Purpose
The purpose of this guideline is to instruct users on appropriate use of Bulk Email and to provide recommendations on how to properly send Bulk Email messages and reinforce security best practices to ensure effective and efficient deliverability of email to intended recipients.
Bulk Email is defined as an email sent to a group of recipients with or without their expressed willingness to be a recipient. Bulk Email is often thought of as email sent to a large number of recipients; however, these guidelines should be evaluated for appropriateness even in situations that involve a small number of recipients.
| Appropriate Bulk Email/Messages |
Inappropriate Bulk Email/Messages |
- Directly relates to the continuance of University business
- Alerts the campus community of health and safety issues
- Relates to changes in University policy or time sensitive procedures
- Informs a select group of people (e.g., students in a specific class, members of a business organization, all financial administrators, etc.) of an event related to their specific role within the University.
|
- Counter to the University’s mission and core values
- Personal in nature
- Commercial in nature with the exception of those messages that are in support of University business and via approved communication channels (e.g., University Advancement email to all alumni/constituents)
|
In general, Bulk Email excludes the following:
- Email messages sent during the standard course of academic or administrative business
- Email messages sent to University distribution lists
Best Practices for Bulk Email
To help prevent incorrect flagging of an email message with an [EXTERNAL] subject prefix, or email messages being sent to Junk email folder, the following guidelines are recommended for all Bulk Email:
1. Vendors and Third Party Senders should comply with the Domain Protection Mechanisms
Villanova University's Email Domain Protections include a number of required controls to protect our university community from malicious messages. Third Party Senders utilized for Bulk Email must comply with these protections including the use of appropriate subdomains. Third party Senders sending email on behalf of the university must utilize the Villanova subdomain of @mail.villanova.edu as this allows for more granular and secure mechanisms to ensure reliable mail delivery and authenticity.
2. Bulk Email should not be sent from external email addresses such as @outlook.com and @gmail.com.
External email addresses such as @outlook.com, @hotmail.com, @gmail.com provide no measure of authenticity. It is recommended that all Bulk Email be sent from an appropriately named subdomain address (e.g., @survey.villanova.edu). Registration of these email addresses is controlled by UNIT and email recipients can verify the owner of the email address through the Microsoft Outlook Global Address Book.
3. Bulk Email should be sent from a verifiable University email account
It may also be appropriate to send Bulk Email using a departmental email address (e.g., support@villanova.edu) if the audience is internal to that department and recipients are able to verify the owner of the email address. There are limited controls around the registration of @villanova.edu email addresses and, as a result, they can be misleading in terms of who the actual sender is. It is important to note that any email address can be impersonated by someone with malicious intent. If an email appears suspicious, the sender should be contacted to validate authenticity.
4. Bulk Email should be sent using Blind Carbon Copy (BCC) functionality
When replying to a Bulk Email, a user may intentionally or unintentionally use the Reply to All option which could result in a second Bulk Email. This type of scenario has a tendency to lead to additional replies. Multiple replies to a Bulk Email can overwhelm an email system and be a nuisance to users. Leveraging Blind Carbon Copy functionality eliminates this risk and helps protect the privacy of recipients. In situations where a separate email is generated for each recipient, use of Blind Carbon Copy functionality is not necessary.
5. Bulk Email should have a Subject that clearly defines the purpose of the email
Ambiguous subject lines make it difficult to differentiate between legitimate emails and spam or phishing emails. As a result, an email may be inadvertently ignored or deleted. Unnecessary tags, such as RE: and FWD:, should also be avoided.
6. Bulk Email should be sent in plain-text format when possible
Using plain-text format emails limits the number of security risks for recipients and eliminates many of the potential problems recipients could have in receiving and viewing email messages. Nefarious individuals may use HTML format emails to exploit software vulnerabilities and cause malicious harm. For example, hyperlinks and images can be disguised to trick a user into browsing to a malicious website. Because of this, some users configure their email clients to block certain aspects of HTML format emails (e.g., blocking images). If using HTML formatted emails, be sure that all hyperlinks are clearly described and link to a University web page. If possible, direct email recipients to visit a secure University web page in order to verify the contents of the message.
7. Avoid sending attachments in Bulk Email
Email attachments are a common tool for propagating computer viruses and malware. As a result, some users are hesitant to open unexpected attachments. Senders of Bulk Email should consider posting files to a University hosted website or the University knowledge base and then providing instructions in the email on how to download the file. This provides some measure of authenticity. Sending large attachments to multiple recipients can also create unnecessary load on email servers.
8. Avoid hyperlinks to third-party websites
Spam and phishing emails often include hyperlinks to malicious websites. As a result, recipients may be hesitant to click on a hyperlink even in an email that appears legitimate. Similar to attachments, posting third-party hyperlinks to a University hosted website provides some measure of authenticity.
9. Consider sending Bulk Email to a public distribution list(s) when available
Distribution lists allow a user to create filters to better sort and manage their emails. In some cases, distribution lists also allow a user to customize how they receive emails.
Visit the Email Domain Protection: Getting Started article to learn more about the various initiatives to better protect a Villanova Account and related email services.