Email Hygiene
The Email Hygiene Project is part of Carnegie Mellon University's initiative to improve email security, reduce spam and phishing threats, and enhance the overall safety of digital communications across campus.
We are evaluating two email hygiene tools side-by-side to determine which solution best meets our campus needs. During the evaluation, the tools will operate in detection mode only. No emails will be blocked. The Information Security Office will evaluate which tool best detects malicious email that currently evades Google’s filters, along with other criteria such as performance, false-positive rates, and user experience.
You will not notice any changes in how your email is delivered and you should continue to report any suspicious email.
After the evaluation, the selected tool will move into active production, and the other tool will be removed and purged of any CMU data collected during the evaluation.
What to Expect
Once the chosen tool is active, you may notice some differences in email delivery. We will communicate these changes clearly to ensure a smooth transition.
Your Privacy Matters
We are committed to transparency and responsiveness throughout this process. To that end:
Until September 9, 2025, you may opt out of the evaluation phase if you prefer not to share email data with a vendor that may not be selected.
We will maintain open communication with key stakeholder groups and provide resources to support your questions and concerns.
Who Is Affected
This initiative includes all active email account holders, as changes in email handling will impact the entire campus community. Please note that once a tool is selected, opting out is not an option.
Frequently Asked Questions
What is the Email Hygiene Project?
The Email Hygiene Project is a university-wide effort to strengthen email security by implementing advanced filtering technologies.
Why is this project important?
Email remains one of the most common vectors for cyberattacks. By improving email hygiene, we reduce the risk of phishing, malware, and data breaches, helping protect personal and institutional information.
What changes should I expect?
Mail delivery will not change during the evaluation phase. The tools will operate in a passive mode. You should continue to report suspicious emails.
Should I continue to report suspicious email?
You will not notice any changes in how your email is delivered, and you should continue to report suspicious emails.
Who can I contact for more information about the project?
Direct any questions or concerns to the Computing Services Help Center at it-help@cmu.edu or 412-268-4357 (HELP).
Will legitimate emails be blocked or quarantined?
No changes will be made in mail delivery during the evaluation phase. While the tools are designed to minimize false positives, some legitimate messages may be flagged as malicious. The ISO will evaluate whether and how often this happens and what remedies are available in each tool.
How can I learn more about email safety and phishing awareness?
The Information Security Office offers training and resources on email safety. Visit the ISO website for guides, videos, and awareness materials.
Can I opt out of the evaluation process?
You may opt out of the evaluation phase if you have concerns about sharing email data with a vendor that may not be selected. You have until September 9, 2025; otherwise, your email will be included in the evaluation.
What if I deal with sensitive data in my email?
We strongly advise against storing restricted or sensitive information in your email account. During the pilot program, both vendors have undergone thorough due diligence and contractual agreements to ensure they are obligated to protect Carnegie Mellon’s data in accordance with our standards and applicable laws and regulations.