[Micronet] Odd "source" data for bMail- any pointers? And Berkeley Online Q as well

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] Odd "source" data for bMail- any pointers? And Berkeley Online Q as well

Nils Ohlson
Hello everyone,

I received a message which bMail marked as "suspicious" although it was not in my spam folder- it says it's from 

I did open it, and I see this warning:
Be careful with this message. It contains content that's typically used to steal personal information. Learn more
Report this suspicious message   Ignore, I trust this message
-- 
​so I said to myself, "be suspicous, be very suspicous" and tried to "view source" by right-clicking in the message body and selecting "view source". 

To my ​consternation, not only was it impossible to see the message header, but at the bottom of this source text there was the full content of the whole webpage, including the preview lines of the top 50 messages in my inbox. It doesn't matter where I click in the damn thing [1]. 

SO 
  Can I trust this message *apparently* from berkeley.edu?
​  How can I actually view headers for mail like this? 
  Is it just the "suspicious" flag which is causing the actual source to be rendered into un-interpretable HTML?

Any guidance would be appreciated!

​[1] sorry for intemperate language!​

​Thanks very much,
Nils​​

Nils Ohlson
Administrative Analyst
U.C. Berkeley College of Chemistry
Business Office
410 Latimer Hall #1460
Berkeley, CA 94720-1460

(510) 642-1325 phone
(510) 642-4313 fax

[hidden email]


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Odd "source" data for bMail- any pointers? And Berkeley Online Q as well

Vivian Sophia
On the right, click the down-arrow next to the reply arrow, and select show original.




Vivian Sophia
Business/Tech Support Analyst
University of California, Berkeley
Campus Shared Services 
310J Durant Hall
Berkeley, CA 94720
(510) 464-9000


On Thu, Mar 27, 2014 at 8:40 AM, Nils Ohlson <[hidden email]> wrote:
Hello everyone,

I received a message which bMail marked as "suspicious" although it was not in my spam folder- it says it's from 

I did open it, and I see this warning:
Be careful with this message. It contains content that's typically used to steal personal information. Learn more
Report this suspicious message   Ignore, I trust this message
-- 
so I said to myself, "be suspicous, be very suspicous" and tried to "view source" by right-clicking in the message body and selecting "view source". 

To my consternation, not only was it impossible to see the message header, but at the bottom of this source text there was the full content of the whole webpage, including the preview lines of the top 50 messages in my inbox. It doesn't matter where I click in the damn thing [1]. 

SO 
  Can I trust this message *apparently* from berkeley.edu?
 How can I actually view headers for mail like this? 
  Is it just the "suspicious" flag which is causing the actual source to be rendered into un-interpretable HTML?

Any guidance would be appreciated!

[1] sorry for intemperate language!

Thanks very much,
Nils

Nils Ohlson
Administrative Analyst
U.C. Berkeley College of Chemistry
Business Office
410 Latimer Hall #1460
Berkeley, CA 94720-1460

(510) 642-1325 phone
(510) 642-4313 fax

[hidden email]



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Odd "source" data for bMail- any pointers? And Berkeley Online Q as well

John McChesney-Young
On Thu, Mar 27, 2014 at 8:43 AM, Vivian Sophia
<[hidden email]> wrote:
>
> On the right, click the down-arrow next to the reply arrow, and select show original.

To elaborate a bit, by using "View source" in your browser you saw the
underlying code for the whole page, which included the 50 preview
lines...

::checks it out::

Wow, I had no idea AJAX [[1]] uses such un-human-readable code!

John

[[1]] See _inter alia_
http://www.w3schools.com/php/php_ajax_intro.asp,
http://www.noupe.com/ajax/how-ajax-works.html, &c.

***

> On Thu, Mar 27, 2014 at 8:40 AM, Nils Ohlson <[hidden email]> wrote in part:
...
>> I received a message which bMail marked as "suspicious" ... I said to myself, "be suspicous, be very suspicous" and tried to "view source" by right-clicking in the message body and selecting "view source".
>>
>> To my consternation, not only was it impossible to see the message header, but at the bottom of this source text there was the full content of the whole webpage, including the preview lines of the top 50 messages in my inbox. It doesn't matter where I click in the damn thing [1]. ...

