skip to content

IT Help and Support

University Information Services

What is the policy?

The email address allocation and retention policy is one of a series of actions to increase our cyber security. It is a significant step in ensuring that use of our information systems is for authorised users only.

The policy sets out the criteria for the allocation of University email addresses ending, @<domain> and @<subdomain.domain> 

All current students, staff and associates of any part of the University, all individuals holding honorary and emeritus titles, and all current members of the Regent House are eligible to hold an email account.

Individuals who will be leaving and do not hold honorary or emeritus titles, and are not members of the Regent House, but who will continue actively to contribute to the University’s mission, may apply to retain their email account. Individuals who are leaving but do not meet the criteria to retain their email account may apply to have their emails automatically forwarded for a specific purpose or reason that supports the University’s mission.

UIS is participating in a pilot of the policy with several institutions during the academic year 2023–24 to test the processes for applying the policy on staff members' departure from the University, prior to the policy roll-out across the University.

Why a new policy is needed

The University’s practices around the allocation of email addresses have grown organically over many years, and there is currently no formal policy governing exactly who is eligible for them.

Setting some parameters for access to University email addresses is important because it will contribute to the University’s ability to maintain its outstanding reputation, manage institutional risks (particularly around cyber security), protect personal and professional data, and provide necessary assurance to external partners.

Maintaining our reputation

Cambridge email addresses are a very public part of the University’s identity, and the work of the people who use them is integral to the reputation of our community. It follows therefore that email addresses should be given to those whose work or study contributes to the University’s mission. The policy will help us ensure that individuals who are given email addresses have a legitimate use for them, and that they and the University are not undermined by occasional, but nonetheless harmful, misuse. Thanks to a University-wide consultation, we now know much more about the various types of people who should be eligible on this basis, and the policy will seek to include them.

Managing institutional risks

Cyber security is an increasing concern for the University, as it is for all organisations. Cyber attacks have the potential to cause severe and costly disruption to the University’s core activities, and to damage its reputation. Knowing who does, and who can have, a University of Cambridge email address plays an important part in managing secure access to our systems. The introduction of this policy will decrease our exposure to nefarious and criminal activity including hacking, identity and data theft, systems infiltration and even blackmail.

Data protection compliance

Good data protection within organisations is a legal as well as moral imperative: the University cares about all those who work within it and study here, and wishes to protect their personal and professional data. The policy will help by creating a secure framework for the provision of email addresses and attached mailboxes, which contain individuals’ data, of which the University is (legally) the data controller. It will also help by requiring those using such accounts to abide by University data protection policies regardless of their status.

Providing assurance to external partners

The University is increasingly required by external partners such as research funders to demonstrate that it has adequate policies and technical controls to protect systems and data. This policy, and others in development, will improve our ability to do so.


Contact us

All updates on the policy will be posted on these webpages, and significant updates will be published in the Reporter.

If you have any questions about the policy, the consultation, its development, or how it may affect you, please email