CSIR-NGRI E-Mail Policy

A Brief Overview about E-Mail Policy


CSIR-NGRI provides Electronic Mail (e-mail) service for its staff, including temporary and contract staff on need basis to facilitate them discharge their official duties effectively. Department wise and designation wise also a few IDs exist. CSIR-NGRI will control the allocation of e-mail access and suggest standards for the use and content of e-mails. NGRI will make every attempt to keep email messages confidential. However, under certain circumstances (request for access by a designated Govt. Investigating agency), it may be necessary for authorized NGRI officials to access email files in connection with abuse incidents or violations of this or other NGRI policies by the user. The users are requested to go through the Indian IT Act-2000 and IT (Amendment) Act-2008 in their own interest.

Purpose and Scope:

I. Purpose
The use of the e-mail facility has its associated legal and IT security risks; therefore, the purpose of this document is to state the policy of CSIR-NGRI on the e-mail allocation, its use and suggest measures required to be followed for doing the transactions securely. 

II. Scope
This policy applies to all mail processed by server(s) owned and / or operated by CSIR-NGRI.

Policy:

Limits at Mail Gateways:
 
•    All incoming and outgoing mails to and from CSIR-NGRI shall enter and leave the Network through the  NGRI-SMTP Gateway (NGRI Mail Server). 

•    CSIR-NGRI Mail Server is configured for a message size of 25 MB (this includes mes-sage header, all attachments encoded into printable ASCII characters) only.

•    All e-mail will be subjected to an automated scanning process to determine the likelihood of that message being a spam or virus-affected message and will be delivered / delivered with warnings / rejected accordingly.

•    The Mail Server can be accessed from NGRI Webmail or either from any other mail client like Zimbra,   Thunderbird etc. by supplying proper credentials.

Limits for Mail Users - Permitted and Prohibited Uses:

1. NGRI  e-mail  system  is  primarily  for its use by its members for  the  execution  of  their work  related  functions and for  using CSIR-ERP applications.

2.   Personal Use:

• Personal use   is   permitted   provided staff applies discretion and common sense in using the facility

• Personal use will be permitted but the volume and frequency of such use should not overload the Server/ Storage efficiency/operation at any point of time.   

• In case of any doubt regarding acceptable use of Mail server, it is the responsibility of the user to take any necessary steps to get clarifications or to seek permissions from IT Group before using the official e-mail for personal purposes.

• Staff should not provide their NGRI e-mail address for commercial or business purposes other than CSIR-NGRI related work e-mails containing the following type of material will not be permitted:
  • Non-work related video clips.
  • Material concerned with any trade or business.
  • Non-work related newsletters or circulations.
  • Any form of commercial advertising.
  • Sexually explicit language or innuendo.
  • Any form of electronic games.
  • Any form of chain letter or material intended for onward transmission.
  • sending of junk mail or unsolicited mail or the like.
  • passing on sensitive information of the institute without authorization.
3. Bulk mails: Maximum number of mail addresses that can be included in a single outgoing mail is set at 20 at    the Server level.  In other words the maximum recipients allowed per mail is 20. 

4. Users are advised to move important mails to customized folders as required and are further advised to take    regular backups of their important mails.

5. Mail Restoration requests will NOT be entertained.

1. Unsolicited  e-mails,  or  e-mails  from  any  source  that  may be suspicious or of  nuisance value are 
    recommended to be deleted.

2. It may be noted that the recipient will NOT get any notification of a missed mail:
• If the mail intended for him/her exceeds the limits mentioned above.
• If the mail intended for him/her has a Virus.

Anti-Virus Policy:

The purpose of the Anti-Virus policy is to prevent infection of NGRI computers from virus and other malicious code. This policy is intended to prevent major and widespread damage to user applications, files, and hardware.

The NGRI email server has virus protection software setup to:
•  Inspect every incoming and outgoing message.
•  Automatically delete all email attachments that may include embedded virus/malicious code. Example: file extensions like exe, pif, bat etc.

Users are recommended not to open attachments of e-mail messages or hyper-links provided in emails from unknown or unexpected sources. They may contain malicious code which may have the potential to
•  damage your computer software
•  steal your personal details including your passwords, Bank Card / Credit Card numbers etc
and send them to hackers.
•  send messages from your mail account and your computer to someone without your knowledge
•  work on your computer using your resources.

