Introduction Every email address at the University of Alberta starts with your Campus Computing Identification (CCID) and ends with @ualberta.ca. If you would like your email address to start with something other than your CCID, you can request a custom email alias. An email alias does not affect the login CCID for your account, but allows you to have an email address that is longer than 8 characters or has periods in it, attached to your main CCID@ualberta.ca email. For example, if your name is John Smith and your default U of A email is jsmith@ualberta.ca, you could request an alias of john.smith@ualberta.ca to be attached to jsmith@ualberta.ca. Please note, you must be a current and active Student or Staff (including Academics, Emeriti, Prehires, and Guests) in order to get a custom email alias. Applicants, Alumni, and former Employees are NOT eligible to get new custom email aliases unless their status changes to a current and active Student/Staff. This article outlines the steps to request a UAlberta email alias. Applicability This article is for use by all University of Alberta users who want to request a @ualberta.ca email alias. Procedure Navigate to the Email Aliases page at https://myccid.ualberta.ca/emailaliases. Click the green Request Alias button in the "Custom Email Aliases" section. This will open a Custom Alias Request window. Enter a custom alias following the guidelines on the Custom Alias Request screen. In most cases, the alias you should request should be in the form firstname.lastname@ualberta.ca. Not all custom aliases will be approved. The CCID administrators will process your request in approximately 1-2 business days, and you should receive an email once it is done. Some aliases are set to be accepted automatically by the system, usually those requested in the format of firstname.lastname@ualberta.ca. After Approval AFTER your alias has been approved, there are several more steps that you can optionally follow to finish setting up your email alias. Gmail allows users to add another Gmail address to "Send email as" from their primary account. The University of Alberta restricts this feature to only allow other ualberta.ca addresses to be added in this way. This will allow the user to use the email alias as their primary email address. Please note that for @ualberta.ca email aliases, even if you do not do this, you will still receive mail sent to any alias you may own, in your main inbox. This article however will allow you to send mail using that @ualberta.ca email alias. Log in to your Gmail account using a web browser. Click the button with the gear icon, then choose "See all settings". Click on the "Accounts and Import" tab. Select "Add another email address" (under the Send Mail As section) Enter your name and the email address that you wish to send mail as, then click "Next Step". Click "Send Verification" and follow the verification process. Note: If you do not see the Accounts and Import tab in Step 3, you are accessing the account as a delegate instead of logging in to the actual account. You need to log in with the credentials of the specific account that you are trying to edit. Optional (depending on need) Repeat Step # 1 and click "Make default" beside your @ualberta.ca alias. (This will make the chosen alias the one that is initially set when you click "Compose" to generate a new email.) You can also click the Edit info button next to it to change your outgoing name while using that email alias.

Introduction This article provides information on the recommended methods for sending bulk emails. Applicability These services are available to university sanctioned email campaigns, digests, newsletters, or departmental communications. Details Supported UAlberta Email Distribution Services Digest (Formerly EasyNews, EasyPost, or EZPost) (Name format: listname@ualberta.ca) The Digest app provides a broad range of newsletter and digest functionality with automatic attribute based list management (ie. Students of Faculty, Employees of Department, Academics etc.), manual, or subscription based lists. Emails sent through the system include built in analytics, engagement tracking, and it’s available to internal communication teams. You can read more about it and subscribe or submit an article here. Information on the UAPPOL Official Email List Procedure is available here. Google Groups (Name format: grp-dept-groupname@ualberta.ca) Google Groups provide a number of functions including bulk email distribution, online forum functionality, and bulk permissioning to Google resources (Calendar, Drive, Sites, etc). Google Groups support all common email formatting and should be moderated. You can find a complete summary of Google Groups functionality and how to use them here. Note that Google Groups are subject to Google’s message and posting limits. Google Groups are available to all university employees and can be requested through your CCID Authorized Approver. Use of Unsupported Email Services Should someone choose to use a bulk email service that is not listed in the above section, they accept the risk that their emails may be flagged as suspicious in a recipient’s inbox, may be delivered straight to the recipient's junk/spam folder instead of their inbox, or may not be delivered at all. Support for unsupported email services is only available through the specific vendor’s help centers and is not provided by IST. Keywords: bulk email, spam email, whitelist, blacklist, gmail, mailman, google groups, blocked, easy post, ez post, easynews, easypost, ezpost, digest, newsletter, email campaigns

