Virginia Tech’s Mail System
Virginia Tech has had a rather complex mail setup since the Going Google transition. Inbound mail is first handled by inbound.smtp.vt.edu, a collection of mail routers which do not support any form of encryption. Upon receipt of a message, the mail router performs spam filtering in order to prevent Google from rate-limiting vt.edu mail. The mail router then routes the message to the next hop, depending on the user.
At least three different mail systems exist for various users:
By default, users (and all alumni) have mail handled by Google Apps (g.mail.vt.edu).
Microsoft Exchange users (including most faculty) have mail routed to a separate server
Yet another mail system was created during the transition for restricted (ITAR) research, as the Google contract does not guarantee mail will be stored exclusively in the US.
Previously, a forwarding capability was enabled in my.vt.edu that enabled a user to route their email to an arbitrary server. This capability has since been removed, allegedly due to a contractual agreement with Google.
Google has a decent track record for user security, with the major exception of the PRISM program. Virginia Tech does enforce that each user’s Google Apps password be different from their PID password, which provides some additional security.
The current mail setup still faces the following issues:
No STARTTLS (or other encryption) is available for the MX record associated with vt.edu. Users can supposedly use auth.smtp.vt.edu instead. Even emails that could stay with Google appear to transit back-and-forth from Google to Virginia Tech and back, with the first path unencrypted.
VT’s internal mail network is not encrypted, instead relying on an isolated network
Spam filtering done at the mail router level is entirely arbitrary, blocking entire services such as Mailchimp often used for legitimate mail. Unlike Gmail, these messages are blocked outright rather than moved to a separate spam folder for users to manually review.
VT Currently has mail reputation problems, resulting in email bouncebacks from multiple ISPs and mail providers, however their solution is to “use an alternate means of communication, such as a phone call or use of a non-Virginia Tech email address”.
Best Practice Recommendations
Do not rely upon vt.edu email. If you need to send a message to someone with a Google Apps account, it’s possible to use a g.mail.vt.edu domain to bypass Virginia Tech’s mail routers entirely.