UNIVERSITY of GLASGOW

IT Services
Home > Services A-Z > IT Services > Information Security > Email > Email security

Email security

Within email security there are a number of areas which must be considered. These areas are outlined below and guidelines are given so that the level of security that you require can be obtained.

General

Email has become the most used service for propagating virus and worm infections throughout the Internet. The security of your system and network requires that the correct measures be taken in regard to email. Bellow are several guidelines which will help you decide how to act, with security in mind, when using email.

  • Do not open any files attached to an email from an unknown, suspicious or untrustworthy source.
  • Do not open any files attached to an email unless you know what it is, even if it appears to come from a dear friend or someone you know. Some viruses can replicate themselves and spread through email. Better be safe than sorry and confirm that they really sent it.
  • Do not open any files attached to an email if the subject line is questionable or unexpected. If the need to do so is there always save the file to your hard drive before doing so.
  • Delete chain emails and junk email. Do not forward or reply to any to them. These types of email are considered spam, which is unsolicited, intrusive mail that clogs up the network.
  • When in doubt, always err on the side of caution and do not open, download, or execute any files received as an email attachment. Not executing is the more important of these cautions.
Abusive

If you are a victim of abusive emails please report this to the University Of Glasgow CERT. They will investigate and attempt to resolve the issue by liaising with the proper organisations on your behalf.

Spam

Spam is on the increase and already counts for more than half the email traffic in the UK. The University Of Glasgow has taken measures to prevent spam from entering the University email systems. However, as spamming technique is constantly developed, spam email may get through the gateways. The University Of Glasgow has a system in place to tag likely spam messages for your further investigation. Details of how you can do this are available:

http://www.gla.ac.uk/services/it/forstaff/usinge-mail/spamfilterservice/

Phishing

Phishing attacks use 'spoofed' e-mails and fraudulent websites designed to fool recipients into divulging personal data such as account usernames and passwords, financial data, etc. By hijacking the trusted brands of well-known organisations, banks, online retailers and credit card companies, phishers are able to convince up to 5% of recipients to respond to them.

Stay safe by following these guidlines:

  • Treat all unsolicited email with suspicion, regardless of who the sender appears to be.
  • Avoid clicking on links, or opening attachments in unsolicited email.
  • Never send passwords by email (the University will NEVER ask you to send your password by email)
  • When visiting a web site that requires a password, always carefully type the URL address by hand, or better still, use a 'known-good' bookmark.

If you receive any correspondence which requires you to submit personal information and you are not sure whether to proceed please contact the University Of Glasgow CERT. GLA-CERT will investigate the situation further and release the appropriate alert.

PGP

Pretty Good Privacy (PGP) is a popular program used to encrypt and decrypt e-mail over the Internet. It can also be used to send an encrypted digital signature that lets the receiver verify the sender's identity and know that the message was not changed en route. PGP is the most widely used privacy-ensuring program by individuals and is also used by many corporations. Developed by Philip R. Zimmermann in 1991, PGP has become a de facto standard for e-mail security. PGP can also be used to encrypt files being stored so that they are unreadable by other users or intruders.

PGP Public Key

GLA-CERT recommends the use of PGP as the encryption mechanism for the communication of sensitive information via email.

GLA-CERT Public Key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.4 (MingW32)

mQGiBEC3In8RBACDKi5s0sdETAuHssirkVlRkY6X/hcdZsQh0og1W6x7Qdx9H86x
jh85FzKR2x+ZYz6/q7g1/0obITEWRKQoi88u8CFe0kjm8U1jqWyAy0QZ/2o7HlKg
WPxLNOX8lMpurre8aMD//DsGOw6pe7UrLmgEo4BmYuIpKa4/INjoqdjNDwCg48Oq
H/OYt6fAxLzw/dNEGGX4nIED/2dds/w9iIfMSRbAwUuNFSubQ4yJP+ZcD1vTB4M3
79aCOLXZTDh8AX6URZE/Vp4vFf3MZZZxTDNF4OqSlZM/0QrX38QMFxIGicEAs9kk
yESNBlRxwTlS6v8CyaEGC/+r3IxoN8jXrw8HOiWXQyWM2EqTpxbpX/X2/vjlNnQW
6ZAzA/9+g1y0VdPOBPut5T7lTQh1YdkVmZkj0TX0m7ViNNoaLbQSObRvDFhiOFrA
WxDTkbZR4osl6Jx7gG0PgRx74/9BOvyYQ/P0T7IkGOAZxpj6JqndVHWV5dufa5mK
UXm2dT8+uNj7XHe3r+unJM8eamCo67BoOH08oFbpsdTCMzPSIbQZR0xBLUNFUlQg
PGNlcnRAZ2xhLmFjLnVrPoheBBMRAgAeBQJAtyJ/AhsDBgsJCAcDAgMVAgMDFgIB
Ah4BAheAAAoJEON3iW7kk9GF7xcAoLXe6nI9nDb3zJBafmePyjVKebiZAJ912Dcb
pXidGyTCP3ta0KA1qood0rkCDQRAtyKQEAgA/HecWTJTF4xMwflE0r0JAaWQBWu6
c5tJmHXwPvwbucF1Yfv/ApMHTcU7yaicYkYJ1IlruzHwLdmmzTOudGfSpg+u8T69
/o+6GX2wtqXmVOGGPXJb2OSL2svfMhEU0U+thMb0qxhooxdnpAPpn+MwFTkPHQQj
2oXWPP7ctWi0oejscowQ6ga+N9PfB2zPdXsEJFeh8aCC5tHTsh7Q5H9eRowuPMC/
EDtyQbhuCnj3DSAKKBqrYJoTNzgKeRSOXmP3B/uMCa7TQ4j9q+CfrGpZ/+ZXUAz9
3a+puIHNHA2PKe9Udaw35R8YWfVvYCkBpEabXfz6IWjfhpMeQWzFuNjyowADBggA
xU1wIIfrxb++bTXhBc0UvvCm7D7Jv53LWB9hXGRpm6TGsBXqFSUFB1kMIFuVty0e
gofM8trOv2K0cwiEh3shKpN+640OMeKW/2m0Aw4zQv6esZOiuxaqq/k10AlpF7Vg
WvPo22WaiwvZn8geKdPmnuq6QzLEKCF21lTS5lfHDTZkHIeJ8x2/ecCSSr6icY7p
lGyv6NqWt9OorMG2W/d6N8bbnqKtAM2FfU5Ae3Yqr4MI6jpUKZa+5kI4B94ld3/s
B4n4oXTA6xMdsMgeL6+w04wTRPEAelV5KVTzSeQPTkryrz7joYeXG1wx2LU/+Rci
wkQRYDO9LccJixdYrFqcYYhJBBgRAgAJBQJAtyKQAhsMAAoJEON3iW7kk9GF4o0A
n3Ts5vwAUC6i9IBAgZU5L8a1QnvJAKDGt6HLZ8bjGa3eRmzzi3G2bbLKdw==
=qIfF
-----END PGP PUBLIC KEY BLOCK-----