Introduction This article is intended to provide information on how to reduce the volume of spam emails and spam subscriptions submitted to a Mailman list.  Applicability This article is intended for Mailman list owners/administrators Procedure The following settings will aid in reducing the volume of spam emails and spam subscription requests for a Mailman list. For spam email submissions: Specify domains that are not allowed to post To ban an entire domain from being able to post to your list and have Mailman automatically discard all messages from that domain, enter the following regular expression in the discard_these_nonmembers setting on the Privacy Options category → Sender filters subsection of the admin pages: ^.*domain$ For spam subscription requests: Navigate to Privacy Options > Subscription Rules Set Advertise this list when people ask what lists are on this machine? to No Set What steps are required for subscription? to Confirm and approve. (If set, when someone requests a subscription, Mailman sends them a notice with a unique subscription request number that they must reply to in order to subscribe. OPTIONAL Use regular expressions in the ban list and  The List of addresses which are banned from membership in this mailing list. field accepts regular expressions. You can read more about regular expressions in Mailman here.  NOTE: regex should only be used in Mailman lists if you are familiar with it. REGEXT in Mailman is NOT supported by IST.  Common regular expressions include: ^(?!.*ualberta\.ca$) will ban all NON ualberta.ca email addresses. Keywords: mailman, spam, subscription rules, mailing list serve, listserve, blocked domain, banned domain, block domain

Introduction Mailman lists allow for the managing of electronic mail discussion and e-newsletters. This article outlines the procedure for subscribing unsubscribing, or changing preferences for your Mailman List subscriptions at the University of Alberta. Applicability This article is for use by anyone wishing to modify their subscription to (or preferences for) a Mailman list on mailman.srv.ualberta.ca. Procedure Visit: http://www.mailman.srv.ualberta.ca/mailman/listinfo/[INSERTLISTNAMEHERE] If you do not know the name of the mailman list, you can visit http://www.mailman.srv.ualberta.ca/mailman/listinfo to see a full list of public Mailman lists and a brief description of each. You may also click on a list name to get more information about the list, or to subscribe, unsubscribe, and change the preferences on your subscription. Keywords: mailman list, listserv, mailing list, subscribe, unsubscribe, subscription

Introduction By default, Mailman lists are not moderated. This means that if a member sends a message to a list, the message will automatically be sent to everyone on the list with no prior approval required. As unapproved content could potentially be sent to thousands of people unchecked, unmoderated lists can create issues. Furthermore, every reply to the message is also sent to everyone in the list.  This article provides instructions for changing the configuration of a Mailman list's moderation settings to prevent these issues. Applicability This article was written for Mailman List Administrators. Procedure Login to your Mailman List Using a web browser, go to the admin page for the list, in the format http://www.mailman.srv.ualberta.ca/mailman/admin/LISTNAME (where 'LISTNAME' is replaced with the actual name of the list). Using the mailman site admin password, log in to the list's admin page. Enable Moderation for Existing Members Go to Membership Management Under the Additional Member Tasks section at the bottom of the list page, change the "Set everyone's moderation bit, including those members not currently visible" option to On. Click Set (at the right) to save this change. Enable Moderation for New Members by default Go to Privacy Options > Sender Filters Change the "By default, should new list member postings be moderated?" option to Yes. Click Submit Your Changes at the bottom of the page.   Non-Member Moderation 1. Go to Privacy Options > Sender Filters. 2. Ensure that there are no email addresses in the "List of non-member addresses whose postings should be automatically accepted" box. 3. Ensure that the "Action to take for postings from non-members for which no explicit action is defined" option is NOT set to "Accept". (The default setting is "Hold.") Keywords: Mailman list, mailing list, moderation, listserve, list, serve, mailman, settings,

