Maine State Government

Dept. of Administrative & Financial Services

Office of Information Technology

 

POLICY TO MINIMIZE DELIVERY OF UNWANTED COMMERCIAL ELECTRONIC MESSAGES THROUGHOUT MAINE STATE GOVERNMENT

I. Statement

The Office of Information Technology will actively seek to identify and eliminate unwanted commercial electronic messages (SPAM). Users and Web Masters will avoid exposing e-mail addresses unnecessarily.

II. Purpose

The purpose of this policy is to minimize delivery of unwanted commercial messages by Maine State Government computer networks.  This is intended to reduce the burden of work on users of messaging systems, to lower adverse impacts on messaging system capacity, and to reduce vulnerabilities due to exposing users to message-based security threats.

III. Applicability

This policy applies to agencies within the Executive Branch of Maine State government, and it will impact all agencies that use the State of Maine’s email networks, instant messaging, websites and other electronic messaging mediums.

 

IV. Responsibilities

A. The Office of Information Technology (OIT) will use all practical methods and techniques to minimize the delivery of unwanted electronic messages through its networks.  These may include, but are not limited to, setting software filters to identify and return unwanted messages to their senders, utilizing anti-spam look-up services, and implementing other spam reduction tools as appropriate.

B. Agency Web Masters and Web Coordinators will use all practical methods and techniques to structure State of Maine websites to minimize access to employees’ email addresses.  Webmasters will also monitor content of their websites and publications to minimize exposure of contact information that can be used to deliver unwanted messages.  These may include, but are not limited to, mandating the placement of feedback contact forms in lieu of State employees’ e-mail addresses on websites.

C. State Employees will use caution when providing or posting their Maine.Gov email address to non-Maine State government websites.  State Employees must coordinate with their Web Master(s) and/or Web Coordinator(s) prior to posting their email address on a State of Maine web site. 

V. Guidelines & Procedures

A. OIT will adopt and implement best practices to minimize unwanted electronic messages within the goals of this policy.

B. Techniques and practices used to reduce unwanted electronic messages will be evaluated to weigh the costs of inadvertently blocking the delivery of legitimate messages versus the benefit of reducing the volume of unwanted messages.

C. State employees shall not reply to messages they suspect to be spam.  These messages should be deleted.  Similarly employees shall not click on unsubscribe links embedded in messages they suspect to be spam, as this action can verify their email address to the sender.

VI. Definitions

1.      Unwanted Commercial Electronic Messages - (Also known as “spam”) – Spamming is commonly defined as the sending of unsolicited bulk e-mail - that is, email that was not asked for (unsolicited) and received by multiple recipients (bulk). A further common definition of spam restricts it to unsolicited commercial e-mail, a definition that does not consider non-commercial solicitations such as political or religious pitches, even if unsolicited, as spam.

 

In the popular eye, the most common form of spam is that delivered in e-mail as a form of commercial advertising. However, over the short history of electronic media, people have spammed for many purposes other than the commercial, and in many media other than e-mail. Spammers have developed a variety of spamming techniques, which vary by media: e-mail spam, instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, and mobile phone messaging spam

 

2.      Message-Based Security Threats (Malware) - Malware is software designed to infiltrate or damage a computer system, without the owner's consent. The term is a portmanteau of "mal-" (or perhaps "malicious") and "software", and describes the intent of the creator, rather than any particular features. Malware is commonly taken to include computer viruses, worms, Trojan horses, spyware and adware, all of which may enter a system through electronic messages.

 

Phishing is another commonly used message-based security threat.  In computing, phishing is a form of criminal activity using social engineering techniques. It is characterized by attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication. Phishing is typically carried out using email or an instant message.

3.      Web Coordinators - Each agency is required to designate one or two individuals to serve as coordinators of the agency's website activities. They will be responsible for the web management plan, ensuring their agencies' websites are compliant with state web standards and policies, maintaining a current list in the webmaster directory, and will be the point of contact for the Office of Information Technology and InforME.[1]

4.      Web Masters - The Office of the CIO has created a webmaster directory and all state employees who work on websites are required to be listed in the directory.  Website coordinators are required to maintain the directory of webmasters from their agencies.[2]

VII. References

 

1.      Department of Administrative and Financial Services Information Services Security Policy 12/2002 in listing of IT policies, standards and procedures adopted prior to April 2006  http://inet.state.me.us/oit/policies/practices.html

2.      OIT Security Policy 2002 in listing of IT policies, standards and procedures adopted prior to April 2006   http://inet.state.me.us/oit/policies/practices.html

3.      State of Maine Accessibility Website Standards http://www.maine.gov/oit/accessibility/policy/acc_webstandards.htm

4.      State of Maine, E-Mail Usage and Management Policy http://www.maine.gov/oit/oitpolicies/emailusagemanage.htm

VIII. Document Information

1.  Document Reference Number:     3

 

2.  Category:     Internet, Network and Transport

 

3.  Adoption Date:     August 10, 2006  

 

4.  Effective Date:     August 10, 2006

 

5.  Review Date:       August 10, 2009

 

6.  Point of Contact:   Dan Walters, Office of Information Technology, Director of Enterprise Applications

 

7. Approved By:   Richard B. Thompson, Chief Information Officer

 

8.  Position Title(s) or Agency Responsible for Enforcement:   Kathy Record, Associate Chief Information Officer, Office of Information Technology

 

9.  Legal Citation:

 

10.  Waiver Process: