Background and Purpose

Bulk email is a critical mass communications tool at UCSF that is used for distributing information to large audience groups through electronic mailing lists or newsletter tools.

Purpose

The purpose of the policy is to:

• Ensure the deliverability and efficiency of bulk email distribution at UCSF
• Deliver users a high-quality email experience by preventing security breaches and damage to UCSF’s reputation
• Establish levels of access to send bulk email

Definitions

Responsible Campus Entity

Any business interest being represented by a UCSF distribution. Examples include but are not limited to: schools, administrative and academic departments, research enterprise, academic programs, organized research units, institutes, centers, faculty practices, University-wide services, and UCSF Health and all of its organizational components.

Bulk Email

Any message from one sender to many recipients, utilizing an automated distribution system. Examples include:

• Distribution Group – Email list created within Active Directory or Microsoft Outlook that utilizes the existing address book function to send an email that’s internally hosted.
• Listserv – Email list created via Information Technology that utilizes a “reflector” email address, which triggers the software to send an email, which is internally hosted, to all of the group's subscribers.
• Electronic Newsletter – An external vendor platform that enables design and distribution of emails, such as Constant Contact or Emma.

Resource Account

Email account used for a technical purpose, such as room scheduling or conference room connection to virtual meetings.

Entity Account

Email account used to represent a Responsible Campus Entity, with a shared administrative access. Entity accounts are often the sender of bulk email and receive mass inquiries from the community or general public.

Responsibilities

Responsible Campus Entity is responsible for managing the account and its contents.

UCSF Information Technology (IT) is responsible for managing all email infrastructure and security at UCSF, including all addresses ending in “@ucsf.edu”.

IT Committee on Communications Technology is responsible for overseeing bulk email policies and guidelines.

Policy

All tools used to send bulk email to the UCSF community must comply with UCSF security standards, in accordance with the UC Electronic Communication Policy and as defined by IT. The standards below ensure security and usability through clear and defined ownership of bulk email sends, approved distribution tools, and content protocols.

Eligibility

All Entity Email Accounts or Listservs representing a Responsible Campus Entity must be registered to a current UCSF career employee on behalf of a business unit, who will be known as the owner.

UCSF students, postdoctoral scholars, residents, clinical fellows, alumni, volunteers, and affiliates are not eligible to register Entity Email Accounts or Listservs. However, they may access one through sponsorship by a UCSF career employee or business unit. For Registered Campus Organizations (RCOs), the Office of Student Life can serve as the sponsor.

UCSF reserves the right to revoke any previously assigned Entity Email Account or Listserv at any time if it conflicts with this policy or other University policies, priorities, or interests.

Resource and Entity Email Accounts

IT manages the creation and administration of all Resource Accounts and Entity Accounts. Requests are submitted through the Account Request Form.

Naming

Resource Accounts should be named using a combination of letters and numbers that help identify the resource location, such as “CRoomS118@ucsf.edu” for Chancellor’s Conference Room S118.

Descriptive, or “vanity,” email account names are reserved for Entity Accounts only. Names must be meaningful and intuitive. They should reflect the name of the unit or service that it represents and be distinct enough to avoid confusion with another entity, program, or service.

Guidelines for selecting an Entity Account name:

• Keep it succinct. The name should be memorable and easy to read when words are compounded.
  Don’t: ucsfcoronavirusresources@ucsf.edu
  Do: covid19@ucsf.edu
• Consider scarcity. Ensure that the name truly represents the subject matter being represented. UCSF has a finite supply of Entity Account names, and overly broad or inaccurate names can confuse users and complicate another unit’s business goals.
  Don’t: managers@ucsf.edu
  Do: CLSmanagers@ucsf.edu
• Use actual words. Avoid acronyms when possible – especially for external-facing accounts – to clarify the purpose of your account for users.
  Don’t: hdfccc@ucsf.edu
  Do: cancer@ucsf.edu
• Avoid hyphens. Most email accounts use compounded words, and hyphens can create confusion for users when recalling the address.
  Don’t: health-info@ucsf.edu
  Do: healthinfo@ucsf.edu

Listservs

UCSF IT manages the creation and issuance of all listservs, which can be accessed at https://listsrv.ucsf.edu.

Administrative Listservs are used to communicate with the UCSF community at large. Subscription is automatic, based on Human Resources records, and cannot be altered without altering Human Resources records. These include campuswide, schoolwide, or building-wide distributions, and sender access is restricted to designated administrative leads.

All-UCSF listservs may only be accessed by the following offices:

All UCSF	All Employees	All Students	All Faculty
Office of the Chancellor Office of the Executive Vice Chancellor & Provost Office of the SVC of Finance & Administration UCSF Health Office of the CEO Office of Communications Office of Diversity and Outreach Information Technology UCSF Police	Human Resources	Student Academic Affairs Student Life Student Health and Counseling Services Student Financial Services Registrar	Academic Affairs

General Use Listservs can be managed by anyone in the UCSF community and are created through an IT service request. Subscription is self-managed.

Due to the proliferation of listservs, requests for a new listserv are sent to IT for review and decision. All requests must be accompanied by a business justification from the Responsible Campus Entity. Requests that effectively result in “all employees,” “all faculty,” “all students,” etc. are prohibited; the scope of the requested list must be directly relevant to its purpose. 

Listservs not used within a one-year period will be deactivated and removed, after notification to the owner. 

Electronic Newsletters 

Electronic Newsletters must have the ability to establish Domain Keys Identified Email (DKIM) authentication, which inserts a key into the message header information allowing all recipient systems to better distinguish between legitimate and fraudulent email messages. 

To establish DKIM authentication, all bulk email publications sent using a Newsletter Tool must be registered by the Responsible Campus Entity through UCSF IT’s E-Newsletter Registry.  

Current compliant external email services

UCSF Information Technology has approved the following Electronic Newsletter platforms:

• Constant Contact 
• Emma 
• Salesforce Marketing Cloud 

Any Electronic Newsletter platforms not on the above list have not passed security review and may not be used at UCSF.  

• Effective immediately, new requests for authorization of non-compliant platforms will be denied.  
• Effective July 2021, all existing accounts using non-compliant platforms will lose IT authorization to send to UCSF addresses. 
• Unapproved Electronic Newsletter platforms and unregistered bulk email publications may be blocked by UCSF IT and cannot be guaranteed delivery to UCSF recipients. 

A Responsible Campus Entity may petition CCT and IT to approve additional Electronic Newsletter platforms that comply with IT security requirements by submitting an IT service request. The request must include the following information: 

• The Electronic Newsletter platforms in question; 
• Documentation that supports the tool’s ability to establish DomainKeys Identified Email (DKIM) authentication. 

Content 

The Responsible Campus Entity must exercise judgment in assessing what type of information should be sent via bulk email, depending on the target audience (i.e., internal or external). The following data standards explicitly apply, based on the UCSF Data Classification Standard: 

• P4 (Restricted Data) – May not be sent through any bulk email. 
• P3 (Sensitive Data) – May not be sent through any bulk email. 
• P2 (Internal Data) – May be sent through internal Electronic Mailing Lists, but not through Newsletter Tools that are externally hosted. 
• P1 (Public Data) –  May be sent through bulk email.