. 30

Search the DoIT Website

Contact

Help Desk: (415) 338-1420
helpdesk@sfsu.edu

DoIT Directory

Last update: July 14, 2009

E-mail Security

Access

To prevent access by unauthorized individuals, passwords should not be stored in any e-mail clients, including handheld devices, which do not have an automatic lock feature enabled. 

Retrieval

SF State requires secure transport protocols -- IMAP, MAPI, HTTPS, SMTP (Authenticated and SSL/TLS only).  Most modern devices are capable of supporting these protocols and will do so transparently or re-direct to a secure protocol when making the connection.

Securing Content / Message Encryption

Securing the content of messages containing sensitive information is the responsibility of the individual user.

Sensitive or confidential information is data which is restricted by CSU policy and/or federal and state law from disclosure to unauthorized individuals.  Examples include FERPA restricted non-directory information, personally identifiable information (PII) and electronic personal health information (ePHI).  Generally, such information cannot be communicated to another entity without message encryption. Please see Safeguarding Information, What is Confidential Data? for more details on the types of data requiring encryption. 

If you have a need to send sensitive or confidential information via e-mail and require encryption, please contact the campus Information Security Officer at 415-338-3018.

Digital Signatures

Digital signatures serve the same function as handwritten signatures.  They are used to:

• authenticate the identity of the sender of a message, and
• ensure that the content of the message has not been modified.

The SF State e-mail system does not currently have a mechanism for digitally signing messages.  The campus and CSU have not yet formally endorsed an in-house or third party entity (certificate authority or CA) to issue or verify digital signatures (or X.509 certificates) at this time.  The CSU is evaluating this capability for all campuses.

In the interim, users that feel they have requirements for X.509 certificates should contact the Information Security Officer at 415-338-3018.

Spam/Phishing

SF State actively cooperates with law enforcement for activities which violate the CAN SPAM Act which includes spam and most forms of phishing.  Each violation is subject to fines of up to $11,000.

Deceptive commercial e-mail is also subject to laws banning false or misleading advertising.

SF State uses Ironport® Systems C30 anti-spam appliances to filter incoming mail to the sfsu.edu server.  Avoiding phishing attempts requires vigilance on the part of individual users as well.