Actually, speaking of legitimate emails, that reminds me – with StrongMail we have SPF records published for all domains that we allow StrongMail to send as, so that mailservers receiving our messages can look up the sending IP and verify that it's allowed to originate email for the domain in question. I don't know if Athletics does something similar but it's a great way to cut down on address spoofing and most mailservers and filters can easily be set to block, or at least dramatically increase the spam score of, email that has invalid SPF information.

----
 Jack Kramer
 Manager of Information Technology
 University Relations, Michigan State University
 w: 517-884-1231 / c: 248-635-4955

From: University Relations <[log in to unmask]>
Reply-To: University Relations <[log in to unmask]>
Date: Tue, 17 Jan 2012 17:13:13 -0500
To: "[log in to unmask]" <[log in to unmask]>
Subject: Re: [MSUNAG] Athletics Email?

Tell me about it – we've finally got our users to be conscious of security and now it's about getting them to step back to "concerned" from the now-default setting of "outright paranoia."

We've actually been looking at attaching images instead of having them be external links, which does get around the issue of Outlook not displaying the graphics (usually – that depends on a finer-grained tuning of security but it's visible by default) but falls down rather badly on mobile clients, which don't download attachments by default to save bandwidth and store space. It's something of a no-win, especially as mobile devices (and also mobile-based tablets, like iPads and Android devices) increase their market penetration.
----
 Jack Kramer
 Manager of Information Technology
 University Relations, Michigan State University
 w: 517-884-1231 / c: 248-635-4955

From: "Ryan M. Finn" <[log in to unmask]>
Date: Tue, 17 Jan 2012 17:00:39 -0500
To: University Relations <[log in to unmask]>, "[log in to unmask]" <[log in to unmask]>
Subject: RE: [MSUNAG] Athletics Email?

Thanks for confirming.  I was 99% certain it was legit, but it never hurts to check.

 

Please don’t think I’m slamming Athletics.  I understand that it’s a fairly normal message, it’s just confusing to some of my users who think that because Outlook is blocking the images and the reply address isn’t @msu.edu or some subdomain, it isn’t legit.  I personally haven’t ever received such a message, so I don’t know what they are supposed to look like.

 

The difficulty is trying to explain to semi-computer savvy people how to tell a legitimate message from the non.  The alternative of just click on anything and everything you receive wasn’t working so hot.  ;-)

 

What I’ll do in this case is put the word out to my users that pacmail is a marketing tool in use by Athletics, so it’s OK.

 

Ryan M. Finn

Systems Administrator

Residential and Hospitality Services

Michigan State University

 

From: Kramer, Jack [mailto:[log in to unmask]]
Sent: Tuesday, January 17, 2012 4:40 PM
To: Ryan M. Finn; [log in to unmask]
Subject: Re: [MSUNAG] Athletics Email?

 

Definitely legitimate and fits their past email profile – they typically send all-image marketing emails through pacmail. As far as making emails appear more legitimate, with the exception of having a reply address outside of the Athletics email space it looks fairly in-line with other marketing emails that get sent often (Gap, Newegg, etc) which are mostly, if not entirely, images which never automatically load in Outlook due to security features. (Outlook blocks externally hosted images by default.) At UR we send mass emails through StrongMail and we typically assign a send address that's monitored by a human (like [log in to unmask], etc) but StrongMail adds the bounce-address header and sets it to [log in to unmask] so that mailservers know where to send their non-delivery reports to. Links in those emails redirect through sm.ur.msu.edu/track for analytics purposes – just like redirecting through pacmail.

 

I'd say that Athletics could stand to set up either an inbox on their own servers or a redirecting email address, but aside from that it looks like a reasonable marketing piece to me.

 

----
Jack Kramer
Manager of Information Technology
University Relations, Michigan State University
w: 517-884-1231 / c: 248-635-4955

 

From: "Ryan M. Finn" <[log in to unmask]>
Reply-To: "Ryan M. Finn" <[log in to unmask]>
Date: Tue, 17 Jan 2012 16:11:05 -0500
To: "[log in to unmask]" <[log in to unmask]>
Subject: [MSUNAG] Athletics Email?

 

The attached message was received by my department head earlier today, who was questioning why none of the pictures displayed in Outlook.  The details of the message seem accurate, and the links do eventually go to msuspartans.com.  The problem is that we’ve been educating our users on spotting phishing attempts and this message struck many of them as one.  The sender’s address says it’s Michigan State Athletics, but the reply address is [log in to unmask].  None of the links in the image go directly to what they say, they all redirect through this “pacmail”.  Having looked into it a bit, it seems like it’s just a company that Athletics engaged to produce promotional content, but I can’t fault my users for being uneasy about it.  Can anyone confirm the legitimacy of this email?  If it is legitimate, wouldn’t it pay Athletics to make it appear more genuine?

 

Ryan M. Finn

Systems Administrator

Residential and Hospitality Services

Michigan State University