Officers of U.S. Grand Lodge, and other O.T.O. members doing work for U.S.G.L. on various projects and committees, are given accounts on a Google Apps site. These are ordinary Google accounts in most respects, but are associated with oto-usa.org rather than gmail.com.
Each individual has a primary account at oto-usa.org, which they use to log into the system when needed, and at which they can receive personal email if they wish. In addition, email aliases are assigned based on the roles a particular individual fills. For example, Catherine Berry's primary account is firstname.lastname@example.org, with email@example.com as an alias.
The default for primary account names is your first and last names separated by a dot, e.g. "catherine.berry". Because you can send and receive email as any of your aliases, your primary name will usually not be prominently visible in email sent as an alias. However, it is there in the email headers, and some mail programs display it. For example, when I send email as firstname.lastname@example.org, some recipients see "From: email@example.com (on behalf of firstname.lastname@example.org". If you are concerned about your civil name being visible to this extent, you can use a different primary account name. Discuss this with the webmaster before formally requesting a new account (see below).
Members of the Electoral College will also have an email alias assigned with the prefix "ec-", followed by first initial and last name. So if John Doe were on the Electoral College, he would have a primary account with the name "email@example.com" and the alias "firstname.lastname@example.org". Again, if you are uncomfortable with that degree of visibility, discuss this with the webmaster during account setup.
Once an account has been created for you, you can log in to this site and configure it as you desire. You are welcome to use the web interface here to manage your G.L. email, but many users prefer to configure email forwarding to their personal accounts. You can also configure your email client to send email marked as being from your G.L. account through the server on this site, which makes some email authentication systems behave better.
Usage and ownership
All U.S.G.L. accounts are provided solely for use in conducting the official business of U.S.G.L. Resources created using such an account are owned by U.S.G.L. Any U.S.G.L. account may be suspended, deleted, or modified as required by the policies of U.S.G.L., without prior notification.
Requests for U.S.G.L. accounts may come from the person needing the account, or from a U.S.G.L. officer with authority to request an account for some specific purpose. For example, the President of the Electoral College may request accounts for newly seated Electors, the Grand Treasurer General may request accounts for their assistants, and so forth.
Before submitting a request for an account, the prospective new account holder should read (or be directed to read) the information in the previous section, with particular attention to the matters of account names and aliases.
In requesting an account, the key concern is that the U.S.G.L. information technology management team must understand the purpose of the request, and confirm that it is legitimate. The simplest way to do this is for the requestor to send an email to email@example.com, copying the person receiving the new account or the existing officer authorizing the new account as appropriate. The email should contain:
- The name of the person who needs an account.
- Their personal email address.
- If prior discussion with the webmaster resulted in approval of an account name not following the "firstname.lastname" convention, the account name to be used.
- The purpose of the account (i.e., in what U.S.G.L. role does this person serve?)
- Any role-related email aliases that should be created for the account.
When a new account is created, an automatic email providing instructions on how to access that account (including a temporary password) is sent to the provided personal email address. The temporary password expires after a short interval, so those receiving new accounts are asked to sign in and change their password as soon as possible.
Notes on email
There are three ways to use your oto-usa.org account to send and receive email.
- Log in to the Google mail website; send and receive email from there.
- Set up a local email client (e.g., Outlook or Thunderbird) to send email through Google's servers via SMTP, and receive it via POP3 or IMAP.
- Configure your oto-usa.org account to forward email to a separate account, and configure that account to have the ability to send mail labeled as being from your oto-usa.org account.
If you use option 1 or 2, you need not read further. If you use option 3 (which seems to be most popular), read on.
To reduce the amount of spam and other forged email, many mail-processing systems use a technique called SPF (Sender Policy Framework). Every email message has (crudely speaking) two "origins" -- the one in the "From" line, visible to normal users, and the identity of the actual machine that sent the email. If the two are identical, the mail is probably okay and will be delivered. But if they are different, it's harder to tell -- this could be a malicious forgery, but it could also be the situation described in the third option above. For example, if your ISP is roadrunner.com, and you send email from your oto-usa.org through their system, recipients will see a "From" of firstname.lastname@example.org, but a true origin at roadrunner.com. This may trigger rejection of the email.
But in that case, how can oto-usa.org emails work on Google's servers? The answer is SPF. The oto-usa.org domain publishes an "SPF record" which states that Google's servers should be considered valid origins for emails with a "From" field indicating an oto-usa.org address. What this means is that oto-usa.org email which is sent through Google will avoid SPF-based rejection.
Again, if you use option 1 or 2, you're already fine; both of those techniques send email via Google's servers. For option 3, special care is needed. To a first approximation, this will only work reliably with Google email accounts. For example, if you forward email from email@example.com to firstname.lastname@example.org, and configure the latter account to be able to send mail with a "From" field of "email@example.com", everything will work fine. Both accounts are on Google's servers, so SPF will recognize your sent mail as having a legitimate origin.
However, if you do the same thing through (say) a Yahoo! webmail account, or (as mentioned above) your ISP's email system, there will be an SPF mismatch. Not everyone uses SPF, and not all SPF systems work the same. So a lot of your email will still get through. But some of it probably won't, and what recipients do or do not get your emails will likely change unpredictably over time.
So, the USGL recommendation is to use option 1 or 2; or, if using option 3, use a gmail.com account as the personal account.
Setting up forwarding and send-as with your personal gmail.com account
Let's say your personal account is firstname.lastname@example.org, and your USGL account is email@example.com. Take these steps to enable working with emails to and from firstname.lastname@example.org when logged into the GMail website as email@example.com. All of these steps should be done on a desktop or laptop computer using a web browser.
- Log into the GMail website as firstname.lastname@example.org. Navigate to "[gear icon] -> See all settings -> Forwarding and POP/IMAP". Set up forwarding to email@example.com. It is recommended to also select archiving of forwarded messages.
- While still logged in as firstname.lastname@example.org, set up two-factor authentication (2FA) for that account by following these instructions.
- While still logged in as email@example.com, obtain a one-time-use "app password" by following these instructions. Select the app "Mail" and the appropriate device, click the "Generate" button, and copy the resulting app password to your clipboard.
- In Gmail, switch accounts to firstname.lastname@example.org. Using the app password you created in step 3 rather than your normal password, follow these instructions to set up sending as email@example.com. Set the SMTP Server to smtp.gmail.com; accept all other default configuration settings.
It is highly recommended that you test your ability to receive forwarded emails from and to send as your oto-usa.org account before relying on it for actual O.T.O. business. Any third party -- a friend, a family member, or whoever -- will do for such testing. Just log into GMail as your personal account, start composing an email, and click on the "From" line to select your oto-usa.org acount as the sender. Send this test email to a third party and ask them to reply. The reply should go to your oto-usa.org account and then get forwarded to your personal account.