Follow the instructions located on the University's Email and Calendar support page to forward your email account.
Important Note: To comply with federal and state regulatory requirements, HSDM and the Wyss Institute email policies prohibit users from automatically forwarding their Harvard email to another mailbox. The email forwarding feature has been disabled within O365 to help HSDM and Wyss faculty and staff adhere to this policy.
Harvard Alumni Affairs and Development offers an email forwarding service to all Harvard University alumni. A Post.Harvard email address is an address in the format firstname.lastname@example.org, which can be set to forward to a designated email address. Alumni can create a Post.Harvard address by registering for Alumni.Harvard, then activating email forwarding.To learn more please visit Harvard's alumni page.
Email Forwarding: Risks and Recommendations
While there is no security policy that prohibits automatic forwarding of email to an outside account, there are a number of risks inherent in doing so. Some of the risks are as follows:
- Lack of strict password enforcement. Gmail and other services do not share the standard HMS password complexity standard, nor do these systems force a periodic password change.
- No backup/restore options.
- Permanent deletion. As we've seen with some social networking sites, messages that are deleted may never be truly gone from the host systems.
- Lack of liability from service providers. Generally vendors such as Google waive liability when you sign up for an account. Any data leaks would be the responsibility of the user.
- Email is not encrypted. Local email is contained within the same server, or group of servers and may be encrypted when viewed in a mail client. However, all email leaving the schools is sent in an unencrypted form and is subject to snooping, thereby increasing the potential of data leakage.
- Gmail is open for Google to examine by default. Google looks at every email so that they can parse the messages in order to show you advertisement. There is no expectation of privacy.
If you are forwarding HMS email messages, please make sure you understand these risks. You are responsible for ensuring the security of Harvard confidential information and any high risk confidential information that may be transmitted, to or from, any outside email account.
The following practices are recommended if using Gmail to access your HMS account:
- Sign up for a Google Authenticator. Use of Google's two-factor authentication is a good way to ensure that the account is not accessed by unauthorized persons.
Information regarding the authenticator may be found here: http://support.google.com/a/bin/answer.py?hl=en&answer=1037451
- Create an email signature stating that your email account is forwarded to Gmail and is not appropriate for confidential communication.
- Your password should be a minimum of 8 characters in length containing at least one capital letter, one number and one special character.
- Your password should be changed at least once per year, in keeping with the same standards as HMS passwords.
- Never access Gmail from a public or shared computer.
- Stop automatic forwarding at the first sign of a compromised account.
Shown above are general risks and recommendations specific to email forwarding. As with any email account, diligence is required by the user to not open suspicious email attachments, to follow links or to share their account information with anyone for any reason.