Policies and Guidelines

Email Policy - links you to a PDF explaining Western's Email Policy

Procedures Relating to Security and Privacy of Computing, Information and Technology Resources

Prohibited File Attachments - learn what type of file formats are forbidden from being email attachments.

As the popularity and use of email has increased so has the distribution of viruses and spyware/malware through email.   As a result, Western has chosen to block certain file types that windows operating systems have a built in association to auto launch and which are commonly used to infect computer files or compromise security.  This is crucial as it is not just the recipient's computer that becomes compromised, but all computers attached to the network through both the wired and wireless systems.

List of Prohibited File Attachments

The following file types are currently being blocked by the Western mail servers:

.ade, .adp, .app, .asd, .asf, .asx, .bas, .bat, .bin, .chm, .cmd, .com, .cpl, .crt, .drv, .dll, .emf, .exe, .fxp, .hlp, .hta, .hto, .inf, .ini, .ins, .isp, .js, .jse, .lib, .lnk, .mdb, .mde, .msc, .msi, .msp, .mst, .ocx, .ovl, .pcd, .pif, .prg, .reg, .scr, .sct, .sh, .shb, .shs, .sys, .url, .vb, .vbe, .vbs, .vcs, .vxd, .wmd, .wmf, .wms, .wmz, .wsc, .wsf, .wsh.

* The restriction on .rar and .zip files has been lifted. If you receive a message indicating these file extension have been blocked it is because they contain nested file extension that are still restricted. These files will then need to be password protected in order to be delivered.

Understanding the Behavior

Due to the complexity of the email environment message delivery is processed differently if originating from internal or external sources.

Messages Originating Internally

When a prohibited attachment has been blocked, it will not deliver the attachment to the recipient but the message will still be delivered. The sender will not receive any notification that the attachment has been removed. The attachment will be permanently deleted, and there is no way of recovering this file. The recipient will receive a text (.txt) file embedded into the body of the message in place of the removed attachment. This text file will contain the following message:

A file filename.extension attached to this message has been deleted by the University of Western Ontario's mail server because its type has been identified as a possible security risk to you. 

Messages Originating Externally

When a prohibited attachment has been blocked, the message is rejected and the senders mail server is provided with the response; "554 5.7.1 Attachments with file extension zip are not accepted."  In addition to the original sender receiving a more timely response the recipient is no longer obligated to follow up with the sender to reiterate our policy on prohibited file attachments. 

How does this affect me?

To bypass the restrictions of the university mail system on attachments use a compression software that provides password protection. Since most of these software programs are on our list of prohibited attachments you will also need to rename the output. As the sender include the original file type and password in the body of the message. For assistance, please contact the Helpdesk at 519 661-3800.

Sending Rate Limits - describes the sending rate limits to external email addresses.

The Western email system limits the rate at which messages can be sent to external email addresses. Email rate limits mitigate the impact of compromised hosts or accounts on our email system. These limits were carefully chosen to minimize the impact on legitimate email traffic, however some legitimate senders may be impacted.

Current rate limits

Office 365

Sending Limits
Sending Rate Limits Recipient rate limit Recipient limit Recipient proxy address limit Message rate limit (SMTP client submission only)
Limit 10,000 recipients per day 500 recipients 200 30 messages per minute
Receiving Limits
Receiving Limits Messages received
Limit 3600 messages per hour

Internal vs external recipients

Rate limits only apply to email messages sent to external recipients. External recipients are those not hosted by WTS, such as @gmail.com or @hotmail.com. Emails to @uwo.ca addresses, or other domains hosted by WTS, are not rate limited and do not count towards your rate limit.

Rationale

Western's ability to effectively deliver legitimate messages to the internet depends on having a good reputation as an email sender. Each time Western's email servers are misused to send spam, that reputation is damaged. Other mail domains may begin throttling our mail, or blocking us entirely for a period of time. We may become listed on any number of dynamic blacklist services used by email service providers across the world. This negatively impacts our ability to deliver legitimate mail for all of Western.

The two major sources of spam in our email system is compromised accounts, such as through phishing attacks, or virus-infected hosts connected to our network. While we take steps to minimize the occurrence of these cases, we cannot completely prevent them, and from time to time they will appear on our network and be used to blast spam through our mail servers.

In order to reduce the volume of spam which makes it through our mail system and onto the internet, we make use of email rate limiting. This can lower the volume of spam sent in each incident from millions to a few thousand. Since spam message we relay can impact our reputation as an email sender, this reduction is vital in the operation of our service.

Comparison to other ESPs

While selecting an appropriate rate limit for our Tier 1 clients, we looked at rate limits used by other major email service providers. We found that several major ISPs (Comcast, Earthlink, Roadrunner) used a rate limit of 1000 messages per day, while most major free webmail providers (Gmail, Hotmail, Yahoo!) used a limit of 100 to 500 recipients per day. We feel that, as a University, a limit somewhere between these two numbers is appropriate.

The rate limit for our Tier 2 clients is much lower, because these clients are considered to be higher risk. Compromised accounts from phishing attacks frequently use Convergence or direct SMTP connections from off-campus. Wireless and Reznet clients are considered higher risk because compromised devices are more commonly brought onto campus and connected to these networks. Applications used for sending mass emails would typically be run on an on-campus workstation or server, which would fall under the tier 1 rate limit and are still subject to the guidelines listed under Sending Email to a Large Group.

Impact on Western users

Most Western users will likely never be affected by Western's email rate limits. In the case of Tier 1 clients, we estimate that less than 0.2% of clients will be affected.

