Employee and Student Email Policy
I. POLICY STATEMENT
Auburn University email is an approved medium for communication among Auburn University
employees, students and external parties.
Persons with Auburn University email accounts are expected to use them appropriately.
II. POLICY PRINCIPLES
The purpose of this policy is to ensure that Auburn University email is an effective and secure means
of communication for Auburn University employees and students. Auburn University email systems
are managed in accordance with the University's Electronic Privacy Policy. Email sent outside the
university is not assured of privacy and may be viewed by others.
III. EFFECTIVE DATE
This policy replaces the former employee email policy, faculty email policy and student email policy
and is effective October 31, 2016.
IV. APPLICABILITY
This policy applies to all Auburn University email accounts and the persons or entities to which they
are assigned.
V. POLICY MANAGEMENT
Responsible Office: Office of the Chief Information Officer
Responsible Executive: Executive Vice President and Provost
Responsible Officer: Chief Information Officer
VI. DEFINITIONS
Confidential information
1.
Auburn Confidential data is business or personal information that is required to be
strictly protected. (See the Data Classification Policy for more information.)
2.
Confidential information received by email may include personal data not relevant to the
conduct of Auburn University business and should be deleted.
Auburn University email accounts are email accounts that have addresses ending in "auburn.edu."
Non-Auburn email account is any email account that is not an Auburn email account. The
location of person using the account or equipment supporting the account is not a factor.
Email spoofing is the creation of email messages with a forged sender address.
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit
card details, often for malicious reasons, by masquerading as a trustworthy entity in an
electronic communication. Spear Phishing is an email spoofing fraud attempt that targets a
specific organization (Auburn University) and seeks unauthorized access to confidential data
or funds. Often, the apparent source appears to be a known and trusted individual, there is
information within the message that appears to support its validity, and the request the
individual makes seems to have a reasonable basis.