--
John McChesney-Young, Administrative Assistant
History of Art Department, 416 Doe MC6020
U. C. Berkeley, Berkeley CA 94720-6020
[hidden email] // voice 1-510-642-5511 // fax 1-510-643-2185

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Odd "source" data for bMail- any pointers? And Berkeley Online Q as well

Nils Ohlson
Dear patient micronetters,

My underlying question, now that I see the source thanks to Vivian and John's explanation, is...
                        
                  Can I trust this content? 

The Return Path shows, if I am interpreting it correctly, that the message originates at convio.net, not berkeley.edu, regardless of what the Header From says. 

There are some interesting flags:
X-campaignid: Convio-poola-atcal-94582
X-Gateway: c3poola1
XData: 1010,4Et94Ke@t4yMK@K9Ky@i-Wwjq-e
X-ConvioDeliveryGroup: poola
​which might tend to make me believe this is expected and trusted by berkeley.edu but how do I know? What's more comforting is that so far as I could tell, all of the embedded links start with my.berkeley.edu and that's a good thing. 
Is there a way that Campus could avoid triggering this sort of alarm by more carefully crafting this sort of broadcast message? 
Thanks for your time,
Nils

​O​
n Thu, Mar 27, 2014 at 8:55 AM, John McChesney-Young <[hidden email]> wrote:
On Thu, Mar 27, 2014 at 8:43 AM, Vivian Sophia
<[hidden email]> wrote:
>
> On the right, click the down-arrow next to the reply arrow, and select show original.

To elaborate a bit, by using "View source" in your browser you saw the
underlying code for the whole page, which included the 50 preview
lines...

::checks it out::

Wow, I had no idea AJAX [[1]] uses such un-human-readable code!

John

[[1]] See _inter alia_
http://www.w3schools.com/php/php_ajax_intro.asp,
http://www.noupe.com/ajax/how-ajax-works.html, &c.

***

> On Thu, Mar 27, 2014 at 8:40 AM, Nils Ohlson <[hidden email]> wrote in part:
...
>> I received a message which bMail marked as "suspicious" ... I said to myself, "be suspicous, be very suspicous" and tried to "view source" by right-clicking in the message body and selecting "view source".
>>
>> To my consternation, not only was it impossible to see the message header, but at the bottom of this source text there was the full content of the whole webpage, including the preview lines of the top 50 messages in my inbox. It doesn't matter where I click in the damn thing [1]. ...

--
John McChesney-Young, Administrative Assistant
History of Art Department, 416 Doe MC6020
U. C. Berkeley, Berkeley CA 94720-6020
[hidden email] // voice 1-510-642-5511 // fax 1-510-643-2185



--
Nils Ohlson
Administrative Analyst
U.C. Berkeley College of Chemistry
Business Office
410 Latimer Hall #1460
Berkeley, CA 94720-1460

(510) 642-1325 phone
(510) 642-4313 fax

[hidden email]


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Odd "source" data for bMail- any pointers? And Berkeley Online Q as well

Ingrid Berg
Convio is a software the campus uses to send out bulk email campaigns, kinda like Constant Contact or Mailchimp. It puts a proprietary wrapper around your original html and changes all the links so they can be tracked. I know doesn't answer your question of safety, but with this information you can use your best judgement.

                                                        

     ingrid berg
     web/graphic designer
     uc berkeley school of public health
     417.g university hall no.7360
     berkeley ca 94720
 510.642.9185



On Thu, Mar 27, 2014 at 9:10 AM, Nils Ohlson <[hidden email]> wrote:
Dear patient micronetters,

My underlying question, now that I see the source thanks to Vivian and John's explanation, is...
                        
                  Can I trust this content? 

The Return Path shows, if I am interpreting it correctly, that the message originates at convio.net, not berkeley.edu, regardless of what the Header From says. 

