Mass Emailing Guidelines

Consider the following guidelines when planning to send an email to a large audience. First, such emails may easily look like spam or phishing attempts if not done carefully. Secondly, bulk emailing can cause load issues to both mail and URL-referenced servers within the email. Following these guidelines will increase the chances that your email is well-received.

Authenticity of the Sender

  1. Contact your department’s communications group. Ideally, they may send the message for you increasing its validity since it’s being sent from a better-known and trusted source.
  2. Digitally sign the email.  A digital signature helps recipients know that the message contents have not been modified in transit and that the sender is really who they claim to be.
  3. Send from an (or appropriate system/campus) address and ensure an reply-to.
  4. Inform the Help Desk of the mass email so that they can prepare for any potential issues that may be directed to them regarding your email.
  5. Identify yourself in your email with your name, title, and contact information with your phone number and email address.  If you are using generic or role-based contact information, use previously published contact information so the recipient can confirm its legitimacy.
  6. Reference related Knowledgebase documents:
    1. Phishing Detection and Remediation in your email to help readers determine for themselves if a given email appears legitimate or not.
    2. UW Digital ID (Personal Certificate) - Compatible Mail Clients which visually documents for several email clients how to determine if a message is digitally signed.

Message Content

  1. Never ask for personal identity or financial information in an email.  This includes user names, passwords, Social Security Numbers, driver’s license numbers, state ID numbers, financial or credit card information, biometric data or protected health information.
  2. If you must include web links, they should be easy to identify and clearly labeled.  A link should be distinguishable to the recipient by the color and that it is underlined.  Do not simply embed a “Click here” link and expect a reader to click through.
  3. Structure your link properly throughout your email by displaying the entire link.  If the URL is lengthy, you may want to insert a hyperlink with a description that matches the URL.
  4. Double check that the link(s) are working properly before deploying the mass email.
  5. Avoid sending attachments as they are often used to spread viruses or install malware unbeknownst to the recipient.
  6. Alternatively, consider working with the My UW-Madison Portal team to host your content or application within the portal.  The portal provides a secure environment in which users must present their credentials (NetID and password) to access it.  Instead of sending a possibly suspicious-looking link, you can tell them to log into My UW.

Managing the load – emailing and responses

  1. Avoid sending a mass email that could result in thousands of simultaneous clicks from recipients by:
    1. Sending outside of business hours
    2. Staggering emails over a period of hours or days
  2. If the email references MyUW Portal, alert the My UW-Madison Administrators List ( in advance so they can be aware of any potential load issues.


Phishing Detection and Remediation

Keywords:bulk email phish URL mail phishing mass guidelines   Doc ID:52721
Owner:Ed J.Group:Office of Cybersecurity
Created:2015-06-17 16:56 CDTUpdated:2018-06-07 15:18 CDT
Sites:DoIT Help Desk, DoIT Tech Store, Office of Cybersecurity
Feedback:  1   0