Mass Email Communication Guideline

Do your campus mass email communications include suspicious phishing characteristics?

If so, your message may not be reaching your audience. We strongly encourage campus communicators to follow these basic Mass Email Guidelines to prevent messages from being blocked by spam filters:  

  • Provide sufficient identification to avoid getting blocked

  • Authenticate messages from external marketing communication vendors

  • Avoid spammy content

By following these simple guidelines you will help make sure that campus email recipients remain sensitized to message characteristics that are typical of phishing messages, and reduce the likelihood that your legitimate message gets blocked or marked as suspicious by recipient email systems.  

If you send mass communications that request personal information, these guidelines are especially important.

Provide sufficient identification to avoid getting blocked

  • Use a berkeley.edu email address as the "From:" address

  • Include one or more UC Berkeley contacts for message validation, e.g.,

    • campus phone number (the CSS Service Desk is an option)

    • campus physical address

    • berkeley.edu email address

    • berkeley.edu web address

  • Send the message through berkeley.edu servers when possible.

  • Use berkeley.edu web links when possible (also applies to graphics).

  • If possible, do not display one URL but link to or pass-through to another URL. (This can occur with 3rd party link-tracking services.)

  • Simple and direct URLs (e.g., security.berkeley.edu/phishing) are preferable to long, cryptic URLs.

Authenticate messages from external marketing communication vendors

If you are sending the mass mailing through an external marketing vendor (e.g., Constant Contact, MailChimp) using a berkeley.edu address, use DKIM to authenticate that the message is legitimate.  (If your mass mailings are not using a berkeley.edu address, you do not need to do this).

DomainKeys Identified Mail (DKIM) is a protocol that allows an organization to take responsibility for transmitting a message, even when the email originated from a 3rd-party service provider.  You can use DKIM to prevent your email marketing campaign from being flagged as spam or a phishing message for recipients.

Follow the link below to instructions for your marketing vendor and then coordinate with the bConnected team at consult@berkeley.edu to implement DKIM for your bulk mailing:

DKIM authentication is not required for email message posting to UC Berkeley Google Groups (bConnected Lists).

Avoid spammy content

Avoid spammy/phishy content, such as:

  • ALL CAPS

  • Spammy words (e.g., "free money") in the subject line (see below for an extensive list of words and phrases to avoid)

  • Excessive punctuation

  • Messages that contain document attachments - link to a web page with additional content instead (e.g., link to a Google doc)

  • If an attachment is necessary, use a PDF file rather than a Word document, PowerPoint deck or other type of file

  • Messages that link to a web page that requires a login are often flagged as possible phishing attempts

Spammy words to avoid in mass communications:

  • Amazing

  • Act Now!

  • All New

  • Avoid Bankruptcy

  • As Seen On...

  • Buy Direct

  • Casino

  • Cash

  • Call now!

  • Click Here

  • Collect

  • Compare

  • Don't Delete

  • Free!

  • Guarantee, Guaranteed

  • Great offer

  • Give it away, Giving it away

  • No cost, No fees

  • Offer

  • One time

  • Order Now

  • Opportunity

  • Please Read

  • Promise You

  • Removes

  • You're a Winner!

  • Hidden

  • Information you requested

  • Special Promotion

  • Stop or Stops

  • Subscribe, Discount!

  • Save up to

  • Time limited

  • Visit our web site

  • While supplies last

  • Why pay more?

  • Winner