University is spamming work email. I can block them, but what is a better course of action?
Posted by Training_Rip2159@reddit | sysadmin | View on Reddit | 50 comments
I started getting emails from a University in our state, inviting me to be advisor to "Women in Leadership" program. Got 3 this week so far. Not a big deal in itself as I definitely get 100's of spams per day, but this one got past the M365 filters into my inbox (which most don't), and drew my attention.
The reason it got through - it's actually a legit email, from a legit .edu domain. The problem is I never subscribed to any lists from this university, nor affiliated programs or organizations (as far as I know), nor did I go to this university, nor do I even know anyone who went there.
Also, the way this email is addressed and got into my inbox, I know this combination was stolen from a data breach. A few years ago, we had an employee who left, and their email was aliased to mine. With a specific combination of name and email - I know it was used only on 1 specific site for work purposes.
I don't know how this university obtained this email list, but it definitely didn't originate from a legit source. And a University should know better (especially if they are trying to teach Leadership).
I know it's a bit of a petty rant (I mean there are millions of spam emails sent hourly, and dozen of data breaches occurring daily). Just one of those thing that I find very annoying. I expect spam from to stolen emails from companies, political parties, scammers, recruiters, swindlers, just not Higher Education.
I don't want to be an ass, but should I bring it to somebody's attention, and make sure it's not a common practice there. What's the best course of action?
/rant over
stufforstuff@reddit
It's spam, block it, why would you waste time doing anything else?
lewis_943@reddit
Spite?
lewis_943@reddit
Transport rule to automatically redirect it to the abuse@ reporting address for their org? Maybe poke around to find a few other generic email addresses for their IT team and their ticketing system?
eruberts@reddit
IF the email does not provide a link or information to unsubscribe or opt out...... contact the University inform them that you did not sign up or authorize to receive the emails and politely ask to be removed. You can also reference the FTC's CAN-SPAM act for how businesses should handle sending advertising emails.
DobermanCavalry@reddit
Violating CAN-SPAM can lead to a tremendous ass pounding and any legitimate organization's marketing department would be well aware that they need to steer clear of violations and would quickly help get you OP off the list.
fahque@reddit
No it can't. Yeah, sure there's the can-spam act like eruberts referenced but it's completely toothless.
DobermanCavalry@reddit
https://www.securitymagazine.com/articles/101008-ftc-cites-verkada-for-alleged-can-spam-violations
itsnotjackiechan@reddit
On what basis do you say this? I am getting spammed by an organization that does not have an unsubscribe and I have emailed them multiple times to stop, and filed complaints with the FTC, but all that I’ve read essentially says “you have no private right of action and the FTC won’t do anything about it unless there is an overwhelming amount of complaints”
sdeptnoob1@reddit
Mail bomb them with bounce backs saying the are spaming you? Office@x.com, admin@x.com, sales@x.com, ceoname@x.com, ceo.name@x.com, accounting@x.com and so on lol. Make them block you?
At-M@reddit
One of Europes biggest Supermarket Chain actually blocks me because of this, i love it
BlackV@reddit
except the logical action would to be for UNI block OP inbound, that wont stop OP from getting spam from them, but OP stop from being able to send to them, OP ends up in the same position they started and the uni just blocked a tiny tiny tiny blip
sdeptnoob1@reddit
I dont know. Don't most typical filters, for example, in the google admin suite, just block the domain outright unless you make special rules?
BlackV@reddit
I can for google admin suite, but generally you block something inbound or outbound separately
lcurole@reddit
Lol security@salesforce.com and abuse@ probably hate me by now
OptimalCynic@reddit
Bold added. That's pretty clearly a spammy organisation, and blocking them is pretty much the only way to deal with them.
If it's a local business who does care about their reputation though, you can apply pressure in other ways
DobermanCavalry@reddit
Contact your state attorney general.i dont know of a way to force anyone to pursue fines on your behalf but the FTC is not the only avenue
somesketchykid@reddit
Thank you for the belly chuckle
DobermanCavalry@reddit
Verkada just got fined $3 million
BloodFeastMan@reddit
I get this several times a month:
```
Hi, just following up on your reply a while ago to make sure you didn't miss out on this year's Seattle Women Leaders meetings and activities. We would really enjoy having you as a member. Here is the site, can you go there now to join so we can get you set up in time for our upcoming summit? Let me know either way, thanks !
https://www.SeattleWomanLeaders.org
Sincerely,
Nicole Lee
Planning Director
Seattle Women Leaders Association
2815 Elliott Avenue, Suite 100
Seattle, WA 98121
```
Have never replied to these people, and I'm not a woman. I just ignore them, but it was so similar to what you're describing, I thought I'd share.
Training_Rip2159@reddit (OP)
It is similar. I checked - email is not a scam. Legit think from a local Uni. I would just think they would know better than buying a stolen list of contacts.
Newbosterone@reddit
Universities have side gigs also. Sounds like this is one, in Career Development or Continuing Education. Pay someone $2k to hold a seminar, charge $1000 for 20 people to attend, Profit!