Those likely to be affected will be users or departments which send run software on their workstation or department's server which sends mass mailings or other email notifications to external email addresses. Email senders who hit the rate limit will receive the following message in the form of a pop-up in their email software:

550 5.7.1 Recipient rate limit exceeded. Try again later. 

When this message appears, the message being sent will not be processed. If sending to multiple recipients in the same message, none of the recipients will receive the message. Repeatedly trying to re-send will push your client further over the limit, but will not allow further messages to be sent. See the following workarounds and best practices below.

If you are seeing the above error message, but are not aware of having sent messages to a large number of recipients, it's possible that your computer is infected with a virus or your Western Identity has been compromised, and is being used to send spam. If you believe this to be a possibility, please change your Western password immediately and contact the Helpdesk for further assistance.

Workarounds and best practices

If sending mailings to a large number of external recipients, be aware of the two tiers of rate limits. To avoid being affected by the rate limits, try the following workarounds:

  • If sending from one of the tier 2 areas, try sending from the on-campus wired network instead.
  • Faculty and staff can use a Group for your mailing, which is unaffected by rate limits.
  • Students can use external mailing list services, such as Google Groups, which would count as a single external address.
  • Send messages to a small number of recipients over a longer period of time, to stay below the rate limits.
  • Official communications may be eligible to be sent by WTS, using our professional mass mailing application. Contact the Helpdesk to inquire further.

After trying the above workarounds, if you are still experiencing difficulties sending large mailings, please contact the Helpdesk to request further assistance.

Please be aware, email communications to large groups are subject to all the guidelines and policies listed on the page, including formatting, subject matter, recipient selection, scheduling, rate limiting and opt-out procedures.

End of Relaying to External Sender Domains - explains WTS' policy against accepting emails addressed from an external sender.

Western’s back-end email servers (smtp.uwo.ca, mta.uwo.ca) do not accept emails addressed from external sender domains due to the service being abused by spammers, phishers, and viruses as an avenue to forge email addresses.

In addition to our primary @uwo.ca email domain, WTS hosts email services for approximately two dozen other Western-related email domains. Western senders therefore are limited to addresses within the set of domains which WTS hosts. When a sender tries to send email from any other domain, the message will be rejected.  This helps to curtail the activities of spammers and viruses, as well as correct several client configuration errors we have detected. 

This only applies to email sent through Western’s back-end SMTP email servers. Incoming emails to Westerns’ front-end email servers will still be accepted, so long as the recipients are valid and the messages pass our spam filters.

How does this affect me?

Most users are unaffected by this policy, but there are some legitimate senders that may need to consider how they send email.  End users may fall into categories #1-2 below, but server administrators may also need to consider categories #3-4.

1. End users sending from external domains

Some users may have unintentionally configured their email clients to use an external email account, but mistakenly set the outbound email server to smtp.uwo.ca (or mta.uwo.ca). This has the effect of sending your outside account’s email through Western’s email servers. These users need to reconfigure their email clients to use the email server provided by their outside email service provider.

2. Bulk/Mass email senders and application notifications

Users who conduct bulk or mass email campaigns, or applications which send email notifications, may be sending email using an external sender domain. If you’re sending with an application that is internal to Western, and are sending through Western’s SMTP server, you will need to ensure that you’re sending from a valid, deliverable email address within an email domain which is hosted by WTS. It is strongly recommended that you specify a sender address that you own, so you can receive replies and bounces. You should not be using sender addresses provided by end users, since this can be exploited by spammers.

If you’re sending from an external service, you should be unaffected, since the service should be handling email delivery for you using their own domain as a sender address.

3. System emails from server machines

Server administrators may need some way for their servers to send email notifications, alerts, reports, etc. It is common for Unix/Linux type systems to send such emails using user@full.name.of.host.uwo.ca as the sender address. If these servers are configured to push all mail to smtp.uwo.ca (or mta.uwo.ca), then these are affected by this policy.

Since @full.name.of.host.uwo.ca is not an email domain which WTS hosts (even if it may be a sub-domain of such), these messages are rejected. Your server should be configured to rewrite/masquerade the sender addresses to use valid, deliverable email addresses within an email domain which is hosted by WTS.

If you fall into this category, IWS has some solutions for configuring the local Sendmail configuration on Linux hosts. Please let us know and we can assist you with implementing this solution.

4. Other campus email servers

Email servers being operated on campus should not be sending email to smtp.uwo.ca (or mta.uwo.ca).  They should send email directly to the hosts specified in the MX records of the recipient domains.

Sending Email to a Large Group - guidelines to follow when sending to a large number of email addresses

Western email accounts can send an email to a large Group they manage in Office 365.  Faculty and staff can also request assistance from Wesern Communications or the Office of the Registrar if they need to have a specific group of email addresses defined before the message can be sent. 

Western Communications will work with Western HR to coordinate emails to large groups of faculty and/or staff and the Office of the Registrar can help with emails to large groups of students.

To ensure that your email will be successfully delivered, please follow these guidelines:

Sender Addresses

  • The address used in the SMTP MAIL FROM (envelope sender address) must be a valid and deliverable address under the sender's control to receive Delivery Status Notifications (bounce message)
  • The address used in the From: header must be a valid and deliverable address under the sender's control to receive replies and auto-replies

CASL Compliance

  • Messages must comply with applicable Canada's Anti-Spam Legislation (CASL) requirements including:
    • Clearly identifying the sender of the message and provide contact information
    • Stating the scope of who is being contacted and the purpose of the message
    • Providing an opt-out mechanism to prevent further mailing

Published on  and maintained in Cascade.