Learn how BC fights spam, how to prevent email viruses, and how to report electronic abuse.

Google 2-Step Verification

Important Security Step

ITS recommends you turn on Google 2-Step Verification (also known as two-factor authentication) to add an extra layer of security to your account in case your password is stolen.

  1. Download the Gmail app on your mobile device: Android | iPhone/iPad. Even if you prefer to use a different email app on a daily basis, adding the Gmail app will help simplify 2-step verification. After downloading it, configure Gmail for your BC account.
  2. Go to the Google 2-Step Enrollment page and follow the prompts. Set up the Google Prompt option (via the Gmail or the Google [Search] app on your device).
  3. Configure at least one other backup option.
    Tip: In case you don’t have access to your phone, it is a good idea to set up backup codes. Then print the codes & put them in your wallet.

Once you’ve enabled 2-Step, when you access your BC Google account (Gmail, Drive, Calendar, etc.) from a new device, it will require both your login information and a secondary verification.


Frequently Asked Questions


More Email Security

Phishing, Spam & Viruses


Electronic Abuse

While Boston College strives to provide an open computing environment to foster collaboration and learning, there are policies defining appropriate use of the BC network and computing resources, such as email. Before reporting electronic abuse, make sure you are familiar with BC's computing policies and guidelines.

Examples of Electronic Abuse and Appropriate Action to Take

  • Your system/server has been or is being attacked: Report the abuse immediately and do not make any changes to the system until you hear from the ITS security team on campus. You may accidentally remove vital information that can be used as evidence.
  • You received offensive or threatening email or voicemail: Do not delete the offensive message as it can be used as evidence.
  • You suspect someone knows or is using your BC password: Report the compromise immediately with any substantiating evidence. Change your password immediately.
  • You are aware of software copyright violations at Boston College.

Report Electronic Abuse

Send an email to abuse@bc.edu describing the electronic abuse. You must show the full message headers of any email message that you are forwarding. Do not delete the email from your inbox until you have heard back from us.

Encrypted Email with Virtru

If you need to send confidential emails as part of your job, you may want to consider requesting Virtru. Virtru is an email security tool that allows you to:

  • encrypt emails
  • prevent a forwarded encrypted email from being read
  • set a read expiration date on encrypted messages 
  • and revoke the ability to read an email after it is sent

Getting Started with Virtru

If you think you may need this service, contact your Technology Consultant. Once approved, install Virtru for Gmail or Outlook.  


Domain-based Message Authentication, Reporting, & Conformance (DMARC)

As part of an ongoing effort to combat phishing scams and increase email security, the Information Technology Services department is implementing the Domain-based Message Authentication, Reporting & Conformance (DMARC) protocol. BC ITS can use DMARC to protect messages sent from authorized BC senders and stop messages from unauthorized ones. By default, authorized BC senders include all students, faculty, and staff sending messages from actual BC Gmail accounts.

BC Implementation of DMARC

The tricky part is that enabling DMARC in our current technological environment would actually prevent many legitimate messages from reaching recipients, in addition to stopping unauthorized ones. This is because many departments at BC use non-BC tools which can send emails that appear to be from “@bc.edu” email accounts but are not sent from an actual BC Gmail account. These tools include email marketing tools and other third-party applications, such as:

  • Email marketing tools: Mail Chimp, Constant Contact, Salesforce, etc.
  • Third-party applications: Qualtrics, ZenDesk, AutoDesk, and Cashnet

These tools must all be made DMARC compliant by working with the vendors to ensure your accounts are set up in a way that meets the DMARC requirements.

What Do You Need to Do? 

If you use an email marketing tool or a third-party application to send emails that appear to be from bc.edu email accounts, please let us know by filling out the DMARC Google form below. We will use this information to determine if any action is needed to ensure your emails reach their intended audiences after DMARC is turned on. 

For security reasons, we may need to enable DMARC in the next 6-18 months, so verifying your tools are compliant beforehand will ensure they continue to work once DMARC is enabled.