There are some interesting flags:
X-campaignid: Convio-poola-atcal-94582
X-Gateway: c3poola1
XData: 1010,4Et94Ke@t4yMK@K9Ky@i-Wwjq-e
X-ConvioDeliveryGroup: poola
which might tend to make me believe this is expected and trusted by berkeley.edu but how do I know? What's more comforting is that so far as I could tell, all of the embedded links start with my.berkeley.edu and that's a good thing. 
Is there a way that Campus could avoid triggering this sort of alarm by more carefully crafting this sort of broadcast message? 
Thanks for your time,
Nils

O
n Thu, Mar 27, 2014 at 8:55 AM, John McChesney-Young <[hidden email]> wrote:
On Thu, Mar 27, 2014 at 8:43 AM, Vivian Sophia
<[hidden email]> wrote:
>
> On the right, click the down-arrow next to the reply arrow, and select show original.

To elaborate a bit, by using "View source" in your browser you saw the
underlying code for the whole page, which included the 50 preview
lines...

::checks it out::

Wow, I had no idea AJAX [[1]] uses such un-human-readable code!

John

[[1]] See _inter alia_
http://www.w3schools.com/php/php_ajax_intro.asp,
http://www.noupe.com/ajax/how-ajax-works.html, &c.

***

> On Thu, Mar 27, 2014 at 8:40 AM, Nils Ohlson <[hidden email]> wrote in part:
...
>> I received a message which bMail marked as "suspicious" ... I said to myself, "be suspicous, be very suspicous" and tried to "view source" by right-clicking in the message body and selecting "view source".
>>
>> To my consternation, not only was it impossible to see the message header, but at the bottom of this source text there was the full content of the whole webpage, including the preview lines of the top 50 messages in my inbox. It doesn't matter where I click in the damn thing [1]. ...

--
John McChesney-Young, Administrative Assistant
History of Art Department, 416 Doe MC6020
U. C. Berkeley, Berkeley CA 94720-6020
[hidden email] // voice 1-510-642-5511 // fax 1-510-643-2185



--
Nils Ohlson
Administrative Analyst
U.C. Berkeley College of Chemistry
Business Office
410 Latimer Hall #1460
Berkeley, CA 94720-1460

(510) 642-1325 phone
(510) 642-4313 fax

[hidden email]



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Odd "source" data for bMail- any pointers? And Berkeley Online Q as well

Igor Savine
Actually, Convio is the name of marketing company (based in Texas). Convio was acquired by another (public for-profit) company called Blackbaud in 2012. Apparently, UC is paying for their services. We have been receiving "Berkeley Online" newsletters for two years delivered by convio.net. None were considered suspicious. It is a common marketing practice to capture so called email click-through rates. I guess something has changed either in Convio's embedded (JavaScript) code or in Google's "click-through fraud" detection algorithm.

--
Igor Savine
Information Systems Analyst
University of California Berkeley
993 Evans Hall
Berkeley, CA 94720
(510) 643-8747
[hidden email]


On Thu, Mar 27, 2014 at 11:54 AM, Ingrid BERG <[hidden email]> wrote:
Convio is a software the campus uses to send out bulk email campaigns, kinda like Constant Contact or Mailchimp. It puts a proprietary wrapper around your original html and changes all the links so they can be tracked. I know doesn't answer your question of safety, but with this information you can use your best judgement.

                                                        

     ingrid berg
     web/graphic designer
     uc berkeley school of public health
     417.g university hall no.7360
     berkeley ca 94720
 510.642.9185



On Thu, Mar 27, 2014 at 9:10 AM, Nils Ohlson <[hidden email]> wrote:
Dear patient micronetters,

My underlying question, now that I see the source thanks to Vivian and John's explanation, is...
                        
                  Can I trust this content? 

The Return Path shows, if I am interpreting it correctly, that the message originates at convio.net, not berkeley.edu, regardless of what the Header From says. 

