Page MenuHomePhabricator

Policy for e-mail addresses
Closed, ResolvedPublic8 Estimated Story Points


There are currently no policies or guidelines for the use of e-mail addresses (other than this). This should be addressed and the currently used e-mails surveyed.

There are personal addresses for staff, board, volunteers as well as functional e-mail addresses. These are never retired so there are still addresses for former staff/board/volunteers as well as functional addresses for retired projects. This is also true, although to a lesser extent for some of the other domain names managed by WMSE.

As a result of this:

  • we have so many active e-mail addresses that it is hard to get an overview of who has them
  • there is no overview (either internally or externally) of which functional addresses we have and which get used where
  • e-mails sent to addresses of former staff/board/volunteers likely go unanswered
  • there are no guidelines for how received mail should be handled (from a GDPR point of view), e.g. disallowing forwarding these to non-EU hosted webbmail services
  • there are no guidelines for how to deal with theoretical abuse (i.e. someone using an e-mail to make statements in the name of the organisation)

A non-public list of the addresses (functional and personal) can be found in this spreadsheet on Drive.

Event Timeline

My suggestion is:

  • Only board and employees have personal addresses
    • The policy for addresses disallows it's users from forwarding these to non-EU (or non GDPR compliant) services. [i.e. these addresses are covered by our Privacy policy]
    • When an employee/board member quits this address is either redirected to info@ or we set up an autoreply.
    • When an employee/board member quits they are offered a addresses in case they are still involved in the organisation.
  • Volunteers have personal addresses
    • No policy (other than against abuse) governs the addresses [i.e. these addresses are not covered by our Privacy policy]
  • All current (non-board/non-employee) holders of addresses get an e-mail sent to that address explaining the situation and asking if they still need/want/use it.
    • Positive reply: Assign the corresponding address
    • Negative reply: Delete/autoreply the address
    • Non-reply: Delete/autoreply the address

This leaves the question of function e-mails:
For clarity these should be governed by the same policy as other addresses. However many of them currently redirect to non-employee addresses (e.g. valberedning@ and faddrar@). Forcing these recipients to handle the e-mail according to the same rules as board members/employees may not be feasible. One solution is to explicitly list which addresses are and which aren't covered by our Privacy policy.
The function e-mails in use (other than plain redirects) should be listed and explained in a similar way to the existing list of domains on our wiki.

A draft text is being worked on. A couple of questions remain to iron out before sharing it with the board.

Jopparn triaged this task as High priority.Sep 6 2018, 2:25 PM
Jopparn added a project: User-Jopparn.
Jopparn set the point value for this task to 8.

The policy can be found here:ör_e-postadresser

The policy specifies that: "För har Wikimedia Sveriges personal, av tekniska orsaker, tillgång till innehållet. Därför rekommenderas i första hand e-postadresser som nyttjar andra domäner (såsom"

Hence, we can let people keep their emails if they prefer.

Before switching the other "Förtroendevalda" to Gsuite we need to confirm that our Chair has informed them about the new policy. I will email the chair this week.

Jopparn claimed this task.
Jopparn moved this task from Backlog to Done on the WMSE-Organisational-Development-2019 board.
Jopparn moved this task from Backlog to Done on the User-Jopparn board.