Bioacademy Webmail

Bioacademy Webmail provides a web interface for registered bioacademy users to have access to their mailboxes at the bioacademy.gr domain. It is much like a mail-client program installed on your PC (eq. Outlook express) but this one works over the web. It provides some kind of flexibility to users in the case they need to read their e-mails and do not have access to their PC where an e-mail account is configured.

It is also the only way for someone located outside the network facilities of the Bioacademy institute, to have access to his/her mailbox. The only tool needed for someone to use this service is a web browser and an Internet connection.

Webmail in a glance

Works over the web. Only a web browser is required
Provides secure access to the users' mailboxes
Supports all the basic as well as some of the more advanced features of a desktop mail-client.
Only registered users that have a valid and working e-mail account at the bioacademy.gr domain can use the Webmail service.
Someone has to login by providing his/her credentials (username, password) in order to access his/her mailbox.
Users should be very careful with their credentials and especially their password.
Unattended or easily guessed passwords can allow anyone to have access to your e-mails. Even worse someone can pretend it is you and start sending offending or malicious emails to your contacts or to strangers (Read more about choosing a password).
Users should scan the e-mails they send and receive for viruses and other malicious content.
Although that a centralized mail filtering program checks all emails, some of them may find their way to bypass these checks, so it is essential that users should also take their own precautions.
Do not leave all your e-mails on the server.
Once you have read your emails either delete them or download them locally to your workstation especially when these emails have attached files. Try to keep only important messages to your Webmail account. The storage capacity of the mail server is not unlimited and anyone using this service must take this under consideration in order for this service to work properly (Read More).
Try to use your bioacademy email account only for exchanging messages related to your work at the institute.
Do not use your bioacademy account to send and recieve messages that are irrelevant to your job here at bioacademy. There are other free and publicly available generic web based email services (like yahoo, gmail etc.) you can use.

Secure Login

Webmail lets subscribed users have access to their email account from any computer as long as it is connected to the Internet. Due to the fact that the Webmail login page can be accessed from any Internet user, further security countermeasures must be applied to minimize the probability of a malicious user compromising a legitimate email account.

Preventing password guessing

As the Webmail login page is accessible from anywhere and everyone in the Internet, a malicious user might try to guess your password by doing several successive attempts until he finds the correct one. Of course most of the times this is implemented by automated tools which try thousands of possible passwords without the intervention of a person.

In order to protect users from password guessing attacks, Webmail allows only a limited number of subsequent failed logins to the Webmail interface, after which the user is not allowed to login for a short time period.

In any case all registered users must be very careful when choosing their password and always keep in mind the following:

A strong password is at least 8 characters long and it contains a variety of numbers, lowercase/uppercase letters, special characters (like "!", "#", "%", "@" etc).
Your password should not be the same not even similar to your username. For instance don't use as your password your username just by adding a few numbers at the end.
Don't use as your password words that someone could easily guess by just knowing some well known information about you, like the name of a close relative, or the name of your pet, or your birthdate.
Don't use as a password a word that can be found as it is, inside a vocabulary or slight variations of it, like adding a few digits at the end. There are programs that automatically test these words one by one.
Your password should not be the same not even similar to passwords that you use in other Internet sites and services.
It is a good practice to change your password regularly and the new password that you choose should not be easily guessed by someone knowing your old password. You can change your password from the webmail interface after you login (Settings -> Password).

NOTE: In general, users should be aware that none of the security mechanisms running in the mail system will be able to protect them unless they first ensure that their password has been chosen with care and is kept secret afterwards. The webmail login page is publicly available to anyone and passwords not following the above rules could easily be cracked within minutes giving a malicious user access to private or sensitive information.

Password strength validation

Our system includes a mechanism for validating the strength of new passwords and only the ones that meet certain criteria will be accepted.

In order for someone to change his/her password successfully the instructions outlined below should be followed.

