External Automatic Forwards
University data can be transmitted to uncontrolled locations such as personal email accounts, or attacker-controlled mailboxes when external automatic forwards are set.
Frequently Asked Questions
Q: Why is auto forwarding my email to an external account dangerous?
A: There are several common techniques that can occur when auto forwards are set, including:
- Data Leakage/Data Breach- University data could be sent to a device that does not comply with the Universities policies and standards.
- Setting up forwarding rules to obtain access to a steady stream of email without needing to sign-in again.
- Reputational Damage – If an account is compromised, the hacker could use the account auto forward to spam multiple email addresses. This could see our mail servers added to a blacklist.
- Compliance and Privacy – Again data that is intended to stay internal to the University may be being sent to a non-compliant device.
- The external mail servers you are forwarding to may not be secure and safe.
Q: Does this change affect the use of the ‘Forward’ button in Outlook?
A: No, you can still forward individual messages from your mailbox.
Q: Does this change affect automatic forwarding between University email addresses?
A: No, this change only affects forwards to external mailboxes.
Q: Why is it better to use our Edinburgh Napier mailbox without forwarding to my personal email account?
A: Edinburgh Napier email is encrypted internally so they keep the data safe.
Q: Does this change affect students?
A: No, this change only affects staff.