There are some interesting flags:
X-campaignid: Convio-poola-atcal-94582
X-Gateway: c3poola1
XData: 1010,4Et94Ke@t4yMK@K9Ky@i-Wwjq-e
X-ConvioDeliveryGroup: poola
which might tend to make me believe this is expected and trusted by berkeley.edu but how do I know? What's more comforting is that so far as I could tell, all of the embedded links start with my.berkeley.edu and that's a good thing. 
Is there a way that Campus could avoid triggering this sort of alarm by more carefully crafting this sort of broadcast message? 
Thanks for your time,
Nils

O
n Thu, Mar 27, 2014 at 8:55 AM, John McChesney-Young <[hidden email]> wrote:
On Thu, Mar 27, 2014 at 8:43 AM, Vivian Sophia
<[hidden email]> wrote:
>
> On the right, click the down-arrow next to the reply arrow, and select show original.

To elaborate a bit, by using "View source" in your browser you saw the
underlying code for the whole page, which included the 50 preview
lines...

::checks it out::

Wow, I had no idea AJAX [[1]] uses such un-human-readable code!

John

[[1]] See _inter alia_
http://www.w3schools.com/php/php_ajax_intro.asp,
http://www.noupe.com/ajax/how-ajax-works.html, &c.

***

> On Thu, Mar 27, 2014 at 8:40 AM, Nils Ohlson <[hidden email]> wrote in part:
...
>> I received a message which bMail marked as "suspicious" ... I said to myself, "be suspicous, be very suspicous" and tried to "view source" by right-clicking in the message body and selecting "view source".
>>
>> To my consternation, not only was it impossible to see the message header, but at the bottom of this source text there was the full content of the whole webpage, including the preview lines of the top 50 messages in my inbox. It doesn't matter where I click in the damn thing [1]. ...

--
John McChesney-Young, Administrative Assistant
History of Art Department, 416 Doe MC6020
U. C. Berkeley, Berkeley CA 94720-6020
[hidden email] // voice 1-510-642-5511 // fax 1-510-643-2185



--
Nils Ohlson
Administrative Analyst
U.C. Berkeley College of Chemistry
Business Office
410 Latimer Hall #1460
Berkeley, CA 94720-1460

(510) 642-1325 phone
(510) 642-4313 fax

[hidden email]



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.




-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Odd "source" data for bMail- any pointers? And Berkeley Online Q as well

Lisa Ho
The question raised by this thread:  "How can I tell if this a legitimate message?" is exactly the issue I am now trying to tackle with an anti-phishing workgroup.

Our goal is to define requirements for legitimate campus electronic communications that would allow any message recipient to easily answer that question for any UC Berkeley generated message.

We are currently in the early stages of looking at all options and reviewing existing industry work on this problem. Drafts of any proposed requirements will certainly go out to Micronet and elsewhere for review.

If you are particularly interested in this topic and would like to contribute more directly, or have expertise and opinions to share, please let me know -- either privately or via open discussion on this list.

Thanks,
Lisa

-- 

Lisa Ho
IT Policy Manager
Information Security and Policy
University of California, Berkeley
510.642.2422


On Thu, Mar 27, 2014 at 1:00 PM, Igor Savine <[hidden email]> wrote:
Actually, Convio is the name of marketing company (based in Texas). Convio was acquired by another (public for-profit) company called Blackbaud in 2012. Apparently, UC is paying for their services. We have been receiving "Berkeley Online" newsletters for two years delivered by convio.net. None were considered suspicious. It is a common marketing practice to capture so called email click-through rates. I guess something has changed either in Convio's embedded (JavaScript) code or in Google's "click-through fraud" detection algorithm.

--
Igor Savine
Information Systems Analyst
University of California Berkeley
993 Evans Hall
Berkeley, CA 94720
(510) 643-8747
[hidden email]


On Thu, Mar 27, 2014 at 11:54 AM, Ingrid BERG <[hidden email]> wrote:
Convio is a software the campus uses to send out bulk email campaigns, kinda like Constant Contact or Mailchimp. It puts a proprietary wrapper around your original html and changes all the links so they can be tracked. I know doesn't answer your question of safety, but with this information you can use your best judgement.

