Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy

Legitimate emails sent as mass communication sometimes end up in recipients’ spam folders or are mistaken as phishing attempts. To ensure your mass email communication is not reported as malicious, follow these five simple steps:

• Personalize your message. Address the recipient as specifically as possible. For example, “John Smith” instead of “Penn Staff” or “Dear Staff.”
• Spell out web addresses. If you include a web address in your message, write the full address and avoid hyperlinks. This allows the recipient to know exactly where the link leads. Avoid shortening a web address or embedding links behind text.   
• Provide context. Use a subject line that concisely describes your email content. Explain your reason for contacting the recipient by including information about the department or program on whose behalf you’re writing. Most fraudulent messages try to cause a sense of panic in the reader, so we recommend avoiding language that evokes an urgent need for the recipient to do something.
• Avoid email attachments. Instead, direct the recipient to a secure location where the document resides, such as Penn+Box, or to a well-known web page where information is posted. Use instructions like: “To learn more about this program, visit the ISC website, select Security and click Learn more.”
• Include a verification method. Add your signature to the message and include contact information with your title, department name, phone number, email address and office location. Also, direct the recipient to contact their IT support provider for verification.

If you have additional questions about sending out mass email, contact your local IT support provider.

For additional tips, see the One Step Ahead link on the Information Security website: https://www.isc.upenn.edu/security/news-alerts#One-Step-Ahead