They probably bought a mailing list from a broker, and the breached data was whitewashed into the db. Unsubscribe from future mailings, notify the sender and head of the department and move on.
Training_Rip2159@reddit (OP)
Sounds like that to me. Just would think that Uni would know better than buying a list.
Commentator-X@reddit
Are you sure it actually came from the university? Like did you check the header to see the sending server hostname, did sender and hdrfrom match, did the sender IP pass spf, etc?
Training_Rip2159@reddit (OP)
Yes. Legit email. Legit program. No way they got this email/name combination in a legit way thou.
_BoNgRiPPeR_420@reddit
It could be spoofing, run it through a header analyzer to be sure. I'd also report it as spam. If it is a legitimate company spamming, it'll make it a royal pain to get themselves unblocked from the various providers for other legitimate email purposes.
Training_Rip2159@reddit (OP)
Not spoofed. Legit email, for a legit program. I just know they shouldn't have this email/name combination legitmaltly.
Ok_Assistant6228@reddit
University IT here. Never attribute to malice what can be attributed to non-IT departments outsourcing CRM. (Or to stupidity.) Annoying but par for the course. “Block sender” and let live…
Training_Rip2159@reddit (OP)
Wouldn't CRM require somebody to load those email lists into it in the first place? UNless there is a legit CRM that comes preloaded with stolen contacts. :)
I know this Email/Name combination was only used once to sign up for a legit service. I know they had a data breach a few years ago ( it was fairly public) . So Uni's marketing department is using an email list they did not obtain in a legit way ( or it was sold to them - which is also morally questionable practice)
F7xWr@reddit
email the fcc and cc the university president.
Bad_Mechanic@reddit
Just block it and move on with your life.
Lylieth@reddit
I agree with you, and those who responded to you. This comment should be top.
vagueAF_@reddit
Hahahah first thing I thought of, not the only one.
-Enders@reddit
Jesus I had to scroll too far down to find someone who said this.
If you don’t have a block rule, create one and then block the whole domain and never give them a second though
alpha417@reddit
No! The non sysadmin had to come here and pollute the feed with this triviality.
dunxd@reddit
Is it possible that someone else in your org has a similar email address to you and simply put your address in error when they subscribed?
It may well not be a mass email campaign - people still use the BCC field to manually send to small groups, especially in edu. It's possible your email address was manually input from a paper sign up list from some event. This seems far more likely than the university loaded millions of addresses to spam about a programme that would only be if interest to a specific audience.
I would just reply to the message saying "unsubscribe" and be done with it.
double-you-dot@reddit
In some cases like this - the mega persistent spammers, I prefer to use a mail flow / delete rule rather than blocking.
deltashmelta@reddit
Let the alumni department know about it.
crowleys_bentley@reddit
Fwiw this is a scam that's been going on for several years.
dcgrey@reddit
When you say university, what part of the university? It would stick out as suspicious if this is coming solely under the name of the university; I'd expect to see something like "[University], Office of Career Development", and usually sent under an office leader's name.
labrador2020@reddit
Students of the university sometimes will send out these spam emails either by using their university account or a compromised account.
Google “university insert name here IT Security “ and you should get the contact information that can assist.
TuxAndrew@reddit
You’re making a lot of assumptions just play ignorant and ask them (university IT) if the email sent to you was legit or if the address has been compromised.
L0pkmnj@reddit
Contact your legal department. Request their assistance in drawing up a letter to the University with regards to the multiple emails. Make sure to include verbiage along the lines of "Any further emails like this will be considered harassment and thus be resolved through legal action." Send a registered copy to each member of the University's board of directors.
numtini@reddit
Can't you just mark it as junk and it will go in the junk box?
redyellowblue5031@reddit
In lieu of a legitimate way to unsubscribe, you could always just reach out to the university.
If they’re still unresponsive, then block I’d say.
kagato87@reddit
CASL for Canada.
CAN-SPAM Act for USA.
Doctorphate@reddit
I just respond with a link to the CASL legislation, specifically the section on fines. That usually ends it for most legitimate businesses. If they continue I block the entire domain.
Grouchy_Following_10@reddit
Create a spam rule in outlook or whatever you slide to read mail. It takes 30 seconds. Get on with your day
canadian_sysadmin@reddit
If it's legit and not spoofing or whatever, bring it to the attention of their marketing or whatever department. If it doesn't have an opt-out, it violates laws in most countries now.
If they're a university, they probably have an ombudsman or department to actually handle legit complaints.
Worse case, report to your company's authorities.
In my experience universities are kinda bad for spamming. I long-ago had to block my alma mater. Not hundreds a day mind you, but too much (like 2-3 a week).
Tychomi@reddit
If you use LinkedIn or similar and they know your compamy's email name structure they can just get it this way. Maybe you are overthinking this. Many compamy data is accessible at places like Rocket Reach without the company's knowledge/consent
Darwinmate@reddit
Universities know better but their marketting department don't. They've always frustrated me to no end.
Id try to find an email to their IT department and submit a complaint.