Organizational Mailings

When sending email on behalf of a Cornell University college, unit, or any organization affiliated with the university, to ensure that your mail will be delivered:

• Always send the message from a legitimate email address. 
  This could be an EGA (Exchange Group Account) with an address that will establish the message’s legitimacy. Never make up addresses like no-reply@cornell.edu.
• Don’t send large mailings from your personal Cornell email address.
  Large mailings are likely to result in replies, either directly from users or indirectly as a result of out-of-office messages and undeliverable mail. In a large mailing, this could easily overwhelm your mailbox.
• If you plan to use a third-party email services vendor to deliver your email, like Constant Contact, follow the guidance below. 
  This is true even if your third party only sends occasional mail. All third parties that mail on behalf of Cornell should follow these guidelines. If you even think that you might use a third party someday, it’s best to start following these guidelines now.

Third-Party Vendor Mailings and Why You Should Not "Spoof"

Many members of the Cornell community use third-party vendors like Constant Contact, MailChimp, or others to send email on their behalf, appearing to come from a Cornell address. Vendor products often include a feature allowing mail sent by them on your behalf to superficially look as if it were sent from Cornell. This is often called “spoofing.” You should be aware that spoofing is the same technique cyber-criminals typically use when they pretend to be someone at Cornell, in order to gain your trust. 

Letting a vendor spoof a Cornell email address is not a good idea.

Because our email system tracks and manages perceived spoofing to reduce the risk of phishing, account compromise, and other cybercrime, if you, or a vendor you work with, are using email spoofing, Cornell's Microsoft 365 or Google Workspace may refuse, discard, or deliver your mailing to the recipient's spam or junk folder.

For this and other reasons, sending email from the @cornell.edu domain is only supported when originating email in Cornell's Microsoft and Google email services.

Configure Your Third-Party Vendor Mailings Properly

In order to use third-party mailers and improve deliverability you have the following options:

• Use the vendor’s sending address. 
  Whoever the vendor is, they can always send messages legitimately from one of their own addresses. Although the message won’t look like it comes from Cornell, it will be likely to have a smooth delivery, and there are some cases where it’s the best option. Where this might not work well is if the third-party sender is a well-known spammer, which would likely cause spam filters at Cornell and other institutions to restrict mail flow.
   
• Create a Cornell subdomain address and send from that.
  Cornell subdomains, such as police.mail.cornell.edu, or police.cornell.edu, can be linked to the vendor who is sending the message. Once this is done, the vendor will be seen as a legitimate sender no matter where the message is sent in the world.