Guidelines for Bulk Email Distribution
This document contains the following sections:
The purpose of this Guideline is to instruct users on appropriate use of Bulk Email and to provide recommendations on how to properly send Bulk Email messages in order to reduce recipient complaints and confusion, reinforce security best practice and effectively and efficiently utilize campus resources.
This Guideline applies to all University personnel who send, or arrange for a third-party to send, bulk email to University students, faculty or staff.
Bulk Email is defined as an email sent to a group of recipients with or without their expressed willingness to be a recipient. Bulk Email is often thought of as email sent to a large number of recipients; however, these Guidelines should be evaluated for appropriateness even in situations that involve a small number of recipients. In general, Bulk Email excludes the following:
- Interdepartmental emails sent during the standard course of business
- Messages sent to a single distribution list, such as an Andrew Mailman Mailing List, following the guidelines set forth by the list moderator
Generally speaking, Bulk Email is appropriate for:
- Messages that directly relate to the continuance of University business
- Messages that alert the campus community of health and safety issues
- Messages that relate to changes in University policy or time sensitive procedures
- Messages that inform a select group of people (e.g. students in a specific class, members of a business organization, all financial administrators, etc.) of an event related to their specific role within the University.
Inappropriate use of Bulk Email includes, but is not limited to:
- Messages that are counter to the University’s mission and core values
- Messages that are personal in nature
- Messages that are commercial in nature with the exception of those messages that are in support of University business and are approved by an officer of the University (e.g. email to alumni)
The following recommendations are strongly encouraged when sending Bulk Email:
- Bulk Email should be sent from a verifiable University email account
Bulk Email should not be sent from third-party email accounts such as Hotmail and Gmail. These types of accounts provide no measure of authenticity. It is recommended that all Bulk Emails be sent from an @andrew.cmu.edu email accounts. Registration of these email accounts is controlled by Computing Services and email recipients can verify the owner of the email address through the Carnegie Mellon Directory. It may also be appropriate to send Bulk Email using a departmental email accounts (e.g. @scs.cmu.edu) if the audience is internal to that department and recipients are able to verify the owner of the email address. Use of @cmu.edu email addresses should be avoided. There are limited controls around the registration of @cmu.edu email addresses and, as a result, they can be misleading in terms of who the actual sender is. It is important to note that any email address can be impersonated by someone with malicious intent. If an email appears suspicious, the sender should be contacted to validate authenticity.
- Bulk Email should be sent using Blind Carbon Copy (Bcc) functionality
When replying to a Bulk Email, a user may intentionally or unintentionally use the Reply to All option which would result in a second Bulk Email. This type of scenario has a tendency to lead to additional replies. Multiple replies to a Bulk Email can overwhelm an email system and be a nuisance to users. Leveraging Blind Carbon Copy functionality eliminates this risk and helps protect the privacy of recipients. In situations where a separate email is generated for each recipient, use of Blind Carbon Copy functionality is not necessary.
- Bulk Email should have a Subject that clearly defines the purpose of the email
Ambiguous subject lines make it difficult to differentiate between legitimate emails and spam or phishing emails. As a result, an email may be inadvertently ignored or deleted. Unnecessary tags, such as RE and FWD, should also be avoided.
- Bulk Email should be sent in plain-text format when applicable
Using plain-text format emails limits the number of security risks for recipients and eliminates many of the potential problems recipients could have in receiving and viewing email messages. Nefarious individuals may use HTML format emails to exploit software vulnerabilities and cause malicious harm. For example, hyperlinks and images can be disguised to trick a user into browsing to a malicious website. Because of this, some users configure their email clients to block certain aspects of HTML format emails (e.g. blocking images). If using HTML format emails, be sure that all hyperlinks are clearly described and link to a University web page. If possible, direct email recipients to visit a secure University web page in order to verify the contents of the message.
The following are several additional points to consider when sending Bulk Email:
- Avoid sending attachments in Bulk Email
Email attachments are a common tool for propagating computer viruses. As a result, some users are hesitant to open unexpected attachments. Senders of Bulk Email should consider posting files to a University hosted website and then providing instructions in the email on how to download the file. This provides some measure of authenticity. Sending large attachments to multiple recipients can also create unnecessary load on email servers.
- Avoid hyperlinks to third-party websites
Spam and phishing emails often include hyperlinks to malicious websites. As a result, recipients may be hesitant to click on a hyperlink even in an email that appears legitimate. Similar to attachments, posting third-party hyperlinks to a University hosted website provides some measure of authenticity.
- Consider sending Bulk Email to a public distribution list(s) when available
Distribution lists, such as Andrew Mailman Mailing Lists, allow a user to create filters to better sort and manage their emails. In some cases, distribution lists also allow a user to customize how they receive emails.
- Consider posting a copy of Bulk Emails on a well known University hosted website
It is trivial to make an email appear to be an official announcement when in fact it is not. Posting a copy of the email to a well known University hosted website helps verify the authenticity of the email. The bulk e-mail should not include a hyperlink to this webpage.
|1.1||09/17/2019||Laura Raderman||Updated to remove hyperlink advice|
|1.2||09/04/2020||Joseph Magliocca||Updated to include how to securely use HTML format text in email|
|1.3||02/22/2022||Joseph Magliocca||Reviewed. Moved "Additional Information" to sidebar|