I believe there have been institutional-level discussions about a social media policy, though I haven't personally been involved in any. It does come up fairly frequently at least in conversation here at UR. As far as social media verification goes, there is a page maintained at www.msu.edu/social/, accessible through the MSUTALK button on the home page, which has a large (but not comprehensive) list of MSU social media accounts. Inclusion on that list is incumbent on the account holder registering themselves with UR so they can be added, so while there will be accounts that aren't on the list you can at least be certain that the accounts that are listed have at the very least been in touch with University Relations.

----
 Jack Kramer
 Manager of Information Technology
 University Relations, Michigan State University
 w: 517-884-1231 / c: 248-635-4955

From: Richard Wiggins <[log in to unmask]>
Date: Tue, 17 Jan 2012 17:19:39 -0500
To: University Relations <[log in to unmask]>
Cc: "[log in to unmask]" <[log in to unmask]>
Subject: Re: [MSUNAG] Athletics Email?

Increasingly, MSU is using social networking in ways that are not verifiable.

We see postings on Facebook that appear to be authentic MSU postings from addresses like "Spartans".  Well who posted that on behalf of MSU?  What MSU unit is "Spartans"?  How would anyone know?  How does a  person respond or comment or ask questions to an entity representing MSU with no return address?

We see postings on Twitter with MSU-like origins. We get email from addresses that appear to be authentic MSU addresses.  But what part of MSU originated the message?

This is a problem, and there is a simple answer.  1) Every authentic MSU poster should identify itself - what MSU unit is posting.  2)  Every authentic MSU poster should archive every posting on social networks (by this I mean advertising postings, not responses to chats) on their own Web sites, so people can go back and see what MSU officially has to say.

A policy on this would be advisable.

/rich

On Tue, Jan 17, 2012 at 4:40 PM, Kramer, Jack <[log in to unmask]> wrote:
Definitely legitimate and fits their past email profile – they typically send all-image marketing emails through pacmail. As far as making emails appear more legitimate, with the exception of having a reply address outside of the Athletics email space it looks fairly in-line with other marketing emails that get sent often (Gap, Newegg, etc) which are mostly, if not entirely, images which never automatically load in Outlook due to security features. (Outlook blocks externally hosted images by default.) At UR we send mass emails through StrongMail and we typically assign a send address that's monitored by a human (like [log in to unmask], etc) but StrongMail adds the bounce-address header and sets it to [log in to unmask] so that mailservers know where to send their non-delivery reports to. Links in those emails redirect through sm.ur.msu.edu/track for analytics purposes – just like redirecting through pacmail.

I'd say that Athletics could stand to set up either an inbox on their own servers or a redirecting email address, but aside from that it looks like a reasonable marketing piece to me.

----
 Jack Kramer
 Manager of Information Technology
 University Relations, Michigan State University
 w: 517-884-1231 / c: 248-635-4955

From: "Ryan M. Finn" <[log in to unmask]>
Reply-To: "Ryan M. Finn" <[log in to unmask]>
Date: Tue, 17 Jan 2012 16:11:05 -0500
To: "[log in to unmask]" <[log in to unmask]>
Subject: [MSUNAG] Athletics Email?

The attached message was received by my department head earlier today, who was questioning why none of the pictures displayed in Outlook.  The details of the message seem accurate, and the links do eventually go to msuspartans.com.  The problem is that we’ve been educating our users on spotting phishing attempts and this message struck many of them as one.  The sender’s address says it’s Michigan State Athletics, but the reply address is [log in to unmask].  None of the links in the image go directly to what they say, they all redirect through this “pacmail”.  Having looked into it a bit, it seems like it’s just a company that Athletics engaged to produce promotional content, but I can’t fault my users for being uneasy about it.  Can anyone confirm the legitimacy of this email?  If it is legitimate, wouldn’t it pay Athletics to make it appear more genuine?

 

Ryan M. Finn

Systems Administrator

Residential and Hospitality Services

Michigan State University