Make Your Email Easy To Verify
If your department sends out mass emails, please do some simple things to make sure recipients can verify that your message isn't phishing.
Email Verification Best Practice
- Include this statement "For further questions or to verify authenticity of this message,
please call or write..." and include Pepperdine contact information such as:
- A department or staffer @pepperdine.edu email address
- A Pepperdine phone number
- Optionally, the person to contact
- Your email could alternately include the full URL to a Pepperdine web page about your
email campaign and:
- Duration of your email campaign
- Any steps needed to respond to the email
By following the above procedures, the recipient can easily verify the legitimacy of your email and distinguish it from phishing.
Poor Email Verification Practices
Certain verification practices have been promulgated by various departments and IT over the years, which are easily mimicked by spammers and phishers. These do NOT suffice and should be countered when suggested.
Pepperdine Graphics: Logo graphics are publicly available and easily copied and republished by criminals. This false verification has been used against Pepperdine staff and faculty in the past by phishers. Graphics are good for branding, but not for verification.
Pepperdine Email Address: Email addresses are also easily spoofed, just as easily as writing someone else' address on a physical envelope. This is why many email service providers, such as Google, are providing warning banners for email with an organization name or organization member's name, not sent from the organization. Rather than spoofing a Pepperdine address, use the vendor email address and include the above Email Verification Best Practice.
Success For Your Campaign
As the damages from phishing emails mount, people are becoming increasingly leery of unexpected email requests. Making your message easy to verify makes it less likely to be:
- Discarded without reading
- Marked as SPAM, which impacts future campaigns
For new services announcements, you could get a higher response rate if you tell your recipients briefly why they should respond to your request, rather than presenting them with a "wall of text" containing procedures. Providing them with a link to your department's web site to verify your campaign allows you to put extended information about your request in a place that your target audience can reference it later. Emails can be deleted or lost, but if you put the procedure on your website, it will be there when it is needed.