Email distribution lists can aid communication in a large and highly matrixed organization like the UW School of Medicine and Public Health. The UW–Madison Division of Information Technology (DoIT) supports three email list services for university employees. Appropriate use of email lists can help people feel informed, included, engaged and even inspired. However, risks can occur.
Inadequate list management can increase reputational and cybersecurity vulnerabilities. List administrators and members have a duty to ensure that email lists are never misused. For example, list admins and members must safeguard Protected Health Information (PHI). They also must ensure that lists are never used to promote political expression and campaign activity, in accordance with state law.
This page provides guiding principles for email lists in the School of Medicine and Public Health. Please read this guidance in its entirety before proceeding with establishing an email list.
Best practices for email lists
The larger the list, the larger the risk. In general, use the following best practices for email lists with more than approximately 50 members.
Best practices for large email lists
- Assess whether an email list is a preferred or best option as a communication tactic
- Use the list for one-way communication, such as announcements
- Large lists are most effective for information sharing, not conversation or collaboration
- Designate authorized list administrators who are responsible for list settings and membership
- Develop a plan for management and upkeep of lists
Creation
Key questions when creating a new email list
- What is the goal of the list? Write down the purpose of the list. This will be useful to share with list members when they join.
- Who will be included on the list? This will help determine how you manage membership.
- What communication behavior will the list promote? For example, is the list meant to disseminate information?
- Please note: The purpose of email lists and other modes of group communication is to facilitate the business of the department, unit, or group, not for the discussion of broader events.
- How will the list be maintained? How will you ensure accuracy of list membership?
Tactical considerations
- Keep the list focused/targeted so that it aligns with your purpose
- If list members will be added and removed manually, identify who will do this
- If list members have a common attribute such as affiliation with a work unit, consider creating an “automated” or “custom” list that will be automatically updated using organizational databases. It is possible to create lists based on data queries from Human Resource System (HRS) or Student Information System (SIS), for example.
Let the SMPH Office of Strategic Communications know about your list
It is helpful to know about existing or new lists for situations where organizational messages need to be targeted to specific groups.
This is an accordion element with a series of buttons that open and close related content panels.
If you create a list, please let us know by filling out this form
Email list creation form
Management
Some email list services available at UW–Madison allow list administrators to moderate messages, enable or suppress reply-all by list members, let the list name and description be visible or not to others at UW–Madison, and enable or disable other features. Configure your list settings as needed to meet your goals.
Tactics that minimize risk
- To minimize cybersecurity risk, configure settings so no individuals outside the organization can join the list without approval by a list administrator
- Consider message moderation settings carefully (see below)
- Minimize risk of accidental sends to large list by only permitting an email service account to send to the list, rather than an individual account
- What is an email service account? Service accounts are email accounts intended to be used for shared roles (such as webmaster, feedback, info etc.). Multiple people can be granted access to a service account inbox. This is different from your personal account, which takes the form of NetID@wisc.edu. Please note that inboxes for service accounts should be staffed adequately so that any messages received are reviewed in a timely manner.
Moderation best practices for large lists
- (Lowest risk, recommended) Limit “send” permission to a small number of authorized senders. Do not allow others to send to your list.
- (Moderate risk, OK for lists used for some collaboration) Allow list members who are not administrators to send messages, but require a list admin to approve each message prior to dissemination. This helps prevent spam/phishing, off-topic, or accidental messages from being distributed to everyone.
- (Highest risk, not recommended) Everyone on the list has sending permissions with no message moderation. This is risky because your list can become a means of spreading spam/phishing attempts, for example.
If issues occur
If you need consultation about issues regarding the use of your lists, reach out to communications@med.wisc.edu.
Quality control
An email to a large group should not be done without robust quality control measures in place.
Before sending
- Draft the message, conferring with subject matter experts as needed
- Ensure the message does not include PHI as defined by HIPAA
- Ensure the message does not include political advocacy or political campaign activity
- Ensure that the message does not attempt to serve as an institutional statement; only the UW–Madison chancellor or their designee is authorized to make statements on behalf of the institution, in consultation with vice chancellors and other leaders.
- Have at least two individuals review the message for accuracy before sending (see “For sending” below)
- Do a final read of the email to catch mistakes
- If the message relays information from a third party, take these additional steps.
- Use care and discretion when forwarding messages from external groups or organizations. An authorized sender should review the content of the third party message carefully to determine whether it aligns with the goals of the list.
- Add a disclaimer to note that stances shared by the external group do not represent an institutional endorsement, e.g., “This message originated from [name of organization.] Views expressed in this message do not represent the views of the UW School of Medicine and Public Health or UW–Madison.”
- Do not forward third-party messages that involve political campaign activity or lobbying. Ensure you are familiar with the Guidelines on advocacy, political campaign activity and lobbying at our public institution.
For sending
- As mentioned above, it is highly recommended that emails to large lists are sent from a service account
- Send a “test” email to yourself (and/or others) from the service account. Add “TEST:” to the front of the subject line.
- Review the test carefully
- Check the formatting of the test message
- Check all links to ensure they are functional
- Review the message again for spelling, grammar, and factual accuracy. If the message promotes an event, double-check the date and time listed. If attachments are included, review these files as well.
- Set up the “real” email after looking over the test
- Double check the recipient list
- Ensure that you have included any attachments, if applicable
- Do one final read
- Send the message or schedule it for delivery at a designated time
Maintenance
Maintaining accuracy of list members is arguably the most important aspect of email lists. In a large organization, a list made one day can be out of date the next.
Strategies for keeping lists up to date
- If possible, creating an “automatic” or “custom” list linked to HR, student or other data will greatly reduce the maintenance needs. Not sure how to configure a query for a custom list? Confer with a subject matter expert in HR or student enrollment.
- For manually managed lists, develop a maintenance plan that includes a method for adding/removing individuals by list admins, routine review of current members to determine whether they still meet membership criteria, etc. Options include:
- For a list aimed at reaching people working in a specific area of a building, designate someone who will verify work location of list members on a regular basis (at least annually)
- For a list based on a shared interest of list members, periodically remind members of how they can opt-out if desired