People are rightfully suspicious of unsolicited email, but that can sometimes cause them to ignore or delete your legitimate university communications. In order to not appear phishy, focus on helping recipients verify the legitimacy of your U-M emails so they know they are safe to open.
- Make it easy to verify the sender. The From address for your email should be an address that is clearly associated with the university and your unit, preferably one that people can verify online. The signature line should also be verifiable, with the person’s name and/or unit name spelled correctly and matching the name on your website. Use appropriate U-M branding elements, and be sure to use them correctly. See U-M Office of Communication Brand Standards.
- Make link locations clear. Use descriptive link text with the full URL. The descriptive text lets people know what to expect if they click the link. They can see the full URL by hovering over the link with their mouse.
- Refer to supporting information. Refer to information on U-M websites that people already know and trust.
If you have contracted for a service that involves a third-party vendor sending email to members of the U-M community, you can work with ITS Information Assurance (IA) to have information about the email posted at Legitimate Email that Might Appear Phishy.
IA can review the message and offer suggestions, as well as help you make sure the ITS Service Center is prepared to answer calls from people who may be uncertain about the legitimacy of the email. Contact us by sending email to info-assurance@umich.edu.
For more tips, see Guidelines for Writing Emails that Don’t Look Phishy on the Safe Computing website.