FAQ
This page is designed to help answer questions you may have of our office. If your question is not answered here, please send it in an e-mail message to security@psu.edu or call 814-863-9533, Monday through Friday, 8 a.m. to 5 p.m. Eastern time.
"In order to protect the security and integrity of Computer and Network Resources against unauthorized or improper use, and to protect authorized users from the effects of such abuse or negligence, the University reserves the rights, at its sole discretion, to limit, restrict, or terminate any account or use of Computer and Network Resources, and to inspect, copy, remove or otherwise alter any data, file, or system resources which may undermine authorized use." - AD20
General
E-Mail and Spam
- What can I do if Penn State is blocking my e-mail?
- Can I have a family member or a friend log on with my Penn State Access Account and check my e-mail?
- What do I do when I receive spam and what can the SOS Office do about it?
- What are full Internet headers for e-mail messages and how do I get to them?
Passwords
Copyright Issues
Incident Reporting
Technical
Q. What is the best way for me to get an e-mail message out to large groups of people at Penn State?
A. ITS operates a LISTSERV server, running software from L-Soft, which provides mailing list support for the University. There are many mailing lists already established and available for you to join. Visit http://lists.psu.edu for more information.
Q. Can I use my roommate's Ethernet connection (in Penn State Housing) if my connection is disabled?
A. No. The Ethernet ports in Penn State Housing are intended for use by an assigned individual. If you find that your Ethernet connection is disabled, please contact ResCom.
Q. Can I use my Penn State e-mail address and/or personal Web space to advertise my business?
A. No. Penn State resources and services are intended for University-related use. Do not use these resources for purposes such as selling a product, a profit-making business or sales position, or in conjunction with mass mailings. For purposes unrelated to Penn State, utilize a commercial service. Many companies, known as Internet service providers (ISPs), offer services for such purposes. Also see the following policies:
- AD08 - Procedures for the purchase of display advertising
- AD20 - Computer and Network Security
- AD27 - Commercial Sales Activities at University Locations
- AD52 - Links To or From Penn State Web Pages
Q. What can I do if Penn State is blocking my e-mail messages sent from an outside address and going to Penn State addresses?
A. Sometimes it appears as though Penn State is blocking your e-mail when actually, your IP address or that of your mail server may appear on a "dynamic user list" (DUL), a list that the University subscribes to, but does not maintain. To determine if Penn State networks are blocking your e-mail, please submit the following information, along with the entire bounced message, to security@psu.edu:
Final-Recipient: RFC822; <xxx@psu.edu>
Action: failed
Status: 5.1.1
Remote-MTA: dns; xxx.psu.edu (146.186.xxx.xxx)
Diagnostic-Code: smtp; 550 5.7.1 Rejected: 68.230.xxx.xx see http://aset.its.psu.edu/spamfilter.html for information
Q. Can I have a family member or a friend log on with my Penn State Access Account and check my e-mail?
A. No. Penn State Access Accounts are intended for use by a single individual.
Q. What do I do when I receive spam and what can SOS do about it?
A. FOR SPAM SENT FROM WITHIN THE PENN STATE DOMAIN:
Frequently, spam originating from within the University is the result of a compromised machine being used as a spam relay by an outside entity. When this happens, SOS will identify the compromised machine, contact the owner/administrator, and direct appropriate action to stop the problem and prevent a recurrence.
When a user intentionally utilizes Penn State computing resources for spamming, policy AD-20 is enforced. Once the sender is correctly identified, one of two actions is taken: The user is given a warning, asking them to refrain from sending spam in the future. The second possibility is a referral for disciplinary action. Students are referred to the Office of Student Conduct; faculty and staff members are referred to the Office of Human Resources. Anything from a warning to revocation of the user's computing privileges may result from using Penn State computing resources to send spam.
FOR SPAM SENT FROM OUTSIDE THE PENN STATE DOMAIN:
Unfortunately, there is very little that the SOS team can do to prevent these messages from being sent to you when they originate from outside Penn State. Please consult the ITS Knowledge Base for tips on how to use filters to reduce spam in your Inbox.
Q. What are full Internet headers for e-mail messages and how do I get to them?
A. Headers provide a detailed log of a message's history and make it possible to draw some conclusion about the origin of a piece of e-mail, even when other parts of the headers have been forged. "To" and "From" lines in messages are not sufficient evidence to correctly identify the source. Both lines can be easily forged by anyone. The "Received" lines found in the headers reveal valuable information regarding the true origin of the message. Although forgery of some Received lines is possible, it would be extremely difficult to forge all the Received lines; it is simply a matter of distinguishing the facts from the forgeries.
Please follow this link for instructions on how to display full e-mail headers.
Q. What can I do if I suspect that my password has been stolen or compromised?
A. Immediately change your password on any account where you used that password. This would include your Penn State Access Account, your local computer user accounts, and any other resources (online banking, Facebook, non-Penn State e-mail) where you may have used the password. Retire that password from use ever again. For recommendations on how to create a strong password view the SOS suggestions. Please keep notes and report any unusual behavior that our office can use as evidence in investigating the incident.
Q. I received an e-mail message appearing to be from Penn State ITS asking for my username and password. What should I do?
A. Do not reply and delete the email. No one should ever ask you for your password for any legitimate reason. Even if you believe that there is a problem with your account, the appropriate ITS representatives can assist you without needing your password. You should never share your password with anyone.
Please follow this link for more information on phishing scams.
Q. Can I upload copyrighted material (such as songs or videos) that I purchased to my personal web space?
A. No, the distribution (to include making available online) of such files is in direct violation of state and federal laws and University policy. For further information, please see this site, created by the staff in Teaching and Learning with Technology, with information on common copyright issues affecting students.
Q. How do I report an incident to the Security Operations and Services (SOS) Office?
A. Please see our "Reporting an Incident" page for detailed information.
Q. What can I do if I feel harassed or threatened and wish to press charges?
A. If at any time, you feel threatened or harassed by any form of computer communication and wish to press charges, please contact your local police immediately by calling 911. Retain as much of the evidence as possible (i.e. e-mail headers, date and time logs, IP addresses from IRC communication), as it may help the police locate the person harassing you. We aid the police in many investigations, however, this type of situation falls under police jurisdiction and any actions must be coordinated by them.
Q. Am I allowed to experiment with security-related software tools using Penn State resources?
A. Unless you have the express written consent of the Director of ITS Security Operations and Services, you are prohibited from conducting or attempting to conduct security experiments, security scans, or the use of security-related software tools. (see AD20 - Computer and Network Security > Policy > section II. Responsibilities Related to Access to and Use of Computer and Network Resources > System Users > f.). If done either purposefully or accidentally, the violation of any University Policies will result in a referral to the Office of Student Conduct or the Office of Human Resources.
