Learn how BC fights spam, how to prevent email viruses, and how to report electronic abuse.

Google 2-Step Verification

You must be enrolled in Google 2-Step Verification in order to access BC Google services (Mail, Drive, Calendar). Failure to enroll will result in loss of access to your BC Google account (Mail, Drive, etc.). To unlock your account you will need to contact the BC Help Center.

Google 2-Step Verification (also known as two-factor authentication) adds an extra layer of security to your account in case your password is stolen.

  1. Download the Gmail app on your mobile device (optional but highly recommended): Android | iPhone/iPad. Even if you prefer to use a different email app on a daily basis, adding the Gmail app will help simplify 2-step verification. After downloading it, configure Gmail for your BC account.
  2. Enroll in 2-Step: Go to the Google 2-Step Enrollment page and follow the prompts. Set up the Google Prompt option (via the Gmail or the Google [Search] app on your device).
  3. Configure at least one other backup option.
    Tip: In case you don’t have access to your phone, it is a good idea to set up backup codes. Then print the codes & put them in your wallet.

Once you’ve enabled 2-Step, when you access your BC Google account (Gmail, Drive, Calendar, etc.) from a new device, it will require both your login information and a secondary verification.

 

Frequently Asked Questions

Print

 

Shared Google Account FAQ

Print

More Email Security

Phishing, Spam & Viruses

Print

Electronic Abuse

While Boston College strives to provide an open computing environment to foster collaboration and learning, there are policies defining appropriate use of the BC network and computing resources, such as email. Before reporting electronic abuse, make sure you are familiar with BC's computing policies and guidelines.

Examples of Electronic Abuse and Appropriate Action to Take

  • Your system/server has been or is being attacked: Report the abuse immediately and do not make any changes to the system until you hear from the ITS security team on campus. You may accidentally remove vital information that can be used as evidence.
  • You received offensive or threatening email or voicemail: Do not delete the offensive message as it can be used as evidence.
  • You suspect someone knows or is using your BC password: Report the compromise immediately with any substantiating evidence. Change your password immediately.
  • You are aware of software copyright violations at Boston College.


Report Electronic Abuse

Send an email to abuse@bc.edu describing the electronic abuse. You must show the full message headers of any email message that you are forwarding. Do not delete the email from your inbox until you have heard back from us.

Encrypted Email with Virtru

If you need to send confidential emails as part of your job, you may want to consider requesting Virtru. Virtru is an email security tool that allows you to:

  • encrypt emails
  • prevent a forwarded encrypted email from being read
  • set a read expiration date on encrypted messages 
  • and revoke the ability to read an email after it is sent
     

Getting Started with Virtru

If you think you may need this service, contact your Technology Consultant. Once approved, install Virtru for Gmail or Outlook.  

Print

Domain-based Message Authentication, Reporting, & Conformance (DMARC)

As part of an ongoing effort to combat phishing scams and increase email security, the Information Technology Services department is implementing the Domain-based Message Authentication, Reporting & Conformance (DMARC) protocol. BC ITS can use DMARC to protect messages sent from authorized BC senders and stop messages from unauthorized ones. By default, authorized BC senders include all students, faculty, and staff sending messages from actual BC Gmail accounts.

BC Implementation of DMARC

  • Starting June 1, 2022, ITS will begin to quarantine messages that are not sent from DMARC-compliant senders (See below for a list of DMARC Compliant Senders).
  • Within 6 weeks, all messages from non-compliant senders will be quarantined.
  • Quarantined messages can be found in your Gmail Spam folder (in the Gmail web interface or Gmail app).
  • In fall 2022, ITS will switch from quarantining non-compliant messages to rejecting them. This means messages sent from non-complaint senders will not reach any recipient, not even their spam folder.


DMARC Compliant Senders

If you are sending from any one of these you do not need to do anything:

  • BC Google account
  • Listserv.bc.edu
  • BC bulk mailer (Maestro)
  • BC servers/devices that send mail through relay.bc.edu or eblast.bc.edu (this includes most, if not all, apps/services in the data center)
  • Qualtrics
  • CVENT


Additionally, ITS has spent 2+ years trying to identify a variety of email marketing, survey, and other tools that were not DMARC compliant (and the BC staff members who were using them), and then worked to make them DMARC compliant.

How do I know if emails from my tool/application will be affected?

Send a test email from the application to your BC Gmail account. From the Gmail web interface choose ‘show original’ and you will be given a report on SPF, DKIM, and DMARC. As long as the message passes DMARC, you are all set.

show original
DMARC Pass Image

Get Help

If your message does NOT pass DMARC, please reach out to itsstaff.dmarc.support@bc.edu as soon as possible so we can engage with the tool/vendor to achieve compliance.

Phishing Simulation

Boston College implemented a Phishing Simulation program to increase awareness and education related to phishing emails, therefore decreasing the risk of exposure of University data. Phishing simulation is ongoing for all students and for select faculty and staff, by department request.

Why is BC Doing This?

Colleges and universities continue to report increased phishing incidents in which bad actors try to trick people into clicking on malicious links in an effort to steal passwords, access personal or University data, and in some cases encrypt data and demand money for the data to be unencrypted.

Sample Phishing Simulation Educational Web Page

If you mistakenly click on a phishing simulation email link or attachment, you will be taken to a web page that explains which characteristics of the email were clues of a typical scam.

Sample Phishing Simulation Email

Screenshot of Phishing Simulation Sample Email