Email FAQs: Access and Security

Who can view my email without my permission?

Typically email administrators have access to users' email accounts but should view them under two circumstances only: 

  • when troubleshooting technical problems 
  • if university policies or contractual obligations are violated

If violations occur, users also can expect supervisors in their chain of command to have access to their email accounts.

What policies exist concerning email privacy?

The Office of Information Technology's policy on "Computing and Electronic Communications at Duke University: Security & Privacy" says, in part, that the university "may find it necessary to access and disclose information from computer and network users' accounts to the extent required by law, to uphold contractual obligations or other applicable university policies, or to diagnose and correct technical problems. For this reason, the ultimate privacy of messages and files cannot be ensured." Therefore, it is advisable not to use email to communicate confidential or sensitive information unless encryption is used.

How should I manage personal email that I send or receive at work?

According to the policy on "Computing and Electronic Communications at Duke University: Security & Privacy," the university does not restrict the content of material transmitted across its networks. However, users should be aware that the ultimate privacy of messages cannot be ensured and should limit personal usage of university-sponsored email systems to a minimum. Personal email that is sent or received at work should be deleted as soon as possible or forwarded to a personal account.

Email is discoverable in legal actions. Copies of personal email also may exist on backup systems, especially if they are not purged prior to the routine backup of the email system.

Who "owns" personal email that I send or receive at work?

While personal email sent or received at work may be considered "private" in nature, U.S. courts have generally held that employees do not have a right to privacy in electronic messages sent or received at work when the employer sponsors the system. "Ownership" of such messages, unless they fall within intellectual property definitions, should be considered to reside with the employer.

Should faculty be cautious when communicating with students via email?

Several FAQs have established that email is neither secure nor private. While it is unavoidable that faculty and students will discuss sensitive issues via email — such as grades, advisory issues or academic progress — both parties should be aware of protections afforded to them.

The University Registrar has enacted policies concerning the release of student-identifiable information, in accordance with the Family Education Rights and Privacy Act (FERPA). Faculty members and students should be familiar with the policy. Email correspondence to and from students, if made or received by faculty members or administrators for their own use and not shown to others, falls outside the definition of "education records," according to this policy.

Faculty members should continue to be aware of the security issues surrounding the use of email. It is not always the best replacement for an old-fashioned telephone call.

Should I discuss sensitive or confidential issues using email?

Email is not always a secure communications medium, and users should have no expectation of privacy when using it. You should consult your email system administrators and your supervisor to discuss using email to transmit sensitive or confidential information. They can tell you about safeguards in place to protect that information, such as encryption. Your department may have policies against using email in certain cases, such as transmitting protected health information or discussing personnel matters.

Why do I get so much "spam," and what can I do to avoid it?

Unsolicited or junk email ("spam") clogs nearly everyone's email inbox and can affect email system performance, can spread computer viruses and can be aggravating.

Email software differs, but most packages contain some sort of filtering capability. In addition, there may exist filtering options at a larger, system-wide level. To learn about your email system's filtering functions, contact your email system administrator. To avoid spam:

  • Do not open spam
  • Don't purchase anything from spammers
  • Don't post your real email address on a forum or an online bulletin board
  • Don't reply to spam
  • Block spam with filters
  • Always choose "do not sell my email address," if you have a choice

When I delete an email message is it really deleted?

Email systems differ in their deletion functions. Generally, deleting a message sends it to a "trash" folder or marks it with an "X." The user must then instruct the system to "empty the trash" folder or purge messages that have been marked for deletion. Some systems can be set to automatically purge deleted messages when the user exits the system. Consult your email system administrator to learn about your deletion/purge functions.

Users also should inquire about the frequency of backup procedures. Many email system administrators perform backup after hours. If a message resides on the system and has not been purged when backup is performed, it may reside on the backup copy for a number of days or weeks, until that particular copy is recycled or erased/reused.