Accounts

Officers of U.S. Grand Lodge, and other O.T.O. members doing work for U.S.G.L. on various projects and committees, are given accounts on a Google Apps site.  These are ordinary Google accounts in most respects, but are associated with oto-usa.org rather than gmail.com.

Each individual has a primary account at oto-usa.org, which they use to log into the system when needed, and at which they can receive personal email if they wish. In addition, email aliases are assigned based on the roles a particular individual fills. For example, Craig Berry's primary account is craig.berry@oto-usa.org, with webmaster@oto-usa.org as an alias.

The default for primary account names is your first and last names separated by a dot, e.g. "craig.berry". Because you can send and receive email as any of your aliases, your primary name will usually not be prominently visible in email sent as an alias. However, it is there in the email headers, and some mail programs display it. For example, when I send email as webmaster@oto-usa.org, some recipients see "From: webmaster@oto-usa.org (on behalf of craig.berry@oto-usa.org". If you are concerned about your civil name being visible to this degree, you can use a different primary account name. Discuss this with the webmaster when you are having a new account set up for you.

Members of the Electoral College will also have an email alias assigned with the prefix "ec-", followed by first initial and last name. So if John Doe were on the Electoral College, he whould have a primary account with the name "john.doe@oto-usa.org" and the alias "ec-jdoe@oto-usa.org". Again, if you are uncomfortable with that degree of visibility, discuss this with the webmaster during account setup.

Once an account has been created for you, you can log in to this site and configure it as you desire. You are welcome to use the web interface here to manage your G.L. email, but many users prefer to configure email forwarding to their personal accounts. You can also configure your email client to send email marked as being from your G.L. account through the server on this site, which makes some email authentication systems behave better.

Notes on email

There are three ways to use your oto-usa.org account to send and receive email.
  1. Log in to the Google mail website; send and receive email from there.
  2. Set up a local email client (e.g., Outlook or Thunderbird) to send email through Google's servers via SMTP, and receive it via POP3 or IMAP.
  3. Configure your oto-usa.org account to forward email to a separate account, and configure that account to have the ability to send mail labeled as being from your oto-usa.org account.
If you use option 1 or 2, you need not read further. If you use option 3 (which seems to be most popular), read on.

To reduce the amount of spam and other forged email, many mail-processing systems use a technique called SPF (Sender Policy Framework). Every email message has (crudely speaking) two "origins" -- the one in the "From" line, visible to normal users, and the identity of the actual machine that sent the email. If the two are identical, the mail is probably okay and will be delivered. But if they are different, it's harder to tell -- this could be a malicious forgery, but it could also be the situation described in the third option above. For example, if your ISP is roadrunner.com, and you send email from your oto-usa.org through their system, recipients will see a "From" of xxx@oto-usa.org, but a true origin at roadrunner.com. This may trigger rejection of the email.

But in that case, how can oto-usa.org emails work on Google's servers? The answer is SPF. The oto-usa.org domain publishes an "SPF record" which states that Google's servers should be considered valid origins for emails with a "From" field indicating an oto-usa.org address. What this means is that oto-usa.org email which is sent through Google will avoid SPF-based rejection.

Again, if you use option 1 or 2, you're already fine; both of those techniques send email via Google's servers. For option 3, special care is needed. To a first approximation, this will only work reliably with Google email accounts. For example, if you forward email from bob.jones@oto-usa.org to bjones@gmail.com, and configure the latter account to be able to send mail with a "From" field of "bob.jones@oto-usa.org", everything will work fine. Both accounts are on Google's servers, so SPF will recognize your sent mail as having a legitimate origin.

However, if you do the same thing through (say) a Yahoo! webmail account, or (as mentioned above) your ISP's email system, there will be an SPF mismatch. Not everyone uses SPF, and not all SPF systems work the same. So a lot of your email will still get through. But some of it probably won't, and what recipients do or do not get your emails will likely change unpredictably over time.

So, the USGL recommendation is to use option 1 or 2; or, if using option 3, use a gmail.com account as the recipient account.
Comments