The Official Web site for the Office of Information Technology - UTSA

This document should be rendered in an HTML format with cascading style sheets and JavaScript turned on.

Office of Information Technology Home Page

Skip to Main Content

Skip to Navigation

Please take a few minutes to read our Accessibility Page which will make your visit through this Web site easier.

Copyright (c) 2010. The University of Texas at San Antonio. All rights reserved.

OIT Home > Security > E-mail Best Practices

E-mail Best Practices

E-mail is not secure.  It can easily be forged and does not necessarily afford the privacy one might expect.  One could go on at length about e-mail security problems but here are a few basic things to keep in mind:

  • Do not give out your UTSA Network/e-mail password to anyone, and do not write it down where it can be easily discovered.
    Don't share it with friends and don't tell your supervisor. It is a violation of UTSA policy to share your myUTSA ID (abc123) and password with anyone. The Office of Information Technology (OIT) will never ask you for your password.
  • Do not open suspicious e-mail attachments; they may contain viruses or worms.
    A virus is malicious computer code usually spread via e-mail. Many viruses send copies of themselves to all of the contacts in your e-mail address book. Some viruses will attack and delete files on your hard drive.
  • Install an anti-virus software program and update it on a regular basis.
    Most viruses are spread through e-mail messages. Clicking on an infected attachment can spread a virus that can cripple your PC or spread it to hundreds of other computers. If possible, configure your anti-virus software to accept automatic virus definition updates from the software company.
  • Do not click links in the body of e-mails. Instead, copy and paste the link in a new tab or window.
    The message often will appear to be sent from a legitimate company, such as PayPal, eBay or a financial institution. Pretending to be another entity or individual is known as "spoofing."

    The body of a phishing e-mail message usually contains a warning that your account has been compromised and urges you to re-enter your personal information (user ID, password, credit card or account number) by clicking on a link to a Web page.
  • If you must enter a valid e-mail address on a website, considering creating a "throwaway" e-mail account.
    E-mail clients like Yahoo! Mail, MSN Mail (hotmail) and Google offer free e-mail accounts. Use this e-mail address if you are asked for a valid address.
  • Use a spam-filtering software.
    Spam-filtering software serves as a front-end to the traditional e-mail Inbox. E-mail messages are received by the spam-filtering system and a set of rules determines if each message has the characteristics of a typical spam message.

    Suspicious e-mail messages are diverted to a "quarantine" area, where the recipient has the opportunity to review each held message to determine its relevance. All other messages will go directly to your Inbox.

    Another feature of spam-filtering software is its ability to "learn" which messages to flag as spam. Users have the ability to create rules that will allow or screen out e-mail messages.

    Go to the Anti-Spam Filter page to view what anti-spam filtering software OIT offers.
  • Treat e-mail as public communications.
  • Be careful when addressing e-mail (be sure who you are sending it to).
  • Since e-mail is subject to spoofing, use common sense when assessing message validity. If you have doubts, contact OITConnect by calling 458-5555.
  • Do not put anything in e-mail you wouldn't put on a postcard.

Tools