Skip over navigation


Electronic mail or e-mail has provided a convenient way for computer users to communicate with individuals across campus and the world. Through e-mail, users can send basic plain text messages and complex files to one or more individuals or groups in seconds, reply and forward messages with a few mouse clicks, keep track of e-mail conversations, etc. Often, pieces of confidential information find their way into a piece of e-mail with the sender giving such information little thought. After all, we log into the e-mail service with a password and measures are taken to secure our e-mail servers and networks. So, e-mail is secure, isn't it? Unfortunately, the answer to the above question is a resounding, "It depends."

Is e-mail secure?

When you send an e-mail message using your Princeton account, the first step is for it to travel over the Princeton University network to your e-mail server or "local post office." The exchange between your computer and your local post office could theoretically be viewed by someone with access to the local post office or to the network hardware. However, until recently, such access has been controlled and limited to a few authorized members of the support staff, so the risk until recently has been minimal.

However, with the advent of wireless communications, the communication between your computer and the local post office travels part of the way through the air. During that time, it is quite vulnerable to being intercepted by anyone who can obtain one of many the readily available eavesdropping devices in the marketplace. One way to protect the confidentiality of e-mail between your workstation and the local post office, even over wireless, is to make sure your computer's e-mail program is configured to encrypt its exchanges with the local post office. Many of the University's workstations are set up in this manner, but not all. To confirm that your e-mail program encrypts its communications with the local post office, please contact your LAN administrator.

Thus far, we have only delivered an e-mail message to the local post office. The next step is for the local post office to send it to the recipient's post office for distribution. If the sender and recipient are connected to the same post office, i.e., they are both users of the Princeton e-mail system, then this step involves no movement of the e-mail across the network, so the risk is low, as access to the local post office is controlled. But if the recipient's post office is located outside of the Princeton network, then the e-mail will travel across the Internet, through networks and servers over which we have no control. We have no idea what security measures their administrators have in place nor do we know who could gain access to the data once it leaves our campus network.

It is important to note that the option discussed above of having your computer communicate with your local post office in an encrypted manner does not reduce the risk of e-mail exposure between your local post office and other post offices, as these devices communicate with each other in an unencrypted form.

Ultimately, the off-campus recipient receives our e-mail through his/her own connection with his/her post office. Again, we do not know whether that interaction is encrypted, what controls are placed on either device or the network between, or whether unprotected wireless communication is involved.

A word of caution:  If you are on campus, exchanging e-mail with another individual on campus, but one or both of you are using an off-campus e-mail system, such as Yahoo, Hotmail, or that of another University or organization, your e-mail messages are at risk since they will travel some of the time over potentially insecure networks.

How to secure confidential e-mail

If everyone on campus connected to the Princeton e-mail servers in an encrypted manner, e-mail exchanged among Princeton University accounts would have a low risk of exposure.

However, when e-mail involves off-campus senders or recipients, the best alternative to ensure confidentiality is to use an "end-to-end encryption" product, such as PGP ("Pretty Good Privacy"). Such products allow the sender of an e-mail message to selectively encrypt its content before sending, and allow each recipient to decrypt that same content upon receipt.

PGP and similar end-to-end encryption products use a "public key" encryption system where each user is given two keys, interrelated in such a way that whatever is encrypted using one key can  be decrypted only with the other, and vice versa.

As implemented, these products define one of each person's generated keys as his/her "private" key and the other as his/her "public" key. Each individual must always guard his or her "private" key and must not share with anyone. However, his or her "public" key can be freely made available to anyone who wishes to send encrypted messages to the individual and can even be placed in a directory.

The above technology not only provides individuals with the ability to encypt messages, but also to verify the identity of the e-mail sender through the use of digital signatures.


It is important to note that message encryption and digital signatures can only be used if both the sender and recipient have each:

  • installed compatible end-to-end encryption products on his or her computer,
  • had his or her personal pair of keys created - a public key used to encrypt messages and a private key to decrypt them,
  • sent his or her public key to the other party (or had it stored it in a common directory),
  • saved the public encryption key received from the other party (unless it is stored in a common directory).


E-mail is a convenient mode of communication and is integral to the business of the University. However, e-mail also makes it easy for people to share misleading or fraudulent information, to perpetuate Internet "urban legends," and to "spam" (send unsolicited mass-mailings for marketing or other exploitive purposes).

Sometimes the origin of spam mailings is clear. At other times the true origin has been disguised in some way. Presently, no Federal legislation prohibits such spam. The laws of New Jersey also do not presently prohibit such electronic mailings. There are laws in some other states which have been used to prosecute spammers, and some Federal legislation which might provide more protection also has been proposed.

Until there are better means of protection, here are some tips for dealing with spam.

  • Never reply to the e-mail. Ignore e-mail addresses or World Wide Web URLs provided for you to use "if you do not want to receive such mail in the future." These frequently just verify the accuracy of your e-mail address (and that you read junk e-mail!), and result in even more spam coming your way.
  • If you just want to get on with things, just delete the piece of mail.
  • If you want to file a complaint, look at the full headers of the message to find out where the mail originated. (Often the abbreviated headers show incorrect information.) You might need to verify the domain from which the mail originated by checking the "IP Address" shown for the point of origin. The OIT Help Desk can assist you to display and interpret the full headers which should help identify or verify the domain from which the mail originated. (Some groups offer help in complaining about spam. Use "Helpful Links" below for more information.) Most registered Internet domains provide e-mail addresses for domain authorities; complaints should be sent to such authorities. The text of the objectionable message, and the full headers of the message, also should be included with the complaint.
  • Don't be fooled. Spammers have many tricks. Here are two:
    • Using one person's Princeton NetID in the "To:" line as the intended recipient, when the mail is really going to many Princeton addresses. (Some people think they have received another's e-mail, and others think the person whose name appears is the one who sent the spam. Neither is true.)
    • Saying you are receiving the mail because you have visited a certain kind of website or because you have expressed interest in this kind of material. (It's a marketing ploy. You were probably selected randomly.)
  • Use filters if your mail program provides them. You can filter out some of the more obviously tagged mailings (e.g., anything with subject line saying "Adult Content" or "Advertisement"). The OIT Help Desk can assist you in setting up filters.

Chain letters

Chain letters are a particular type of spam where the recipient is encouraged to forward the e-mail to a number of other individuals by being told that he/she would receive something good (e.g., good luck, health, money) if he/she complied or something bad (e.g., illness, injury, death) if he/she didn't. The primary goal of such chain letters is to flood the system with thousands of pieces of e-mail. If the number is ten, the first individual would send ten e-mail messages, the recipients would send one hundred (ten each), their recipients would send one thousand, etc. To protect our network and systems, please do not forward such e-mail messages.

Chain letters are also used to promote ILLEGAL pyramid schemes where the recipient is told to send an amount of money to those above him/her on the pyramid and (in theory) would receive money from those below him/her on the pyramid. Electronic pyramid schemes are no different than their paper-based predecessors that occasionally passed through the postal service; their goal is to separate you from your money and they are illegal.