Last updated: 
2 months 4 weeks ago
Blog Manager
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

Using role-based e-mail addresses

Friday, June 23, 2017 - 08:53

An interesting query arrived about when to advertise role-based, rather than individual, e-mail addresses. Do role-based ones feel too impersonal, for example, because senders don't know who they are dealing with?

I've been recommending the benefits of role-based e-mail addresses, such as service@jisc.ac.uk for a long time. From a legal point of view they avoid the question "can we get access to X's mailbox while she's away?", which may well raise tricky questions under interception and human rights laws. If messages are sent to a role-based address then, even if they are stored in an individual’s mailbox, it's easy to get a computer to extract those particular messages if someone else needs to deal with the request. It seems to me pretty clear that for those messages, this isn't interception as the mail is still going to the "intended recipient" (the people performing the role). And I'd expect that to be what the sender expects to happen, too.

[I've also heard reports that there's a psychological benefit: that team members are less upset by spam received via a role-based address than sent direct to an individual one]

So when might you advertise an individual address, such as my.name@example.ac.uk? Presumably when the arguments in favour of role-based ones don't apply. So that's for messages that shouldn't be accessed by anyone else, even when the addressee is on leave or has left the organisation. Here we're looking at situations where it's more important that the message be dealt with by a specific individual than that it be dealt with on a particular timescale, or at all. Indeed I'd argue that the original concern – that senders don't know who will they are dealing with – actually applies more strongly to this case. If you've advertised an individual's address, knowing that there are circumstances in which the message will actually be read by someone else, then it seems to me that the sender really could say that they have been misled.

Which leads me to a possible rule-of-thumb: what should happen to e-mails when the individual leaves? If the answer is "handled by another member of the team", then use a role-based address. If, however, the answer is "bounced, with a 'no such user' message" (or perhaps forwarded to the user's new location) then use an individual one.

Comments

On advertising role-based email addresses (e.g. in documentation) I'd agree with you entirely.

More interesting is how should you reply? 'From' a personal address (perhaps with Reply-To the role), or from the role address? And if you reply from the role address, do you say who you are?

Persoanlly I'd prefer From me, Reply-to role, but too many people and systems ignore Reply-to so I increcingly use From role. 

But I think you should indetify yourself: perhaps "From Jon Warbrick as Foo Support <foo-support@wherever>" and/or signature. I'm convinced that not doing so is really too impersonal in many cases.

Jon.

Hi Jon. Reassuring to know, I think, that our preferences are the same. "From: Andrew Cormack <postmaster@example.ac.uk>" seems to hit the right personal/social and technical spot.

Compare phone service desks where the norm seems to be "Hello, Fred speaking" but you only get offered a direct-dial number when it's essential that the same person keeps dealing with your query. Again, has to be balanced with the fact that your query will be handled slower when Fred is away. Same trade-off, I think?

BTW, ignoring reply-to seems to defeat the purposes of both the sender and the recipient :(

I am a big fan of role addresses and use them a lot, at the end of the day it gives the customer a better chance of getting someone to look at, or acknoledge their problem or enquiry. If the cohort of access is greater then there would be an expectation that one of the people with access would look at, and take ownership of, the enquiry itself. Does come down to local policy as well though for enforcement.

Flip side is that people will use it to hide behind, especially for difficult situations that you may not want to take ownership of.

I can completely agree with what Andrew's written with respect to telephone numbers, too! It makes life much easier for me as a Unified Comms manager if we can associate roles with their own telephone number rather than a user's own number. Providing access to a role-based voicemail box when a user is away from their post also becomes simpler. The only wrinkle is that you run out of DDIs much quicker than you do email addresses. This is becoming less of a problem now, though, as we move to towards using SIP URIs for dialling where a user can both call *and* email something like it.helpdesk@institution.ac.uk