Introduction This article is provided for any UAlberta email user that is having issues with inbound email being blocked by Gmail's spam filters. Applicability This applies to all UAlberta.ca email users. Details The University of Alberta has implemented industry standard email spam filtering strategies to protect our account holders from unsolicited and potentially harmful emails. Using advanced firewalls, industry managed reputation based block Lists, and Gmail’s built in spam filtering, the U of A has significantly reduced the amount of spam emails landing in CCID account holder’s inboxes. However, this does come with the possibility that legitimate emails to ualberta.ca email addresses aren't delivered, get blocked or redirected to spam before making it to a ualberta.ca inbox. The most common reasons for this are: The sender’s email system is improperly configured and therefore does not meet email security standards The sender's email domain has a poor reputation online and has been blacklisted (usually temporarily) The email’s content is suspicious (masked hyperlinks, content is similar to spam emails, etc) The email's attachments have suspicious content or are in a format that is blocked The sender mistyped the recipient’s email address NOTE: Sometimes email servers for popular online platforms like Instagram or Facebook will get publicly blacklisted. This may temporarily interrupt email delivery from those platforms to UAlberta email accounts for 24 hours or longer. If this happens to you, please follow the recommendations below. IST cannot whitelist emails from these services. What can you do if you’re not receiving an email from an external sender? As the large majority of emails that are blocked or throttled by university mail systems are a result of a problem on the sender's end and there is typically very little that the IST can do to resolve the issues. IST recommends you do the following: Add the sender to your email contact list. This will make the email address “trusted” and significantly reduce the likelihood of it getting flagged as spam. Mark any previous emails as “Not spam”. This will teach the spam filters that you want to receive emails from this sender and reduce the likelihood of future emails getting flagged as spam. Try again in 24 hours. Typically if a domain gets publicly blacklisted it is temporary and removed after 24 hours - assuming the sender is legitimate and/or fixes their issue. If the problem persists after 24 hours, proceed to the next step. Contact the IT support of the organization that you are expecting email from. If it is required, IST can work with 3rd party support to resolve the issue. Beware of Phishing! Phishing is a type of cyber attack that tries to trick you into entering your personal information, such as your password or banking information, into a fraudulent website. UAlberta and Google spam protection services are in place to deflect as many of these malicious emails as possible and prevent them from making it to your inbox. Any time you are taking an email out of your spam label, or if an email is asking for your personal information, it is important to spend the time to ensure the email is legitimate.

Introduction This article provides information on how to configure a software service or application to be able to send authorized email from an @ualberta.ca email address. Applicability This service is available to approved university digital services and applications only. The UAlberta SMTP service is intended for services and applications that need to send approved email from an @ualberta.ca email address. Email from individual/personal email accounts should be sent using the Gmail web interface. Support is not offered for personal email accounts. Details Email servers that are not authorized by university DNS records to send email on behalf of the ualberta.ca domain will be treated by email providers as potentially malicious and will typically be flagged as such in an account holder’s inbox. See fig 1 for an example. Fig 1. If you operate a software service or application that needs to send email, the following options available to you: Send Email Using UAlberta SMTP Server Access to smtp.ualberta.ca is automatically permitted for systems on U of A networks if they are sending under 75 emails/hour. If your service/software is not located within a U of A network, OR will be sending more than 75 emails an hour, please contact IST to request access to smtp.ualberta.ca. NOTE: Requests to access and use the UAlberta SMTP server may be subject to review and approval by the Office of the Chief Information Security Officer. To send signed emails from an @ualberta.ca email address, your service or application must authenticate using a CCID and password to smtp.ualberta.ca. Authenticated messages sent through smtp.ualberta.ca will be signed via DKIM. How to request access? Submit an IT General Inquiry ticket with the following information: Business use case of application and who will be receiving emails from it The IP address(es) that will be using smtp.ualberta.ca The CCID of the technical contact that will own the CCID used for authenticating to the SMTP server Use a non-ualberta.ca email address Change the "from" address in the application to a non-ualberta.ca email address and use an email server that is authorized to send on behalf of that email domain. NOTE: The university will not add IP addresses to ualberta.ca SPF records. Keywords: blocked email, spam, blacklist, blocklist, block list, whitelist, smtp server, gmail, sender, sending email, dkim, spf records, dns records, dmarc, rbl, sending limits, smtp.ualberta.ca