                                                        

     ingrid berg
     web/graphic designer
     uc berkeley school of public health
     417.g university hall no.7360
     berkeley ca 94720
 510.642.9185



On Thu, Mar 27, 2014 at 9:10 AM, Nils Ohlson <[hidden email]> wrote:
Dear patient micronetters,

My underlying question, now that I see the source thanks to Vivian and John's explanation, is...
                        
                  Can I trust this content? 

The Return Path shows, if I am interpreting it correctly, that the message originates at convio.net, not berkeley.edu, regardless of what the Header From says. 

There are some interesting flags:
X-campaignid: Convio-poola-atcal-94582
X-Gateway: c3poola1
XData: 1010,4Et94Ke@t4yMK@K9Ky@i-Wwjq-e
X-ConvioDeliveryGroup: poola
which might tend to make me believe this is expected and trusted by berkeley.edu but how do I know? What's more comforting is that so far as I could tell, all of the embedded links start with my.berkeley.edu and that's a good thing. 
Is there a way that Campus could avoid triggering this sort of alarm by more carefully crafting this sort of broadcast message? 
Thanks for your time,
Nils

O
n Thu, Mar 27, 2014 at 8:55 AM, John McChesney-Young <[hidden email]> wrote:
On Thu, Mar 27, 2014 at 8:43 AM, Vivian Sophia
<[hidden email]> wrote:
>
> On the right, click the down-arrow next to the reply arrow, and select show original.

To elaborate a bit, by using "View source" in your browser you saw the
underlying code for the whole page, which included the 50 preview
lines...

::checks it out::

Wow, I had no idea AJAX [[1]] uses such un-human-readable code!

John

[[1]] See _inter alia_
http://www.w3schools.com/php/php_ajax_intro.asp,
http://www.noupe.com/ajax/how-ajax-works.html, &c.

***

> On Thu, Mar 27, 2014 at 8:40 AM, Nils Ohlson <[hidden email]> wrote in part:
...
>> I received a message which bMail marked as "suspicious" ... I said to myself, "be suspicous, be very suspicous" and tried to "view source" by right-clicking in the message body and selecting "view source".
>>
>> To my consternation, not only was it impossible to see the message header, but at the bottom of this source text there was the full content of the whole webpage, including the preview lines of the top 50 messages in my inbox. It doesn't matter where I click in the damn thing [1]. ...

--
John McChesney-Young, Administrative Assistant
History of Art Department, 416 Doe MC6020
U. C. Berkeley, Berkeley CA 94720-6020
[hidden email] // voice 1-510-642-5511 // fax 1-510-643-2185



--
Nils Ohlson
Administrative Analyst
U.C. Berkeley College of Chemistry
Business Office
410 Latimer Hall #1460
Berkeley, CA 94720-1460

(510) 642-1325 phone
(510) 642-4313 fax

[hidden email]



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.




-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.




-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.




--

Lisa Ho
IT Policy Manager
Information Security and Policy
University of California, Berkeley
510.642.2422

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Odd "source" data for bMail- any pointers? And Berkeley Online Q as well

Bernie Rossi
Convio is the vendor that the Berkeley Online uses to send out the
newsletter.  I believe this is the first time they have been marked as
spam by Google.  While we do not have much control over what Google
feels is spam, we will be making some configuration changes to help
avoid Berkeley Online being flagged as spam.

As an aside, the bConnected team will be working with Public Affairs and
campus stakeholders to develop a limited set of approved bulk
mail/marketing email services.  Bill Allison has been invited to attend
the regular meeting of campus marketing users hosted by Public Affairs
next week where he will lay out the challenges around mass marketing
mail campaigns and solicit feedback and volunteers to work with
bConnected to develop a campus list of recommended email marketing services.

If you would like to participate in developing a set of standard,
"trusted" providers, please send email to Mindy McDaniels,
[hidden email].

