parcelPost is an infrastructure for making logged transfers of files (especially large files), via a combination of HTTPS and e-mail.

If you are inside the Arconic firewall, point your browser at: https://parcelpost.arconic.com. That URL will present you with the option of dropping off a parcel or picking one up. If you are sending a file to another person, you are dropping a parcel off. By selecting dropoff, a form will be presented that prompts you for descriptive information about the file(s) and their recipients. This form also allows you to upload the files to be transferred. If someone from outside Arconic needs to send a parcel see the question below: What is a porthole?. After the parcel is uploaded, a number of e-mail messages will be sent out:

1. The sender and all of the cc'ed individuals will receive a message that describes the parcel along with the date and time it was uploaded. This message is cryptographically signed, and contains MD5 digests of the uploaded files. This email contains a link that, when used, shows the current status of this parcelPost transaction.
2. The Arconic sender also receives a message that contains a unique URL that will allow them to retract the message. This message also contains a separate URL that allows the sender to reuse the uploaded parcel for another transmission without uploading again. This option is only available until the parcel has been cleared from the parcelPost server.
3. The recipients each receive an e-mail containing a claimcheck that allows them to pick up the parcel. The e-mail also describes the parcel, so that the recipient can decide whether they want to pick up the parcel, or whether they want to forward it to someone else, or delete it without downloading it. Note that recipients with a non-Arconic email address only get the option to pick up.
4. A recipient receives an email containing a coded web link. This link will take them to a parcelPost page for getting the parcel. This page presents a form that requests the recipients e-mail address, the parcel claim check (already filled in by the retrieval link), and an optional password (more on that in the section on security). Submitting this form presents with another page containing the choices pickup, forward or delete (only the pickup option will show for recipients outside Arconic). Pickup will start the download of a Zip archive file containing the files sent and a packing manifest for the files. Before starting a pickup, any download accelerator software on the recipient's computer should be disabled. Upon successful download, e-mails would be sent to the originator of the parcel and the recipient, documenting that the parcel was received, when it was received, and that the complete parcel was received.
5. If the recipient chose forward, they are prompted to input the e-mail addresses of the new recipients and an optional password. Upon forwarding the parcel, these new recipients would receive e-mail claim check links entitling them to pick up the parcel, and in addition, the originator of the parcel would receive an e-mail specifying that the parcel had been forwarded.
6. If the recipient chose delete, their claim to the parcel is deleted.
7. Note that people on the CC'd list for a parcel do not get the parcel. They only get the notifications of the transactions as they occur. They are copied on the emails to the sender.

E-mail attachments can have a maximum size - parcelPost attachments are limited to 2GB total size. ParcelPost provides a higher level of logging than is available from e-mail. Finally, uploading and downloading of parcels is done with HTTPS and so it is more secure than email.

Ftp lacks logging, and suitable ftp servers are not always available. In particular, most ftp servers within Arconic have anonymous ftp disabled, which means that users must have accounts on the ftp server. This is often inconvenient. Ftp transmissions are not encrypted. Finally, ftp can be very unreliable for large files.

An internet browser and an SMTP e-mail address for senders. In addition, a recipient needs the ability to unpack Zip archives. This can be done using WinZip or free alternative utilities. If running Windows7, Mac OS X, or Linux, they should already have the capability. If you are running Windows7, the download page also provides the option to download the parcel file as a self extracting executable file. This is an "exe" file you must run after downloading. It will ask you where to unpack the "download" folder from the parcel package.

In principle, it is possible to use parcelPost to communicate with anyone who has a browser and an e-mail address. If, in practice, this turns out not to be the case, submit a ServiceNow ticket via Chat, creating an IT Incident, or by calling the Help Desk.

Export controlled data is data that comes under the US laws and regulations that govern the distribution to foreign nationals and foreign countries of strategically important technology, services, and information.
ITAR (International Trade in Arms Regulations) covers military items or defense related material. EAR (Export Administration Regulations) covers dual us items. For example, there are restriction on the exportation of some very high performance computing equipment from the US to certain countries because it could be used for modeling of explosives or nuclear weapons (similarly, certain types of software that might be used for these purposes is restricted.)
Some Arconic Business Units do a lot of business that comes under these regulations. For more information on this requirement, you can try the Dept. of Commerce (EAR) or the Dept. of State (ITAR).

If your data comes under Export Control regulation, then you must supply a password manually in the provided field. You should communicate this password to your recipient(s) by some other means than email (e.g., by phone.)
If your data does not come under Export Control regulation then a password is optional but recommended. You may either supply a password or have one automatically generated for you. If you select an automatic password and do not specify one in the password field, parcelPost will generate a password. An automatic password is sent to your recipient(s) for you via an email message. You will not know the password in this case.

Files are treated as binary streams of data. There are no restrictions on the types of files that can be sent. #- How big of a file can I send? #ParcelPost has no limit but browsers will not upload a parcel submission >= 2GB in size.

The parcelPost server runs across an https connection, which makes it secure against someone sniffing the data in transit. parcelPost does have a spoofing exposure - someone can say that they are someone they are not when uploading a parcel. But the person that they are pretending to be will be getting mail describing the spoofer's actions, and the spoofed party will also have the opportunity of retracting the parcel and blowing the whistle on the spoofer.
Receiving a parcel is dependent on having a claim check that you receive in the mail. If a malicious agent can read the recipient's mail, by default they can download the recipient's parcel. If the sender is concerned with this exposure, they can attach a password to the parcel. This password must be made known to the recipient by some means of the sender's choosing (e.g. calling the recipient on the phone...). If the parcel is password protected, even a malicious agent that could read the recipient's mail could not download the parcel, without also intercepting the communication of the password.
All IP addresses and machine information are logged, so spoofing parcelPost is not a good idea.

