Main Page
Greek Flag  Greek version


WebMail Guidelines



WebMail provides to registered users a web interface from which they can have access to their mailboxes at the bioacademy.gr domain. It is much like a mail-client program installed on your PC (eq. Outlook express) but this one works over the web. This provides some kind of flexibility to users, especially in the case where they need to read their e-mails and do not have access to their PC where e-mail account settings are configured.

It is also the only way for someone to have access to his/her mailbox when he/she is located outside the network facilities of the Bioacademy institute. The only tool needed for someone to use this service is a web browser.



WebMail Features:


  • Works over the web. Only a web browser is required.

  • Provides secure access to the mailboxes

  • Supports all the basic as well as some of the more advanced features of a locally to a PC installed mail-client.

  • Allows the user to change and optimize his/her account settings close to his/her needs.



Before using this service users should pay attention to the following:

  • Only registered users that have a valid and working e-mail account at the bioacademy.gr domain can use the WebMail service.

    Someone has to login by providing his/her credentials (username, password) in order to access his/her mailbox.

  • Users should be very careful with their credentials and especially their password.

    Unattended or easily guessed passwords can allow anyone to have access to your e-mails. Even worse someone can pretend it is you and start sending offending or malicious emails to your contacts or to strangers (Read more about choosing a password).

  • Users should scan the e-mails they send and receive for viruses and other malicious content.

    Although that a centralized mail filtering program checks the emails some of them may find their way to bypass the check, so it is essential that users should also take their own precautions.

  • Do not leave all your e-mails on the server.

    Once you have read your emails either delete them or download them locally to your workstation especially when these emails have attached files. Try to keep only important messages to you webmail account.
    The storage capacity of the mail server is not unlimited and anyone using this service must take this under consideration in order for this service to work properly (Read More).

  • Try to use your bioacademy email account only for exchanging messages related to your work at the institute.
Do not use your bioacademy account to send and recieve messages that are irrelevant to your job here at bioacademy. If you need to do so please create for that purpose an email account on another generic web based email service like yahoo, gmail etc.


Secure Login Countermeasures

Webmail lets the subscribed users to have access to their email account from any computer as long as it is connected to the Internet. But the fact that the webmail login page can be accessed from any Internet user further security restrictions must be applied to minimize the probability of a malicious user compromising a legitimate email account.


Preventing password guessing

As the webmail login page is accessible from anywhere and everyone in the Internet, a malicious user might try to guess your password by doing several successive attempts until he finds the correct one. Of course most of the times this is implemented by automated tools which try thousands of possible passwords without the intervention of a person.

In order to protect users from password guessing attacks webmail allows only a limited number of subsequent failed logins to the webmail interface, after which the user is not allowed to login for a short time period.

In any case all registered users must be very careful when choosing their password and always keep in mind the following:

1. A strong password is at least 8 characters long and it contains a variety of :

    • numbers
    • lowercase and uppercase letters
    • special characters like "!", "#", "%", "@" etc.

2. Your password should not be the same not even similar to your username. For instance don't use as your password your username just by adding a few numbers at the end.

3. Don't use as your password words that someone could easily guess by just knowing some well known information about you, like the name of a close relative, or the name of your pet, or your birthdate.

4. Don't use as a password a word that can be found as it is, inside a vocabulary or slight variations of it, like adding a few digits at the end.  There are programs that automatically test these words one by one.


5. Your password should not be the same not even similar to passwords that you use in other Internet sites and services.

6. It is a good practice to change your password regularly and the new password that you choose should not be easily guessed by someone knowing your old password. You can change your password from the webmail interface after you login (Settings -> Password).


In general, users should be aware that none of the security mechanisms running in the mail system will be able to protect them unless they first ensure that their password has been chosen with care and is kept secret afterwards. The webmail login page is publicly available to anyone  and passwords not following the above rules could easily be cracked within minutes giving to a malicious user access to your private or sensitive information.


Our system includes a mechanism for validating the strength of new passwords and only the ones that meet certain criteria will be accepted.
In order for you to successfully change your password you should follow the rules outlined below.