Thanks,

Bernie

On 3/27/14 1:25 PM, Lisa Ho wrote:

> The question raised by this thread:  "How can I tell if this a
> legitimate message?" is exactly the issue I am now trying to tackle with
> an anti-phishing workgroup.
>
> Our goal is to define requirements for legitimate campus electronic
> communications that would allow any message recipient to easily answer
> that question for any UC Berkeley generated message.
>
> We are currently in the early stages of looking at all options and
> reviewing existing industry work on this problem. Drafts of any proposed
> requirements will certainly go out to Micronet and elsewhere for review.
>
> If you are particularly interested in this topic and would like to
> contribute more directly, or have expertise and opinions to share,
> please let me know -- either privately or via open discussion on this list.
>
> Thanks,
> Lisa
>
> --
>
> Lisa Ho
> IT Policy Manager
> Information Security and Policy
> University of California, Berkeley
> 510.642.2422
> [hidden email] <mailto:[hidden email]>
>
>
> On Thu, Mar 27, 2014 at 1:00 PM, Igor Savine <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     Actually, Convio is the name of marketing company (based in Texas).
>     Convio was acquired by another (public for-profit) company called
>     Blackbaud in 2012. Apparently, UC is paying for their services. We
>     have been receiving "Berkeley Online" newsletters for two years
>     delivered by convio.net <http://convio.net>. None were considered
>     suspicious. It is a common marketing practice to capture so called
>     email click-through rates. I guess something has changed either in
>     Convio's embedded (JavaScript) code or in Google's "click-through
>     fraud" detection algorithm.
>
>     --
>     Igor Savine
>     Information Systems Analyst
>     University of California Berkeley
>     993 Evans Hall
>     Berkeley, CA 94720
>     (510) 643-8747
>     [hidden email] <mailto:[hidden email]>
>     <http://en.wikipedia.org/wiki/Austin,_Texas>
>
>
>     On Thu, Mar 27, 2014 at 11:54 AM, Ingrid BERG <[hidden email]
>     <mailto:[hidden email]>> wrote:
>
>         Convio is a software the campus uses to send out bulk email
>         campaigns, kinda like Constant Contact or Mailchimp. It puts a
>         proprietary wrapper around your original html and changes all
>         the links so they can be tracked. I know doesn't answer your
>         question of safety, but with this information you can use your
>         best judgement.
>
>         __
>         _
>         _
>               ingrid berg
>               web/graphic designer
>               uc berkeley school of public health
>               417.g university hall no.7360
>               berkeley ca 94720
>         [hidden email] <mailto:[hidden email]>
>           510.642.9185
>
>         school of public health <http://sph.berkeley.edu/>
>         like us on facebook <https://www.facebook.com/berkeleyhealth>
>         follow us on twitter <https://twitter.com/UCBerkeleySPH>
>         see us on instagram <http://instagram.com/berkeleyhealth>
>
>
>         On Thu, Mar 27, 2014 at 9:10 AM, Nils Ohlson
>         <[hidden email] <mailto:[hidden email]>> wrote:
>
>             Dear patient micronetters,
>
>             My underlying question, now that I see the source thanks to
>             Vivian and John's explanation, is...
>                                Can I trust this content?
>
>             The Return Path shows, if I am interpreting it correctly,
>             that the message originates at convio.net
>             <http://convio.net>, not berkeley.edu <http://berkeley.edu>,
>             regardless of what the Header From says.
>
>             There are some interesting flags:
>
>             X-campaignid: Convio-poola-atcal-94582
>             X-Gateway: c3poola1
>             XData: 1010,4Et94Ke@t4yMK@K9Ky@i-Wwjq-e
>             X-ConvioDeliveryGroup: poola
>
>             which might tend to make me believe this is expected and trusted byberkeley.edu  <http://berkeley.edu>  but how do I know? What's more comforting is that so far as I could tell, all of the embedded links start withmy.berkeley.edu  <http://my.berkeley.edu>  and that's a good thing.
>
>             Is there a way that Campus could avoid triggering this sort of alarm by more carefully crafting this sort of broadcast message?
>
>             Thanks for your time,
>
>             Nils
>
>
>             O
>             n Thu, Mar 27, 2014 at 8:55 AM, John McChesney-Young
>             <[hidden email] <mailto:[hidden email]>> wrote:
>
>                 On Thu, Mar 27, 2014 at 8:43 AM, Vivian Sophia