Introduction This article was created in response to incidents raised when users attempted to create a Google Group for a class, and found that the class section was not visible in iam.ualberta.ca   Applicability The target audience for this article is anyone who is trying to create a Google Group for a class and have discovered that the class section is not visible in iam.ualberta.ca   Solution Symptoms You are attempting to create a Google Group for a class, but the class section is not visible in iam.ualberta.ca.   Cause The department (also know as the academic organization) associated with the class is mismatched between the course catalog and the schedule of classes in Campus Solutions.   Resolution Contact the teaching department of the class to inform them that the academic organization associated with the course and class are mismatched in Campus Solutions. A class scheduler can modify the academic organization in the schedule of classes. If the academic organization is incorrect on the course, the class scheduler can contact the Examinations and Timetabling unit in the Office of the Registrar for assistance.   Keywords: google, group, course, section, iam, missing, not, listed, iam.ualberta.ca, creation, catalog, class, classes, schedule, maintain, campus solutions

Introduction This article details the approval process for all requests to access the email, G Suite (Email and Drive), computer, or network file shares or other repository used by another individual during their employment at the University of Alberta. As a UAlberta account has the potential to contain personal information about the person it was assigned to, we must follow a rigorous process to comply with Alberta privacy legislation. Please note this process can sometimes take several weeks. For normal offboarding scenarios, please make arrangements prior to someone’s departure to have them clean up personal information from the account and pass work and ownership of documents over to the appropriate account or shared drive. Applicability The article is applicable to Authorized Approvers at the University of Alberta when their department requires access to a former employees' accounts. Requests must be submitted by the Authorized Approver of the former employee. Abuse of this process will not be tolerated and may result in disciplinary action as governed by the University’s Information Technology Use and Management Policy. Procedure In order to access the CCID of a previous employee, you must request access using the “Request Access To Offboarded Account” workflow in IAM. This workflow is available only to department Authorized Approvers (AA). Any requests received by IST to access the account of a previous employee will be referred to the AA(s) for their department. Access requests are reviewed, approved, and facilitated by the Office of the Chief Information Security Officer (CISO). If the AA has any questions regarding the state of a specific access request, they can reach out to ciso@ualberta.ca. For all other questions relating to this process, please contact the Service Desk using the Fresh Service portal. Access requests will only be granted if they meet the following conditions: Approval from a Dean, Director, or Chair (or Assistant Dean, Director, or Chair) in the department in which the employee worked. If a Dean, Director, or Chair is the one requesting access, we require one-over approval. Approval from the Office of the Chief Information Security Officer. Requests must be specific. Example of a request that is likely to be approved: “The former employee was working on Project X, and we require emails sent about Project X Example of a request that is likely to be rejected: “The employee has left the University and we want to see if there might be something we need.” If the subject CCID in the access request has not yet been offboarded, IST will need to first offboard the CCID (see definition below) to ensure the outgoing employee no longer has access to the account. In cases where the department has reason to think that a person may abuse a UAlberta email address or CCID, the outgoing employee will not be issued a new CCID. In these cases, it is the responsibility of the department to notify IST of the potential for abuse and arrange issuing physical tax forms/statements to the outgoing employee with HRS. IST will not print or email out T4 statements for former employees. There will be a predetermined period of access granted to the CCID/personal drive files. We do not grant access to an account in perpetuity. IST will not add forwarding of a former employee’s email to another account. If an “Out of Office” message is required on the account, please contact IST. Requests by the former employee for access to their files must also be submitted following this process The former department must assess the risk of the University owned information in the account if the former account holder were to have access temporarily While we do our best to fulfill these requests, if the University-owned information in the account is extremely sensitive in nature,they may not be approved, Generally the sessions to transfer files to former users will be completed through Google Takeout. We will not copy entire inboxes due to the risk of having university data commingled with personal data. IST and CISO do not provide support for accessing the file types created when using Google Takeout If there is a substantial amount of files to be retrieved, the former owner of the account will be required to provide a USB drive with sufficient space for the files, at their expense. CCID offboarding: IST creates a new CCID for the user to access Bear Tracks for T4 Tax information and pay stubs. The original CCID will be suspended. The department will not be able to access the CCID outside of the information access request process. The original CCID and all associated data will be deleted 