Forward Into the Cloud

With more students auto-forwarding e-mail to private accounts, even colleges that have not outsourced e-mail find it difficult to keep correspondence on their own servers.
September 30, 2009

While a number of colleges and universities devote resources to keep campus e-mail grounded on their own servers, they are finding it difficult to coax students out of the cloud.

Students are increasingly arriving at college already managing multiple e-mail addresses with “cloud”-based e-mail services -- such as Gmail and Hotmail -- which are hosted remotely by third-party companies. These students are often reluctant to use the e-mail client provided to them by their institution.

“We did a survey several years ago, and the overwhelming majority of incoming students said they had between three and four e-mail accounts,” said Beth Ann Bergsmark, director for academic information technology services at Georgetown University.

In order to keep things simple, many students set up their institutional accounts to automatically forward mail to one of their existing, cloud-based mailboxes. Students prefer not to check multiple mailboxes if they don’t have to, said Geoff Nathan, faculty liaison to computing and information technology at Wayne State University. When he asked his students recently why the majority of them auto-forwarded their e-mails to an outside account, they cited features often unavailable on campus accounts, such as texting, video chatting, and virtually unlimited storage space.

Greg Jackson, vice president of policy and analysis at Educause, said that institutions that still maintain on-site e-mail services report that about half of all students have their e-mails forwarded to independent addresses.

This has sparked a discussion campus IT circles and left a number of institutions to examine their e-mail policies: Should colleges allow students to have their campus e-mails auto-forwarded to an outside account?

Thousands of colleges worldwide have attempted to roll with the trend by outsourcing e-mail to cloud providers such as Google through its free Google Apps for Education. And while shedding the burden of running its own e-mail client can serve as a windfall for colleges looking to save cash wherever they can, campus officials often fret about putting private correspondence under the control of third-party providers.

To wit: Earlier this month, a software bug in Google Apps caused a number of e-mail messages to be sent to the wrong mailboxes at several colleges that use the service. Other routine problems -- such as last Thursday’s widespread Gmail outage -- highlight the helplessness of campus IT departments to ensure the reliability of their own e-mail systems. (Of course, colleges that have not outsourced their e-mail also run into such problems, and can't rely on Google's massive troubleshooting resources.)

Campuses that have stuck with internal e-mail systems, often to avoid a loss of control, are undermined by students who forward e-mails to outside accounts. Certain information that gets sent on an internal server, such as grades, might be protected by the Family Educational Rights and Privacy Act, which generally bars colleges from releasing educational information about students without permission, said Thomas Iverson, systems technology supervisor at Iowa’s Mercy College of Health Sciences (in the case of Mercy and other medical colleges, e-mails might also contain patient data protected under the Health Insurance Portability and Accountability Act). Mercy currently does not allow auto-forwarding, although Iverson said it is weighing a policy revision as it tries to grow its distance education programs.

If sensitive information sent from a university source were to be compromised after being auto-forwarded to a student's private account, the university would probably not be liable for violating FERPA, said Tracy Mitrano, an information science scholar and director of IT policy at Cornell University. Nor would Google, said Jeff Keltner, business development manager for Google Apps for Education. If a student chooses to have information forwarded to some other e-mail address, Keltner said, "then the protection of that data is bound exclusively by the user agreements on that individual e-mail account ... there is no relationship between Google and the university."

But with most legally protected information being exchanged via more secure channels, compromised e-mail data is not the most immediate concern for professors and administrators. The first priority is making sure messages get to their recipients. “If it’s an official communication, I want to make sure it gets to the correct address,” said Terence P. Ma, chief information officer at Touro University Nevada.

Auto-forwarding to cloud-based e-mail services can foil universities in this respect. If students are using a service that has not been specially tailored to accept e-mail blasts from specific addresses, official announcements sent by university administrators can get caught in spam filters. Furthermore, if a message fails to arrive at its destination, there is no guarantee that the third-party service will notify the sender of the failure. “There’s the age-old anecdote where students say they have not received an e-mail,” said Iverson. Auto-forwarding, he said, increases the potential “points of failure.”

Even institutions that have outsourced e-mail to cloud-based providers are finding that students still set up university accounts to forward to their own address. While some providers allow campus IT officials to shut off the auto-forwarding function on the university side, systems such as Gmail allow users to pull messages into their independent accounts from the other end, according to Bliss Bailey, executive director of information technology at Auburn University. “The fact is that students are able to reach into their email accounts using [Web protocols] IMAP or POP; they can essentially forward the e-mail on their own,” said Bailey. “The technology has outstripped our ability to police that policy.”

Some colleges, whether they have outsourced or not, have attempted to encourage students to use their “dot-edu” accounts by requiring them to send official, university-related correspondence from those addresses, and telling them that they, the students, are responsible for any e-mails they miss due to a problem with the forwarding process or their outside provider’s data. However, campus IT officials acknowledged that it is virtually impossible to make students adhere to forwarding policies. “It’s the whole lead-a-horse-to-water saying,” said Iverson.

Cloudy Forecast

By outsourcing to the same cloud-based services that students are using already, officials say, higher education institutions can at least make using the “dot-edu” system more appealing to students. “They come in expecting a [certain] consumer experience, because they’ve been there for so many years,” said Bergsmark, of Georgetown. Georgetown switched to Google Apps for Education’s Gmail interface two months ago, and Bergsmark said early feedback has been positive. “It put them back in that consumer position that they were used to,” she said.

With more and more colleges and universities opting for cloud-based providers, there is a general feeling that on-site e-mail systems -- along with many other services -- are on the way out. “Under the current system, particularly with the Google and Microsoft offerings being free of charge, this is an obvious place where you can cut expenses,” said Ma, of Touro. “I don’t see how universities can sustain [in-house e-mail systems], looking at overall cost and cost/benefit ratio.”

Some officials acknowledge that colleges that choose outsourcing now could find themselves in a bind if the more popular cloud-based brands ever decide to start charging for their services.

But others simply worry about ceding too much to outside companies -- particularly something as information-rich and mission-critical as e-mail. “Some universities have decided that they trust Google or Microsoft,” said Nathan of Wayne State, which still uses an on-site system. “Others have said ‘nope’ -- maybe they trust them, but not with their lives, not with their data.”


Back to Top