Mailing List Security Update

Wharton Mailing Lists are being updated to require all messages be "confirmed" before they are sent to the mailing list members.

This confirmation can take two forms:

  • The moderators of moderated lists approve messages from members before they are sent to the list.
  • Senders to unmoderated lists receive a confirmation email with a link immediately after sending a message to the list. Clicking the link within 24 hours confirms you're the message's sender and sends it to the list.

How Does This Affect Me?

There are two main types of Wharton mailing lists with varying roles of users associated with each.

Most people are members (that's the role) of moderated lists (the list type). This list type and role combination will see no changes resulting from the new confirmation setting. Moderators will continue to approve messages as they have in the past, and email will flow.

The following table shows the impact of the different list types and roles:

RoleModerated ListUnmoderated List
MemberNo change.Must confirm their own messages to the list before they are released to list members.
EditorMust confirm their own messages before they are sent to list members.Must confirm their own messages to the list before they are released to list members.
ModeratorMust approve messages sent by anyone except an editor before they are sent to list members.

Must confirm their own messages before they are sent to list members.
N/A
OwnerMust confirm their own messages before they are sent to list members.
Must confirm their own messages before they are sent to list members.


Note: Moderators, Editors, and Owners of moderated lists must confirm their own messages before they are sent to list members. A confirmation email will be sent when a moderator/editor/owner emails their list. When they click the link, the email is sent to the list.

Why are the mailing lists being changed? 

This change is being rolled out across the University to protect our community from potential misuse of mailing lists by people "spoofing" email addresses.

A spoofed email message appears to be a legitimate message from someone but is actually a forged message. Requiring confirmation of messages provides an additional layer of security to protect our mailing lists from this behavior. 

Questions?

Reach out to your Wharton Computing representative if you have any questions about this change.