1 YEAR after it is offboarded. Please note that the new CCID WILL have access to a UAlberta email address, but the inbox (and Google Documents) will be completely empty. Special considerations: Access to accounts for employees on leave requires extra diligence due to the possibility of encountering sensitive personal/medical information related to the leave in the account. The employee’s department must provide documentation that they have tried to contact the employee on leave to request the files three times before making the access request to IST. In particularly sensitive requests (such as non-amicable offboarding, or the above case of an employee on leave), we strongly recommend that the person who will be accessing the account does so under supervision of another individual. This individual is not to go through the documents, but is there to provide corroboration that no personal documents were improperly accessed. Recommended individuals include HRS or union representatives. In normal circumstances, access to the accounts of current and recent students will not be granted. Should a business unit believe that they have just cause to access the account, an application must be made directly to the Chief Information Security Officer for review and exception status being granted. As the primary mission of the University of Alberta is to provide excellence in student learning, we cannot cause undue disruption to the student’s experience. It is highly advised that an agreement between the department and the employee regarding business communication and documents be made in advance before hiring a student or before an employee begins their studies. How to submit a Request to Access an Offboarded Account Requests to access an Offboarded CCID are submitted in the IAM under CCID Management > Request Access to Offboarded Account. If an Authorized Approver does not have access to the IAM system, please contact IST to request training and access. Terms The terms of the agreement are also listed below for your reference: TERMS OF THE REQUEST This form allows IST Security to collect concise information to provide to the proper authorizing parties. Your CCID will be automatically collected upon submission. Your unit's need to ensure and maintain continuity following departures is reasonable from a business and operations perspective. That said, please be extremely prudent, cautious, and careful when gaining control of and accessing information from your former employee's UAlberta accounts. We have and are currently facing grievances, complaints, and other challenges where former/out-going employees suggest the University overstepped its bounds and inappropriately conducted unauthorized disclosures and access to personal and other non-University information and records. Please ensure your unit's accesses and disclosures are limited to only University business and records. In addition, other sensitive communications, such as those between a former employee and their AASUA/NASA or other representative, are off-limits. All other personal information and records are also off-limits. If the repository is heavily commingled with business and personal records, then sign-out and call the Chief Information Security Officer at 780-492-8607. If in doubt, sign-out and call 780-492-8607. Preferably and where possible, have a concise list of those items your unit needs and will search for. Retain this list with other associated search details. Such documentation provides an indication of the transactions conducted and the information sought. This documentation is useful should subsequent challenges or issues arise. Again, we recognize in cases of business continuity (especially with sudden disruptions), the practice of developing a list for all and every information item sought may not be practical, but some process around what is accessed and why is prudent. Finally, it is preferable if such control of a former employee's UAlberta accounts are limited to the time needed to obtain the information and records required for continuity and then have the accounts suspended again. An auto-reply can be put in place before suspension to redirect business inquiries (if the CCID is not to be fully disabled). The account should then remain dormant. Access can also be provisioned to your unit again if at a later date a business need arises where information and records potentially in the repository/account may be of use. At that time such a request with appropriate oversight and approval can be provisioned. Otherwise, the dormant CCID will eventually be terminated along with the information and records therein. The Information and Privacy Office (IPO) is aware of these types of requests, as we work together on matters concerning the University's information management, privacy, and security requirements and oversight. Keywords: request, ccid, email, gmail, account, documents, file, share, home, drive, local, computer, user, access, foipp, files, folder, google, gdocs, docs, approval, former, employee, ex-employee, form, information access requests

