A Brief Overview about E-Mail Policy
CSIR-NGRI provides Electronic Mail (e-mail) service for its staff, including temporary and contract staff on need basis to facilitate them discharge their official duties effectively. Department wise and designation wise also a few IDs exist. CSIR-NGRI will control the allocation of e-mail access and suggest standards for the use and content of e-mails. NGRI will make every attempt to keep email messages confidential. However, under certain circumstances (request for access by a designated Govt. Investigating agency), it may be necessary for authorized NGRI officials to access email files in connection with abuse incidents or violations of this or other NGRI policies by the user. The users are requested to go through the Indian IT Act-2000 and IT (Amendment) Act-2008 in their own interest.
Purpose and Scope:
The use of the e-mail facility has its associated legal and IT security risks; therefore, the purpose of this document is to state the policy of CSIR-NGRI on the e-mail allocation, its use and suggest measures required to be followed for doing the transactions securely.
This policy applies to all mail processed by server(s) owned and / or operated by CSIR-NGRI.
Limits at Mail Gateways:
• All incoming and outgoing mails to and from CSIR-NGRI shall enter and leave the Network through the NGRI-SMTP Gateway (NGRI Mail Server).
• CSIR-NGRI Mail Server is configured for a message size of 25 MB (this includes mes-sage header, all attachments encoded into printable ASCII characters) only.
• All e-mail will be subjected to an automated scanning process to determine the likelihood of that message being a spam or virus-affected message and will be delivered / delivered with warnings / rejected accordingly.
• The Mail Server can be accessed from NGRI Webmail or either from any other mail client like Zimbra, Thunderbird etc. by supplying proper credentials.
Limits for Mail Users - Permitted and Prohibited Uses:
1. NGRI e-mail system is primarily for its use by its members for the execution of their work related functions and for using CSIR-ERP applications.
2. Personal Use:
• Personal use is permitted provided staff applies discretion and common sense in using the facility
• Personal use will be permitted but the volume and frequency of such use should not overload the Server/ Storage efficiency/operation at any point of time.
• In case of any doubt regarding acceptable use of Mail server, it is the responsibility of the user to take any necessary steps to get clarifications or to seek permissions from IT Group before using the official e-mail for personal purposes.
• Staff should not provide their NGRI e-mail address for commercial or business purposes other than CSIR-NGRI related work e-mails containing the following type of material will not be permitted:
3. Bulk mails: Maximum number of mail addresses that can be included in a single outgoing mail is set at 20 at the Server level. In other words the maximum recipients allowed per mail is 20.
4. Users are advised to move important mails to customized folders as required and are further advised to take regular backups of their important mails.
5. Mail Restoration requests will NOT be entertained.
1. Unsolicited e-mails, or e-mails from any source that may be suspicious or of nuisance value are
recommended to be deleted.
2. It may be noted that the recipient will NOT get any notification of a missed mail:
• If the mail intended for him/her exceeds the limits mentioned above.
• If the mail intended for him/her has a Virus.
The purpose of the Anti-Virus policy is to prevent infection of NGRI computers from virus and other malicious code. This policy is intended to prevent major and widespread damage to user applications, files, and hardware.
The NGRI email server has virus protection software setup to:
• Inspect every incoming and outgoing message.
• Automatically delete all email attachments that may include embedded virus/malicious code. Example: file extensions like exe, pif, bat etc.
Users are recommended not to open attachments of e-mail messages or hyper-links provided in emails from unknown or unexpected sources. They may contain malicious code which may have the potential to
• damage your computer software
• steal your personal details including your passwords, Bank Card / Credit Card numbers etc
and send them to hackers.
• send messages from your mail account and your computer to someone without your knowledge
• work on your computer using your resources.
The users are therefore recommended to delete such messages.
Users are recommended NOT to disable Anti-virus features / scanning on their computers. They are recommended to clean the system regularly.
All computers connected to the NGRI LAN shall have NGRI procured antivirus software correctly installed, configured, activated, and updated with the latest version of virus Signatures / definitions before or immediately upon connecting to the network. In order to prevent virus propagation to other networked devices and to limit the detrimental effects to the network, computers infected with viruses / other forms of malicious codes will be disconnected by IT Group from the network until the infection is removed. Therefore try to keep your computer(s) virus-free.
For the computers / laptops supplied by NGRI for official use the Anti Virus licenses procured by NGRI can be installed by IT Group Personnel. Laptops, desktops and other devices belonging to individuals are strictly prohibited on NGRI-LAN and Anti-Virus licenses procured by NGRI cannot be installed on them.
Spam Handling Policy:
In order to fight SPAM, IT Group has installed spam filtering tools. Whenever a mail is detected as spam, prefix [***SPAM***] will be added to subject. The SPAM mails are automatically dropped in Junk Folder for your convenience. The SPAM mails are set to be deleted automatically after 30 days.
Social Networking Sites, Public domain Policy:
Staff who have got accounts in Social Networking sites belonging to the public domain are prohibited from using official NGRI e-mail addresses to register or create blog sites as there is a potential risk of leak of sensitive information into the public domain, which may cause irreparable damage to the Intellectual Property (IP) of the institute.
Additional Precautions E-mail Users Should Take:
NGRI email users should use the following techniques to avoid unwanted email:
• Do NOT publish your official email address on public web sites
• Do NOT register with email directory services.
• Unsubscribe from the Newsletter services which are not necessary.
• Phishing is a fraudulent attempt, usually made through email, phone calls, SMS etc. seeking your personal
and confidential information. DO NOT RESPOND TO THEM.
• NGRI IT Group never sends you email/SMS or calls you over phone to get your personal information,
• Any such e-mail/SMS or phone call is an attempt to fraudulently access your e-mailbox / hack the NGRI
• Please report immediately to IT Group if you receive any such email/SMS or Phone calls.
• Change your passwords at frequent intervals and remember them; do not write anywhere; do not reveal to
• Change your password, if you have accidentally revealed your credentials or in doubt about its confidentiality• Use an alternative email address (such as free account from sites such as Gmail, Hotmail, Yahoo,
Rediff, Mailcity, Excite etc.) to post to bulletin boards or forums or to register with Newsletters, Social
Networking sites and for personal use.
• Contact the postmaster of the site that is sending spam to you by mail-ing to
IT Group is the Policy Administrator and will ensure this process is implemented and followed at CSIR-NGRI. Additionally, PIs / PLs / Head of Divisions are responsible for compliance with NGRI email policy within their respective administrative areas.
Any breach of the rules in this Policy could result in an investigation and necessary disciplinary action at the discretion of the Director.
This email policy is dynamic in nature and subject to changes whenever new threats or needs or to meet any unforeseen circumstances, and to meet the regulatory requirements and / or technical challenges.
This policy is being issued with the permission of the Director, CSIR-NGRI.
E-Mail Disclaimer:**************CSIR-NGRI*************** Disclaimer ************CSIR-NGRI****************
All E-mail messages sent will have the following E-mail disclaimer at the end of the message:
“This email, together with any files or attachments transmitted with it, is intended solely for the addressee. If you are not the intended recipient, please delete the email and notify the sender /originator immediately. Please note that any unauthorized copying, disclosure or other processing of this information may be unlawful. Unless otherwise stated, any opinions expressed in this email are those of the originator and not necessarily of CSIR-NGRI.”************CSIR-NGRI************* End of Disclaimer ***************CSIR-NGRI***********