Best Practices for Sending New or Unusual Emails

Summary

This article gives best practices for any time a university office is going to send out a message that asks recipients to do something new or unusual, or that comes from a new or unusual source.  Failure to follow best practices might mean recipients rejecting important messages, believing they are phishing.

Body

Introduction

It is important that students and employees be able to easily distinguish between legitimate messages from Pacific University offices, and phishing messages that are trying to trick them into doing some action that is harmful to them under the guise of being from the university.  This article gives best practices for any time a university office is going to send out a message that asks recipients to do something new or unusual, or that comes from a new or unusual source.  Failure to follow best practices might mean recipients rejecting important messages, believing they are phishing, which could block recipients from receiving these messages in the future. 

Messages Commonly Mistaken for Phishing

UIS often sees legitimate emails reported as phishing that:

  • Are being sent for the first time, or have not been sent for a while (e.g. an email that is sent annually).
  • Ask people to take some action they are not used to being asked to take.
  • Ask people to visit a website they are not used to visiting.
  • Coming from a third party system (e.g. Box Sign, DocuSign, Qualtrics, Google Groups).

Note that any message sent from any source, other than a Pacific University Boxer Mail account, may be put into a user's Spam folder if Google's anti-spam algorithms think it is likely spam based on terms used and other factors.  See our article on Spam False Positives.

Pre-Send Warning Email

Before sending a message that may be mistaken for phishing, we suggest sending out a warning email to let people know this message is coming.  We suggest this message:

  • Be sent out from a normal Boxer Mail account (rather than a third party system).
  • Be sent out about a day in advance of the message it is warning about.

Sample text for such an email is:

Please keep an eye out for an email being sent to you [timeframe] from us about [purpose of email].  This email will come from [email address or email domain].  If you don't see it, please check your spam folder.  If you have any concerns about this email, or want to verify that it is legitimate, please contact [employee to contact].  If you ever receive an email and you aren't sure if it's legitimate, feel free to contact the Technology Helpdesk for advice.

Where possible, we suggest also including information in the email that follows about what the purpose of the email is and what university office they can contact if they have questions.

See Also

Managing Spam Filter: False Positives and False Negatives

Inquire About a Suspicious Email

Questions?

Contact Support

Details

Details

Article ID: 151732
Created
Wed 6/12/24 2:21 PM
Modified
Wed 6/12/24 2:48 PM