Email and Calendaring

Your HMS e-mail account and calendar will help you to stay organized and keep in touch with fellow students and colleagues.

Email accounts are automatically created for all qualifying faculty, staff, and incoming students when they join Harvard Medical or Dental School.

• HMS email is not HIPAA compliant. If you need to send sensitive information please use our encrypted file transfer service.
• You can also request an email alias for your existing HMS email account.

Email Configuration

Harvard University uses Office 365 for email, calendaring, group communications, and instant messaging. Harvard Medical and Dental Schools use customized logins. Information on setting up your email account can be found on this page.

You can access Microsoft Outlook using a web browser. Log in with your primary email address and password.

HMS Information Technology strongly recommends that you use the latest version of the desktop software for Microsoft Office:

• MacOS - Office 2016 or Apple Mail 8.2
• Windows - Office 2016

Mobile Device Setup Instructions

• Android
• iPhone

Desktop Application Setup Instructions

• Apple Mail
• Macintosh Outlook
• Macintosh Thunderbird
• Windows Outlook
• Windows Thunderbird

Email Forwarding

Follow the instructions located on the University's Email and Calendar support page to forward your email account.

Harvard Alumni Affairs and Development offers an email forwarding service to all Harvard University alumni. A Post.Harvard email address is an address in the format name@post.harvard.edu, which can be set to forward to a designated email address. Alumni can create a Post.Harvard address by registering for Alumni.Harvard, then activating email forwarding. To learn more please visit Harvard's alumni page.

Important Note about Email Forwarding

To comply with federal and state regulatory requirements, HSDM and the Wyss Institute email policies prohibit users from automatically forwarding their Harvard email to another mailbox. The email forwarding feature has been disabled within O365 to help HSDM and Wyss faculty and staff adhere to this policy.

Email Forwarding: Risks and Recommendations

While there is no security policy that prohibits the automatic forwarding of email to an outside account, there are a number of risks inherent in doing so. Some of the risks are:

• Lack of strict password enforcement. Gmail and other services do not share the standard HMS password complexity standard, nor do these systems force a periodic password change.
• No backup/restore options.
• Permanent deletion. As we've seen with some social networking sites, messages that are deleted may never be truly gone from the host systems.
• Lack of liability from service providers. Generally, vendors such as Google waive liability when you sign up for an account. Any data leaks would be the responsibility of the user.
• Email is not encrypted. Local email is contained within the same server, or group of servers and may be encrypted when viewed in a mail client. However, all email leaving the schools is sent in an unencrypted form and is subject to snooping, thereby increasing the potential of data leakage.
• Gmail is open for Google to examine by default. Google looks at every email so that they can parse the messages in order to show you advertisement. There is no expectation of privacy.

If you are forwarding HMS email messages, please make sure you understand these risks. You are responsible for ensuring the security of Harvard confidential information and any high-risk confidential information that may be transmitted, to or from, any outside email account.

Recommended Practices

The following practices are recommended if using Gmail to access your HMS account:

• Sign up for a Google Authenticator. Use of Google's two-factor authentication is a good way to ensure that the account is not accessed by unauthorized persons.
• Create an email signature stating that your email account is forwarded to Gmail and is not appropriate for confidential communication.
• Your password should be a minimum of 8 characters in length containing at least one capital letter, one number, and one special character.
• Your password should be changed at least once per year, in keeping with the same standards as HMS passwords.
• Never access Gmail from a public or shared computer.
• Stop automatic forwarding at the first sign of a compromised account.

Shown above are general risks and recommendations specific to email forwarding. As with any email account, diligence is required by the user to not open suspicious email attachments, to follow links or to share their account information with anyone for any reason.

Spam Filtering

Most "spam" messages are commercial advertising - for dubious products, get-rich-quick schemes, or quasi-legal services.

• Harvard University provides Proofpoint, which protects your email from spam, phishing scams, and malware.
• Proofpoint quarantines messages, which can be reviewed on the server or sent to you in a daily digest. Read more about managing your Proofpoint End User Digest.
• If you do receive an unwanted message, you can forward it to phishing@harvard.edu so that the message can be contained.