The users are therefore recommended to delete such messages.

Users are recommended NOT to disable Anti-virus features / scanning on their computers. They are  recommended to clean the system regularly.

All computers connected to the NGRI LAN shall have NGRI procured antivirus software correctly installed, configured, activated, and updated with the latest version of virus Signatures / definitions before or immediately upon connecting to the network. In order to prevent virus propagation to other networked devices and to limit the detrimental effects to the network, computers infected with viruses / other forms of malicious codes will be disconnected by IT Group from the network until the infection is removed. Therefore try to keep your computer(s)  virus-free.

For the computers / laptops supplied by NGRI for official use the Anti Virus licenses procured by NGRI can be installed by IT Group Personnel. Laptops, desktops and other devices belonging to individuals are strictly prohibited on NGRI-LAN and Anti-Virus licenses procured by NGRI cannot be installed on them. 

Spam Handling Policy:

In order to fight SPAM, IT Group has installed spam filtering tools. Whenever a mail is detected as spam, prefix [***SPAM***] will be added to subject.  The  SPAM mails are automatically dropped in Junk Folder for your convenience. The SPAM mails are set to be deleted automatically after 30 days.

Social Networking Sites, Public domain Policy:

Staff who have got accounts in Social Networking sites belonging to the public domain are prohibited from using official NGRI e-mail addresses to register or  create  blog  sites as there is a potential risk  of  leak of sensitive information  into  the  public  domain, which  may cause irreparable damage to the Intellectual Property (IP) of the institute. 

Additional Precautions E-mail Users Should Take:

NGRI email users should use the following techniques to avoid unwanted email:

• Do NOT publish your official email address on public web sites
• Do NOT register with email directory services.
• Unsubscribe from the Newsletter services which are not necessary.
• Phishing is a fraudulent attempt, usually made through email, phone calls, SMS etc. seeking your personal
   and confidential information.  DO NOT RESPOND TO THEM.
• NGRI IT Group never sends you email/SMS or calls you over phone to get your personal information,
   password(s).
• Any such e-mail/SMS or phone call is an attempt to fraudulently access your e-mailbox / hack the NGRI
   email server.
•  Please report immediately to IT Group if you receive any such email/SMS or Phone calls.
•  Change your passwords at frequent intervals and remember them; do not write anywhere; do not reveal to
    anyone.
•  Change your password, if you have accidentally revealed your credentials or in doubt about its confidentiality
•  Use  an  alternative  email  address  (such  as  free  account  from  sites  such  as Gmail, Hotmail, Yahoo,
    Rediff, Mailcity, Excite etc.) to post to bulletin boards or forums or to register with Newsletters, Social
    Networking sites and for personal use.
• Contact   the   postmaster   of   the   site   that is sending spam to you by mail-ing to
    postmaster@SENDER's  Domain.

Responsibility:

IT Group is the Policy Administrator and will ensure this process is implemented and followed at CSIR-NGRI. Additionally, PIs / PLs / Head of Divisions are responsible for compliance with NGRI email policy within their respective administrative areas.

Any breach of the rules in this Policy could result in an investigation and necessary disciplinary action at the discretion of the Director.

This email policy is dynamic in nature and subject to changes whenever new threats or needs or to meet any unforeseen circumstances, and to meet the regulatory requirements and / or technical challenges.

This policy is being issued with the permission of the Director, CSIR-NGRI.

E-Mail Disclaimer:

All E-mail messages sent will have the following E-mail disclaimer at the end of the message:

          **************CSIR-NGRI*************** Disclaimer ************CSIR-NGRI****************
“This  email,  together  with  any  files  or  attachments  transmitted  with  it,  is intended  solely  for  the addressee.  If  you  are  not  the  intended  recipient, please  delete  the  email  and  notify  the  sender /originator immediately.  Please note  that  any  unauthorized  copying,  disclosure  or  other processing  of  this information  may  be  unlawful.  Unless  otherwise  stated,  any  opinions expressed in  this  email are those  of  the  originator  and  not  necessarily of CSIR-NGRI.”
          ************CSIR-NGRI************* End of Disclaimer ***************CSIR-NGRI***********