Use of Mass Email Platforms Changing

Sending bulk emails through third-party email marketing platforms (e.g., Mailchimp, Constant Contact, Brevo) will require UF departments to act before February 1, 2024.

Google and Yahoo recently announced new email authentication and spam-prevention policies.  Beginning February 1, 2024, both email providers will begin blocking and aggressively filtering incoming email traffic that doesn’t meet domain authentication and procedural requirements.

What does this mean for UF?

Many UF administrative divisions, colleges, and units use third-party apps to keep stakeholders informed. This is often done with a visually attractive newsletter or e-Card format. Third-party apps are also used to send bulk emails for surveys, ticket sales and event announcements, and appointment reminders.  Any unit using an email marketing program to send mass marketing emails to the UF community or to externally-focused stakeholders need to refer to the vendor’s documentation on domain authentication (or DKIM) and work with UFIT to complete the domain authentication process prior to Feb. 1.  The steps required to comply with Google’s and Yahoo’s new policies on domain authentication vary by the bulk-mail application used.

If you are using an app (such as Constant Contact or a Microsoft Mail-Merge plug-in) where you type in a personal or a college/department.ufl.edu, address as the From” address, then you will need to verify that domain authentication is in place to meet Google’s and Yahoo’s new requirements.  Otherwise, intended recipients whose emails end with gmail.com, googlemail.com, or yahoo.com may not receive what you send. Again, refer to the vendor’s documentation on domain authentication (or DKIM) and work with UFIT to complete the domain authentication process before you begin creating that next issue of your newsletter or developing a new survey. For additional assistance in clarifying steps about bulk email, submit a myIT ticket to the Help Desk and UFIT will provide expert consultation.

Please refer to the Google and Yahoo announcements for detailed technical information about authentication requirements. While acknowledging that bulk mail applications are popular because they enable staff to design and deploy visually beautiful emails, issues about deploying mass emails within the university community can easily be overcome by creating a UF listserv. Visit https://lists.ufl.edu/ and use the “Request creation of a new mailing list” link to create a new list. It is also recommended that applications used to create content and store UF email addresses be pre-approved for use. Faculty and staff can check what mass mailing applications are approved for university use on the Fast Path Solutions website.

Fake Emails from “UF Faculty” Targeting Students

Students are reporting suspicious emails in their Gmail or other non-UF inboxes, claiming to be from instructors. These phishing scams enable cybercriminals posing as faculty to convince students to deposit fake checks or send gift cards. Because students often handle email on their phones–where full email addresses are obscured–it isn’t immediately apparent that the email is a phish.

Impostor emails attempt to lure students with high-paying job opportunities and often come from faculty members the student doesn’t know. Cybercriminals can find enough information online to impersonate faculty without having to hack into their UF account. The proliferation of these scams is a great reminder to always be cautious when clicking on any email, no matter who they seem to come from.

Remember:
1. Even if a phishing email doesn’t include a malicious link or attachment, it’s still just as dangerous if you respond.
2. The [External Email] tag will appear in the body of emails originating from outside the university, alerting you that it may well be malicious.

If you think an email in your Gmail or non-UF inbox is a phish, forward the message as an attachment to abuse@ufl.edu.