Class
Set
Example
Class 1
Lowercase Letters
a - z
Class 2
Uppercase Letters
A - Z
Class 3
Digits
0 - 9
Class 4
Special Characters
! # @ $ % ^ & * ( ) < > . ? etc
- You cannot use a password that consists of characters of only 1 class.

- A password consisting of only 2 different character classes must be at least 12 characters long

- A password consisting of only 3 different character classes must be at least 8 characters long

- A password condisting of all the 4 character classes must be at least 6 characters long.



NOTE

The lengthier a password is and the more different character classes it uses, the more secure it is.
It is recommended to select a password consisting of all the 4 character classes and is at least 8 characters long.



For example:
     Mypassword      consists of one class
but
     myPassword      consists of two classes

simirarly
    mypassword2      consists of one class
but
    my2password      consists of two classes


Examples:

Password
Validation
letmegetinside
Invalid, only one character class.
l3tmeGetIn Valid, 3 different character classes in a 10 character long password.
Letmegetin2 Invalid, only one character class. uppercase letters at the beginning and digits at the end do not count.
LetmeGetIn Invalid, a password consisting of only two character classes must be at least 12 characters long.
l3tMe!n Valid, 7 characters long password consisting of all 4 character classes.




User email maintenance

Every email received by our mail server is stored in the server until a user requests it. For users that are only using the webmail interface for accessing their email account, messages are left on the server until the user deletes them. Users must know that the server handles a very large amount of email messages every day and consequently leaving all these messages to the server will end up in a resource starvation situation where there will be no more available space left on the server for new messages to be stored. This will also prevent the mail service to work efficiently and in extreme situations it may even become unavailable.


Spam mail removal

As mentioned above all emails are globally filtered by the antispam mechanisms running on the server. All spam emails are tagged with the prefix <<SPAM>> on their subject and then placed inside each user's Spam-Mail folder which is only accessible from WebMail. You should regularly check on the messages inside that folder in case a message was mistakenly tagged as spam. Afterwards you should delete all the spam emails, as they occupy a substantial amount of disk space on the server. For your convenience you may choose to emtpy all the contents in this folder at once by selecting the 'Empty' option available in the folder options menu at the bottom of the folders list. Additionally, a daily process on the server will automatically delete from each user's Spam-Mail folder all the spam emails that are more than 15 days old.


INBOX maintenance

The INBOX is the folder where all your incoming emails are stored (except filtered spam emails). There are users that their INBOX is very big which apart form the fact that it consumes space in the server's hard disk, it also makes the WebMail service difficult and sometimes impossible for these users to use. This mostly applies to users that access their account only by using the WebMail and leave their messages on the server.

The following procedure describes some good practices the users should follow :

1. Delete all the emails that you don't need.

2. Download and archive your emails locally on your computer by using the Download feature (see below).
After that you can load your emails to your email client (eq. Outlook) running on your computer and have them
available at any time without even needing to be online.

3. Delete your email from WebMail (after doing the previous step) and keep only those emails that you need
to have access to from several computers and locations on the Internet.

By regularly doing the above procedure you will end up having an up-to-date backup of your emails locally to your computer, your WebMail access to your account will be faster and you will help in maintaining a more efficient service.


Maintenance of other email folders

The intstructions given above about the maintenance of the INBOX also apply to the maintenance of any other folder belonging to the user's email account. These can be folders that are either created automatically by the email system, such as the Sent forlder or folders created manualy by the users.

Download/Backup Emails

In WebMail there is a feature that allows users to take backups by downloading their emails (including attachments) locally to their computer. Users from inside the WebMail interface can select one or more messages and then choose the Download option from the More ... menu entry at the top of the page. This will download to disk the selected messages in a a compressed (.zip) format. After that if the user decompresses the downloaded files it is possible to load the produced .eml files into the email-client program installed on the computer (eq. Outllook, Thunderbird etc.).



Informatics and New Technologies Department
Last Update 17/01/2019