There are 4 classes of character sets that a password may contain

Class	Set	Example
Class 1	Lowercase Letters	a - z
Class 2	Uppercase Letters	A - Z
Class 3	Digits	0 - 9
Class 4	Special Characters	! # @ $ % ^ & * ( ) < > . ? etc

Your password must be at least 6 characters long and may consist of all of the above classes. The less the different classes you use in your password the lengthier your password must be.

You cannot use a password that consists of characters of only 1 class.
A password consisting of only 2 different character classes must be at least 12 characters long
A password consisting of only 3 different character classes must be at least 8 characters long
A password condisting of all the 4 character classes must be at least 6 characters long.

NOTE: The lengthier a password is and the more different character classes it uses, the more secure it is.

It is recommended to select a password consisting of all the 4 character classes and is at least 8 characters long.

Using an uppercase letter as the first character in your password or a digit as the last one will not be considered as using a different class.

for example: Mypassword consists of one class, myPassword consists of two classes

similarly: mypassword2 consists of one class, my2password consists of two classes

Your password must not be similar to your username.

Examples:

Password	Validation
*letmegetinside*	Invalid, only one character class.
*l3tmeGetIn*	Valid, 3 different character classes in a 10 character long password.
*Letmegetin2*	Invalid, only one character class. uppercase letters at the beginning and digits at the end do not count.
*LetmeGetIn*	Invalid, a password consisting of only two character classes must be at least 12 characters long.
*l3tMe!n*	Valid, 7 characters long password consisting of all 4 character classes.

Mailbox maintenance

Every email received by our mail server is stored in the server until a user requests it. For users only using the Webmail interface for accessing their email account, messages are left on the server until the user deletes them. Users must be aware that the server handles a very large amount of email messages every day and leaving all these messages on the server will end up in a resource starvation situation where there will be no more available space left on the server for new messages to be stored. This will also prevent the mail service to work efficiently and in extreme situations it may even become unavailable.

Spam mail removal

As mentioned above all emails are globally filtered by the antispam mechanism running on our servers. All spam emails are placed inside each user's Spam-Mail folder which is only accessible from Webmail. You should regularly check on the messages inside that folder in case a message was mistakenly tagged as spam. Afterwards you should delete all the spam emails, as they occupy a substantial amount of disk space on the server. Keep in mind, that a daily process on the server will automatically delete from each user's Spam-Mail folder all the messages more than 15 days old.

INBOX maintenance

The INBOX is the folder where all your received emails are stored (except from the filtered spam emails). Having a very large INBOX consumes space in the server's hard disk and also makes the Webmail service difficult (and sometimes impossible) to use. This mostly applies to users that exclusively use Webmail and leave their messages on the server.

These are some good practices the users should follow :

Delete all the emails that you don't need.
Download and archive your emails locally on your computer by using the Download feature (see below). After that, you can import your emails to your email client (eq. Outlook) running on your computer and be able to access them without the need to be online.
Delete your emails from webmail (after doing the previous step) and keep only those that you need to have access to online, from several computers and locations on the Internet.

By regularly doing the steps described above you will end up having an up-to-date backup of your emails locally to your computer, Webmail access will be faster and you will help in maintaining a more efficient service.

NOTE: The above good practices for INBOX maintenance also apply to any other folder either created automatically by the email system, (such as Sent) or folders created manualy by the user.

The Trash folder where the deleted messages are stored, also gets automatically cleaned up, by deleting all emails older than 15 days.

Download/Backup Emails

In WebMail there is a feature that allows users to take backups by downloading their emails (including attachments) locally to their computer. Users from the Webmail interface can select one or more messages and then choose the Download option from the More ... menu entry at the top of the page. This will download to disk the selected messages in a compressed (.zip) format. After that if the user decompresses the downloaded files it is possible to load the produced .eml files into the email-client program installed on the computer (eq. Outllook, Thunderbird etc.).

Informatics Department
Last Update 23/03/2023