Introduction This article was written to provide recommended practices for using Google Shared Drives (formerly Team Drives) on the ualberta.ca domain.    Applicability This article is intended for anyone looking for information, or answering questions, regarding the usage of Shared Drives on the ualberta.ca domain.    Details As a member of the UAlberta community, you are entrusted with using and managing the information technology resources responsibly, respectfully and in a manner that reflects high ethical standards, mutual respect and civility, in accordance with the University’s Information Management & Information Technology Policies.  Storing Information UAlberta Google Drive is approved for storing and sharing the university's business, academic, research and administrative information and records. Files in UAlberta Google Drive have built-in information rights management (IRM), so you can share files and information securely. To help your team manage information effectively, always consider whether the information needs to be kept and how it is described, organized and stored. Note: Extremely sensitive information such as identifiable patient and health care information, social insurance numbers, and passport information, is not to be stored in or shared through UAlberta Google applications, including Shared Drives.   Setup and share Anyone with a UAlberta Google account can create a Shared Drive, add members, and set permissions. An account or Google Group can be a member of multiple Google Shared Drives.  There are limits to the number of items, members, and daily uploads you can have in shared drives. It is recommended to keep well below these strict limits. Note, change coming to Google Storage policy. There are five levels of permissions that can be assigned to members: Manager (full access), Content Manager (can edit, reorganize, and delete content but not modify the Shared Drive membership or settings), Collaborator (edit access), Commenter and Viewer. Learn more about setting permissions for a Shared Drive. It is recommended to always have two members with Manager access to the Shared Drive (for Faculties or Departments one of these can be a secondary CCID). This will ensure someone always has access to add / remove members to the Shared Drive in the case of absence. It is recommended to not provide every member Manager access permission to the Shared Drive, unless required for their tasks. Begin with the lowest access (Viewer) then increase permissions as required. A Google Group can also be assigned as a member to a Shared Drive (for Faculties or Departments only). Note, every member of the Google Group will inherit the same permissions as provided to the Google Group for the Shared Drive (e.g., a Google Group has 10 members and has been permissioned Collaborator access for the Shared Drive, all 10 members will also have Collaborator access). When members are added to a Shared Drive, they can access all files and folders based on the access levels assigned to them. This helps with transparency, predictability, and scalability. File and folder permissions can only be expanded, not reduced or be more restrictive, within the shared drive. Specific files and folders within a Shared Drive can be shared directly with non-Shared Drive members. When this happens, the file or folder will appear in the ‘Shared with me’ section of Google Drive. A shortcut of the shared file or folder can be added in My Drive or to another Shared Drive. Shared Drive members with Manager access can limit sharing outside of the team. They can specify if files can be:   Shared with people who are not in the same domain (UAlberta.ca). Shared with people who are not members of the Shared Drive. Downloaded, copied, or printed by commenters and viewers.  Migrate  Moving files from My Drive to the Shared Drive changes ownership from the individual (user) to the Shared Drive (organization).  Folders cannot be moved from My Drive to a Shared Drive, only files. However, multiple files can be moved at one time. Note, to select multiple files, hold down Command (Mac) or Ctrl (Windows) and click each file. Only team members with Manager, Content Manager, or Collaborator access to the Shared Drive can move files they own from My Drive to a Shared Drive.  It is important to note that users with ‘editor’ access to files from another user’s My Drive can move those My Drive files into a Shared Drive. This is possible as long as both users are members of the Shared Drive and the              member moving the My Drive files has Manger, Content Manager or Collaborator access to the Shared Drive. File permissions and links do not change when moved to a Shared Drive. People who are not Shared Drive members can still access the file with the previously granted permission. To prevent converting Microsoft Office files when uploading into Google Drive, uncheck the option “Convert uploaded files to Google Docs editor format” in the Google Drive settings. Delete and restore  Each Shared Drive has its own trash, and only members with Manager or Content Manager access can delete files and folders.  Team members who have Manager, Content Manager or Collaborator access can restore files. Files and folders in the Shared Drive Trash are automatically deleted forever after 30 days. For additional information on:  Sharing information securely, visit the Office of the Chief Information Security Officer. Ensuring compliance with privacy legislation, visit the Information and Privacy Office. Managing your records and information compliance, visit the University Records Office. UAlberta Google features and updates, visit the IST’s Email and Calendaring page. Google’s best practices to get the most out of Shared Drives.