All e-mail from parcelPost are cryptographically signed. To verify that these signatures are valid, you need either gpg or pgp installed, and you need parcelPost's public key. a({-href=>"http://www.gpg.org"},"(get gpg here)") parcelPost's public key follows:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (HP-UX)
Comment: For info see http://www.gnupg.org

mQGiBDwzV9YRBACbWCDFw5LktVtxdCpKMLtBQcZAKKY7SeJCrt3+NlKZZnmehzp6
vA4KGnUoyhJPmqCifsolj26w49Re/3f/RRlR3Uj2x2z4qQcs27fh30c6pXji6NIX
s5cdaMZsMNq4q0JQ4FGwKqBJ1/ZgptNz4mMLB7mXGm+sLtTqnVbRVZG7mwCg2PJ9
G/6blTJS16OzwBJCQUvr1s0D/R0/yDpbDwJF1BxpmmwVTDhfSyKaGEvkkr2gsJ+J
JPjLUegXeV88OgFHuEzuF7eYCdS34GbCEPoyGUgThjkf8rR7x46b/GVkOihVgd01
Gj7BeSW4c7Bc9xBp+MmDP1nTThoJkuEOAGanKEocRSGMFRNR/ZQp5BVXUI7T8qtP
q3oUA/9p2E63BIEJNwaSC/2T0gWHU8+VgwHYuiFJ7AExEQ8CEUUdbEeS1t+7nG3a
d/GCScmVt7sPqQKBiK92tD9MUgixTLCcF378l0qOdYnfJ9vEpWcawEmM657wXKty
gIFJEBH8ecFAWQsUAaX6KvMv54dI1kGyLVYNRItq5G9EkukThrRjQVRDIFRlY2hu
aWNhbCBDb21wdXRpbmcgR3JvdXAgKEMsIG1hdGhlbWF0aWNzLCBQZXJsLCBIVFRQ
IC0gd2UgZG8gaXQgYWxsKSA8REwtQVRDVGVjaFdlYkBhbGNvYS5jb20+iFcEExEC
ABcFAjwzV9YFCwcKAwQDFQMCAxYCAQIXgAAKCRDpbklHL/ZEJr2ZAKDLUOd+9l7N
KPmUIrmxr0h6iB3IYgCfYDBEiiUFTaGZBiFC0ttBCheMpOq5AQ0EPDNX5xAEAJzk
QJdFs+A//lX/jultKy3tfXqq5q43Em+xvVoe8/puBerv1ZoTUNuCOMm4lJya60Mm
+ogky+kz5XwG/wDEPjoWQBve+WiZz7L4LxKuGiQV6sLlddEQdvgSBH/wYssma+7E
ludBkI3baHviIzv9UAfPjADQYEqWfT1WBjYjaLhLAAMGA/oDYqACMvdUhWN7HrEX
E8zJB1vp/C3w3fFff5rajL00i47kvMJxeqHezPLslgYiuMURaUlaS+6hmPsMBPfd
uO31ZME3E5HScRkyHIPzox3yYoLkz3ZNCla+yZ9Jkp3zF1XYXCgmgfg34qhPIPVz
HFpshoaDdgHSWOzqzTFd4uuijohGBBgRAgAGBQI8M1fnAAoJEOluSUcv9kQmz68A
n3WRYUbh5vG9+jMxixw1ZI1F7ZjQAJ9SD2e5JIispvS8AkR7ljrpN8bdRA==
=7T1u
-----END PGP PUBLIC KEY BLOCK-----

Of course, checking the signatures is entirely optional, but signing the messages has an important function, even if you never check them. Since the messages contain MD5 signatures of the files uploaded, and since they are cryptographically signed they can be used to incontravertably prove the version of a file delivered.

Although the presumption is that there is no-one sniffing inside the firewall, many customer's data standards require that their data be encrypted even during internal transmission. If https causes problems, the site is also accessible via http as: http://parcelpost.atc.alcoa.com:1226. Why port 1226? December 26 is boxing day, when parcels are exchanged in the UK.

If you get an e-mail message saying that you uploaded a parcel that you did not upload, visit the URL on the repudiation certificate. Specify the reason for retraction as "Fraudulent message", and the search for the evil-doer will automatically begin.

Use the same repudiation certificate, but specify some other reason for retraction than "Fraudulent message".

All external communications must be initiated from inside the Arconic firewall. This is no problem when you want to send a parcel to an outside user. But what if you want to receive a parcel? You must first open a porthole to the external user, so that he can enter the firewall to drop off the parcel (which you can then pick up). The porthole option on the starting parcelPost page performs this function. Three hours after the external user has dropped off their parcel the porthole will close, so it is important that external correspondents immediately retry in the event of a network/server/software error, because shortly their porthole will close, and you will have to open them another one. A similar time out is associated with pickup porthole for external receivers of parcels.

Enter a ServiceNow ticket via Chat, creating an IT Incident, or by calling the Help Desk. Good luck, and happy computing from the scripts at parcelPost.