Forwarding from Zimbra

While it is possible to forward emails from your Zimbra account to another external account, ITS strongly recommends against this practice unless there is a special need. If there is a special need to forward your email, then it is important to be aware of additional responsibilities that exist by making this change.

SPF: Sender Policy Framework is a way to fight spam by blocking email forgery (trying sending emails “from” someone that isn’t you). The downside is that it makes forwarding emails to another email address very risky. If you ever receive emails from off campus (not @earlham.edu) and those are forwarded to another email server it will mostly likely fail the SPF check as the email isn’t originally from @earlham.edu.

Privacy: When forwarding to a Google account or another personal message provider, your data may be scanned for commercial purposes. By forwarding e-mail to an outside account, you are making a privacy decision for the sender. This is particularly problematic if student data is forwarded.

Security: Employees need to be aware that they are individually responsible for the security of their personal accounts. If you opt to forward messages and experience security issues that impact the confidentiality, integrity, or availability of College data you will be individually responsible for these outcomes.

FERPA Compliance: College e-mails may contain sensitive or protected information. By configuring your Earlham College e-mail account to forward messages to another provider, you risk exposing student information. The Family Education Rights and Privacy Act of 1972 (FERPA) is a federal law that protects the privacy of student education records. By forwarding e-mails you risk violating federal law should you forward email messages that contain student education records or information (e.g. grades / transcripts, advising records, personally identifiable information, student schedules, exams, papers, theses, etc.) to an email provider that does not legally acknowledge FERPA obligations. If you will routinely be e-mailing this type of information you should not use a personal e-mail account.

GLBA Compliance: The Gramm-Leach-Bliley Act (GLBA) of 1999, outlines specific provisions for protecting consumer financial information against loss while in our hands. This act holds Earlham accountable for responsibly handling customer financial data and personal identifying information, including through e-mail. By using your personal e-mail account to transmit or store financial information you put the College at risk.

If you have questions about any of these items, please don’t hesitate to reach out to IT Support.