Email is probably the most important service provided by the School of Earth Sciences pangea server computer. This service has limitations and management policies, documented here, that may affect you. In addition, you must follow the rules listed here as a condition of access to email on pangea. These rules are designed to share resources equitably.

Use of all email servers at Stanford, including pangea, is governed by the privacy and security considerations in the campus-wide Email Guidelines. These guidelines basically state that email stored on Stanford computers cannot be considered completely private and can even be subpoened in legal proceedings; and that server managers must communicate the specific backup and access features of their email service. This page provides that information for pangea.

Access rules

You may access email on pangea using programs that run directly on pangea or using an email client on a personal computer. You must use an encrypted connection method in all cases. For a personal computer email client, use either kerberos or SSL encryption. For the pine program, use an encrypted login method. Pangea's webmail program is always encrypted.

If you use an email client on a personal computer, you must configure it to perform automatic checks for new mail at intervals of at least 10 minutes, and preferably at 15 minutes or longer. Every time an email client does a check for new mail, it causes a new process to start on pangea that must read through and copy your entire "INBOX" file. This creates significant loads on the system. When many people check frequently, such as every 5 minutes, contention for disk access can become so bad that the entire email system slows to a crawl, connections are lost, and incoming email is delayed.

Do not give your pangea account password to an assistant or co-worker to let that person check your email for you. Instead, see the instructions for using kerberos authentication to allow your assistant to access your email with his/her own SUNet ID and password.

Disk usage rules

Disk space for your email is limited. Delete old messages when they are no longer needed. Move old messages you need to save to other email folders.

There are no "hard" disk quotas on pangea to limit the amount of email you can accumulate in your system INBOX. This flexibility means that pangea will always accept new email for you. But the lack of hard quotas means you are responsible to check your email and keep the size of your INBOX to a reasonable value.

Your system INBOX should be kept below 50 Megabytes or 500 email messages (by deleting old mail or saving it to local folders), except when you are out of town or otherwise unable to read your email. Letting large numbers of old email messages accumulate in your INBOX has two negative consequences:

Your email access gets slower and slower, because every time you check for new messages, the system has to read through and copy your entire INBOX to find the new messages.

As more and more people let old messages accumulate, the entire email system on pangea gets very slow for everyone, resulting in long waits and lost connections.

Do not use your INBOX as a file storage and retrieval system. If you really like using the email program to organize information, do it with folders.

If you are using pine, webmail, or an IMAP client program to manage your email on pangea, you may think that your INBOX is a good place to keep all your old mail because your program shows it to you every time, and after all, saving messages to other folders still stores it on pangea. But the difference is that your INBOX is being constantly read and written as you check for messages or new mail is received, whereas other folders are only accessed when you specifically save to them or open them. A large INBOX file generates orders of magnitude more disk activity, and thus system load, than a saved mail folder of the same size. Storing old mail in other folders, not your INBOX, dramatically improves the responsiveness of the email system for you and everyone else on pangea.

A personal computer email program like Eudora used as a POP email client shows you all the email messages it has downloaded to your local computer and lets you store and organize them there. But, if your configuration is set to Leave Mail on Server for a long or indefinite period, those same messages will be invisibly cluttering up your INBOX on pangea. Please check your configurations. If you read mail on multiple PC or Macintosh computers with a POP email client program, it is okay to configure each to "leave mail on server" for a reasonable period of time, for example, seven to fifteen days, so the other computer can also get the new messages. This time limit never erases new messages. It is only a limit on how long copies of old messages can stay on pangea after you have already downloaded them to at least one computer.

See the FAQ on cleaning up your inbox for more information.

Email attachments are a convenient way to send files to correspondents, but can make the total message very large, possibly congesting the network or disk storage areas. Pangea will process email messages (either sending or receiving) of up to 50 Megabytes total size; larger messages will be rejected. Many other email servers have smaller limits than pangea. See the Options for Offsite File Transfer page for information on other methods for exchanging large files with colleagues.

Other limits

Pangea uses the latest version of the industry standard sendmail mail transfer agent. This allows a user to setup customized automatic processing of incoming email via a program specification in the .forward file in your pangea home directory. However, for security reasons, only approved programs will work in this manner. Contact the pangea system manager if you would like to use this facility.

If you use the new pangea account maintenance web server to manage your email settings, such as spam deletion, forwarding, and vacation auto-reply, then that server manages your .forward file and you should not edit that file directly, or you may corrupt your settings.

Service guarantees

The School of Earth Sciences at Stanford University makes no guarantee that email sent through the pangea server will be properly processed in a timely fashion. However, in practice, service has been very reliable and prompt.

During the last few years, there have been no unscheduled outages (crashes) on pangea, and only two or three scheduled outages per year (of a few hours to a day) for system maintenance. During 2003, for example, pangea had 99.9% uptime.

If pangea cannot deliver outgoing email because it is unable to connect to a remote email server, it will try again every four hours for up to five days before it gives up. Email which cannot be delivered by pangea for any reason is eventually returned to the sender, so he can see that it did not get through.

Virus and spam filtering

Pangea's email server employs the Sophos PureMessage package of anti-virus and anti-spam filters to remove known email viruses and mark likely "spam" (junk email) as it processes both incoming or outgoing email. All email sent through pangea is processed by these filters; nothing is exempted.

If an email processed by pangea contains a known email virus (usually as part of an attachment), the server will remove that attachment or message text containing the virus, and add a notice of this action to the message text. The remaining portion of the email will still be delivered. The sender of the message containing the virus will not be notified by the server. This is because most emails containing viruses use false return addresses, so such a notification would likely not even go to the place where the virus message originated.

You may instruct pangea to delete messages flagged as "spam" using the pangea account maintenance web server, or you may create filters in your own email client program to perform that function.

Backup and privacy policies

Incoming electronic mail messages are stored in a system area of the disk. After being read, the user may save a copy in a normal disk file in his/her home directory. All files on pangea are mirrored (copies stored on two separate disks) to guard against loss from disk failure. Pangea disk areas are also normally and regularly backed up to tape, Monday through Friday. This provides some protection against accidental deletion by the user, or catastrophic multi-disk failure.

Backup tapes are kept for varying lengths of time, mostly for eight weeks. At least one complete backup per year (normally during winter break) is kept indefinitely. Any stored electronic mail on these tapes is "discoverable" in a legal sense.

The pangea machine room, where the backup tapes are stored, is physically secured and normally accessible only to the system managers. However, if someone does gain access to this room and knows the basic Unix utilities, he/she could recover and read the email messages that happen to be stored on the backup tapes.

Incoming email messages stored on pangea's disks are normally not readable by anyone other than the recipient. However, they are not completely secure. Anyone with root (superuser) access can read any file on the system. Although no "cracker" has ever gained such access on pangea, it is theoretically possible that some future software flaw could be used by an unauthorized person to gain root access, and thus access to other's email.

Managers with legitimate root access (currently five people on pangea) can potentially read another user's email. Random access is prohibited by policy. A manager might read a user's email with permission to solve a problem, or without permission in a case where it was suspected that destructive or illegal activities were being perpetrated from that account, whether by the user himself or by a "cracker" who has broken into that account.

If you send an electronic mail message and the system cannot deliver it due to a badly formed address, or gateway machine down, or similar causes, the email message is returned to the sender and a copy of the email headers may be sent to the system manager. The purpose of this is to alert the manager to potential systemic problems in the email system. The headers contain only routing information (to whom the email was sent, and the route it took), but very rarely, some portion of the actual message text will be included in the notification sent to the system manager.

Email on pangea is neither completely secure against loss nor completely private. Sensitive information should probably not be transmitted by email, or should be encrypted first. If you are trying to transmit crucial information by email, you should check by another means that it has been received.

Comments?

Email service on pangea ends on Nov 1, 2007. Information on this page is only valid until that date, for accounts that have not yet switched to another service. Follow instructions to switch your email now!