About 92% of email traffic addressed to EPFL is illegitimate, and as such, our servers refuse more than one million incoming emails per day. To spare members of the EPFL community the inconvenience of a mailbox containing 92% spam, viruses, and other unwanted mail, EPFL has several tools, particularly:

  • A pre-filtering of received mails that refuse all messages unequivocally judged as illegitimate, i.e., more than 90%
  • An antispam filter for messages considered SPAM, which each employee can check. These quarantined messages can be released on a case-by-case basis by the user if the antispam is mistaken
  • When the IT services are alerted, they can instruct the messaging system to automatically delete messages that pose a high security risk or contravene EPFL regulations.

Under no circumstances does the IT service consult mailboxes to implement these filters and security measures.

To detect spam, EPFL relies on standard lists and rules, especially those commonly used in the industry: fraudulent senders, malicious attachments, presence of suspicious keywords, etc.

Mass mailing is regulated by the guideline on collective messaging (LEX 6.3.3) which specifies in substance that email is a means of communication for specific groups and is not a forum for debate. When a message addresses the entire EPFL community, a solution called “collective list” is proposed, and moderation is done to preserve the EPFL community.

No, IT services cannot access @epfl.ch mailboxes. Based on precise metadata (see FAQ-01), they can instruct the email system to delete an email even after receipt. In this case, it may happen that the user can see the message and then later not find it.

he only exception, in compliance with the data protection Law (LPD) and LEX 6.1.4: when there is a concrete suspicion of abuse, the Director of the Information Systems Department can request exceptional access to an electronic mailbox for analysis purposes. Unless the results of the analysis might be compromised, the competent HR manager informs the person in writing before proceeding with the analysis.

Yes, in two forms. EPFL servers refuse about one million emails each day, and IT services activate the automated deletion mechanism described in FAQ-01 several times a month, depending on the security situation. This behavior allows for the protection of both the community of students, employees, professors, apprentices, etc., and the institution’s IT security.

EPFL ensures respect for the privacy of employees, students, and everyone involved in campus life. In particular, when implementing and managing IT tools, EPFL must respect data protection legislation and internal regulations as well as current best practices.

EPFL has established a practice that applies to everyone: each individual can send an email to individual persons in compliance with the directive on collective messaging (LEX 6.3.3). When using a distribution list, a moderation system is in place and applies to all mailings, regardless of the sender.