Introduction
To keep communication clear, professional, and secure, all employees and contractors who need to send or receive email on behalf of the company are issued a company email address. These standards ensure email is reliable, organized, and used safely across the organisation.
Email Groups & Distribution
Groups
Distribution groups (e.g., everyone@, office@, marketing@) include only company-issued email addresses. Personal or external accounts are not added.
everyone@
This is a generic group designed to automatically include all company email users. When someone joins, they are added automatically; when they leave, they are removed. It’s intended for broad company-wide communication.
If you need more targeted control over who receives certain messages, additional groups should be created (e.g., office@, marketing@, leadership@). This ensures the right people get the right information without relying on the generic everyone@ group.
Segmentation
Additional groups can be created for targeted communication, such as:
office@ – office-based staff
marketing@ – marketing team
leadership@ – management group
Account Use
Direct Use Only – Staff should use their company email directly; forwarding to personal accounts is not supported. This keeps replies consistent and professional.
MFA – All accounts are secured with multi-factor authentication to protect against compromise.
Delegation – Shared accounts (like sales@, marketing@) are delegated so multiple people can manage them safely without sharing passwords.
Offboarding & Data Retention
When an employee or contractor leaves:
Account Blocking – Leaver email accounts are disabled to protect security.
Leaver Email Access – Forwarding from blocked accounts continues to work, but Out-of-Office (OOO) and delegated access do not when an account is suspended. If an OOO is needed after someone leaves, the account must remain active for that period.
Data Retention - Before an account is permanently deleted, a backup archive is retained to allow restoration of specific emails if needed. Permanent deletion of an account must be authorised by the nominated primary Approver.
Review & Governance
Account retention, OOO needs, and backups should be reviewed every 3 months at the scheduled IT meeting to decide what needs to be kept long-term.
This ensures consistency, avoids surprises, and keeps email accounts tidy without compromising security.
Why This Matters
These standards exist to maintain structure, order, and security in company email. By using company accounts, managing groups effectively, applying MFA, and handling delegation and offboarding properly, we ensure that communication is reliable, organised, and protected. This approach keeps everyone aligned, prevents gaps or confusion, and safeguards both internal and client-facing correspondence.