University Council has approved a change in IT Regulations (Gazette, 4 May 2023): from 1 August 2023, the automatic forwarding or routing of email from a University email address to an external, non-University of Oxford, account will no longer be allowed, except in exceptional circumstances.
What do I need to do?
If you are automatically forwarding your University emails to an external account you will have received emails from the project with more information. If you don’t disable auto-forwarding in advance, it will be automatically switched off on 1 August. Guidance on how to turn off auto-forwarding is available on the Email Security and Simplification webpages.
Can I still forward emails?
You will still be able to forward individual emails to external email accounts. You may also create one or more rules in Outlook on the Web to forward a subset of emails, for example based on sender, to an external email address. For guidance, please see the IT Help website. Any forwarding of emails to external accounts should be in line with the University’s Data Protection Policy.
Why is automatic email forwarding a problem?
Automatic email forwarding is a significant security risk because when you set all your email to forward to an external email address, you are circumventing the protections put in place to prevent University accounts from being compromised, such as the requirement for strong password rules and multi-factor authentication (MFA).
It’s also a significant data handling risk because if emails are indiscriminately forwarded outside the University internal or confidential data may be unintentionally forwarded – for example, a commercial contract or sensitive personal data from a student or colleague. There is a range of responsibilities on the University and individuals regarding how we manage, share and secure personal data and we cannot achieve this if there is indiscriminate forwarding to external email providers.
While this change to email forwarding may present an inconvenience for a number of people across the University, the key driver is to ensure that the University maintains appropriate control over personal data for which it is legally responsible.
For more information, please see the Email Security and simplification project webpage. Please contact your local IT support team or the central Service Desk for further help