Re: [EXTERNAL] [SECURITY] Question Regarding Alumni email

[Scott Norton <dsnorton () UW EDU>]

No services for Alumni except for email forwarding anymore for us. (Forwarding's is becoming very fragile as people 
implement SPF, which can result in messages from senders with "locked" domains being blocked at the email providers we 
forward to.)

There is very little demonstrated value in continuing to provide service, whereas there is clear demonstration of 
impact and large potential liabilities.

  *   Number one reason people say they offer this is to "keep in touch", but for the vast majority in our analysis our 
communications where simply going to an abandoned account. Forcing a forward has a better chance of getting 
communications to an account they might actually read.
  *   Hackers love to go after these accounts, and in many cases will go unnoticed as the owner is absent.
  *   Enormous potentially liabilities and reputation risks should one of your Admin accounts become compromised.  It 
is one thing to spill your own data, but spilling the personal data from alumni can be more than a little costly for 
notification and reputation.  (Especially when people use it for access to banks and such.)
  *   Terms of service changes like what is happening with Google.

If you have a chance and the data, I really recommend you take some time to evaluate the engagement in marketing 
campaigns for users that forward vs those that continue using the provided account.

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Ken Connelly
Sent: Friday, February 26, 2021 12:15 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] [EXTERNAL] [SECURITY] Question Regarding Alumni email

us too.
On 2/26/21 1:55 PM, Ravi Kotecha wrote:
Hi All,

We allow alumni to keep email indefinitely (option 1). However, Google's recent 
announcement<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.blog.google%2Foutreach-initiatives%2Feducation%2Fgoogle-workspace-for-education%3Futm_source%3Doutreach%26utm_medium%3Demail%26utm_campaign%3DFY21-Q1-global-other-email-other-edu-product-news-workspace-launch%26utm_content%3Dproduct-news%26mkt_tok%3DeyJpIjoiT1RoaFltRTNNRE13TlRjNSIsInQiOiJJYzkwUGVCVit0czBNOUNQZlJ2NlFUQUtXaHMyRGNBRDNERXBsWFN4YzlSTTFsdDlVcmVNVzRNdWNRSEdCTXJTK0pyZDdYd2JYdEZRYVREZnY1bUtDWDNUTnJaZjM5M29lMEIxbzFndVlxRkl1d0hOdVIxUm1uK3dtdXBtQWxheXh3c0xESVNlZVVFVXgxVFdjcWN6WEE9PSJ9&data=04%7C01%7Cdsnorton%40uw.edu%7Cb3a02e68321a492269f108d8da936c49%7Cf6b6dd5bf02f441a99a0162ac5060bd2%7C1%7C1%7C637499674000609785%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=FqqLddxpgTkWw%2BKOjRqiQwfzyu2mDIztMFa7gQ%2BbM84%3D&reserved=0>
 will have us re-evaluate this.

--
Ravi Kotecha '10, M.S. '14, M.S. '20
Privacy & Information Security Analyst
Information Technology Services
Submit a security request: security () brandeis edu<mailto:security () brandeis edu>
Report phishing: phishing () brandeis edu<mailto:phishing () brandeis edu>

On Fri, Feb 26, 2021 at 2:48 PM Wilson, Lawrence <lwilson () wpi edu<mailto:lwilson () wpi edu>> wrote:
We are evaluating alternatives regarding alumni email. Right now we looking at two options:

Option 1: Allow students to keep their current WPI email address when they graduate:  @WPI.edu
Option 2: Require students to change to a new "alumni" email address when they graduate:  
@alum.WPI.edu<https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Falum.wpi.edu%2F&data=04%7C01%7Cdsnorton%40uw.edu%7Cb3a02e68321a492269f108d8da936c49%7Cf6b6dd5bf02f441a99a0162ac5060bd2%7C1%7C1%7C637499674000609785%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Y8G1AKbgqgycWT17kmcGhtMRKsLxmeBkFXz34PElHn0%3D&reserved=0>

I would be interested in how alumni email is handled in your institution. Do you use Option 1, Option 2 or Option 3: 
None of the above. If you choose Option 3 can you please explain?

Thanks,
Larry Wilson
CISO - Worcester Polytechnic Institute (WPI)

Sent from 
Mail<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkId%3D550986__%3B!!DaRZpAeNFA!MhUAqXVQ8prhBBfbhm4PNzM0dQaKicKLaakw_NX2B_JfKfq78Y-DYRgWtB0p_u3n0RM%24&data=04%7C01%7Cdsnorton%40uw.edu%7Cb3a02e68321a492269f108d8da936c49%7Cf6b6dd5bf02f441a99a0162ac5060bd2%7C1%7C1%7C637499674000619783%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=994ssBHuufD%2BO5uqyQrZLrktXOf0b3gHI30sVPfzplQ%3D&reserved=0>
 for Windows 10


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fwww.educause.edu%2Fcommunity__%3B!!DaRZpAeNFA!MhUAqXVQ8prhBBfbhm4PNzM0dQaKicKLaakw_NX2B_JfKfq78Y-DYRgWtB0pmJiNSvI%24&data=04%7C01%7Cdsnorton%40uw.edu%7Cb3a02e68321a492269f108d8da936c49%7Cf6b6dd5bf02f441a99a0162ac5060bd2%7C1%7C1%7C637499674000619783%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=ZK9%2Blg960bgpWgiSvYvhRtPahoRXvn60QreX01j2Nds%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cdsnorton%40uw.edu%7Cb3a02e68321a492269f108d8da936c49%7Cf6b6dd5bf02f441a99a0162ac5060bd2%7C1%7C1%7C637499674000629774%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=L2I9x2hb5IgGTfXUSqe%2Fn%2BeVla%2FRxWpjQW6Unk4Mw3g%3D&reserved=0>



--

- Ken

=================================================================

Ken Connelly                       Director, Information Security

Information Security Officer          University of Northern Iowa

email: Ken.Connelly () uni edu<mailto:Ken.Connelly () uni edu>   p: (319) 273-5850 f: (319) 273-3010



Any request to divulge your UNI password via e-mail is fraudulent!

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cdsnorton%40uw.edu%7Cb3a02e68321a492269f108d8da936c49%7Cf6b6dd5bf02f441a99a0162ac5060bd2%7C1%7C1%7C637499674000629774%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=L2I9x2hb5IgGTfXUSqe%2Fn%2BeVla%2FRxWpjQW6Unk4Mw3g%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community