>                 <[hidden email]
>                 <mailto:[hidden email]>> wrote:
>                  >
>                  > On the right, click the down-arrow next to the reply
>                 arrow, and select show original.
>
>                 To elaborate a bit, by using "View source" in your
>                 browser you saw the
>                 underlying code for the whole page, which included the
>                 50 preview
>                 lines...
>
>                 ::checks it out::
>
>                 Wow, I had no idea AJAX [[1]] uses such
>                 un-human-readable code!
>
>                 John
>
>                 [[1]] See _inter alia_
>                 http://www.w3schools.com/php/php_ajax_intro.asp,
>                 http://www.noupe.com/ajax/how-ajax-works.html, &c.
>
>                 ***
>
>                  > On Thu, Mar 27, 2014 at 8:40 AM, Nils Ohlson
>                 <[hidden email] <mailto:[hidden email]>>
>                 wrote in part:
>                 ...
>                  >> I received a message which bMail marked as
>                 "suspicious" ... I said to myself, "be suspicous, be
>                 very suspicous" and tried to "view source" by
>                 right-clicking in the message body and selecting "view
>                 source".
>                  >>
>                  >> To my consternation, not only was it impossible to
>                 see the message header, but at the bottom of this source
>                 text there was the full content of the whole webpage,
>                 including the preview lines of the top 50 messages in my
>                 inbox. It doesn't matter where I click in the damn thing
>                 [1]. ...
>
>                 --
>                 John McChesney-Young, Administrative Assistant
>                 History of Art Department, 416 Doe MC6020
>                 U. C. Berkeley, Berkeley CA 94720-6020
>                 [hidden email] <mailto:[hidden email]>
>                 // voice 1-510-642-5511 // fax 1-510-643-2185
>
>
>
>
>             --
>             Nils Ohlson
>             Administrative Analyst
>             U.C. Berkeley College of Chemistry
>             Business Office
>             410 Latimer Hall #1460
>             Berkeley, CA 94720-1460
>
>             (510) 642-1325 phone
>             (510) 642-4313 fax
>
>             [hidden email] <mailto:[hidden email]>
>
>
>
>             -------------------------------------------------------------------------
>             The following was automatically added to this message by the
>             list server:
>
>             To learn more about Micronet, including how to subscribe to
>             or unsubscribe from its mailing list and how to find out
>             about upcoming meetings, please visit the Micronet Web site:
>
>             http://micronet.berkeley.edu
>
>             Messages you send to this mailing list are public and
>             world-viewable, and the list's archives can be browsed and
>             searched on the Internet.  This means these messages can be
>             viewed by (among others) your bosses, prospective employers,
>             and people who have known you in the past.
>
>
>
>
>         -------------------------------------------------------------------------
>         The following was automatically added to this message by the
>         list server:
>
>         To learn more about Micronet, including how to subscribe to or
>         unsubscribe from its mailing list and how to find out about
>         upcoming meetings, please visit the Micronet Web site:
>
>         http://micronet.berkeley.edu
>
>         Messages you send to this mailing list are public and
>         world-viewable, and the list's archives can be browsed and
>         searched on the Internet.  This means these messages can be
>         viewed by (among others) your bosses, prospective employers, and
>         people who have known you in the past.
>
>
>
>
>     -------------------------------------------------------------------------
>     The following was automatically added to this message by the list
>     server:
>
>     To learn more about Micronet, including how to subscribe to or
>     unsubscribe from its mailing list and how to find out about upcoming
>     meetings, please visit the Micronet Web site:
>
>     http://micronet.berkeley.edu
>
>     Messages you send to this mailing list are public and
>     world-viewable, and the list's archives can be browsed and searched
>     on the Internet.  This means these messages can be viewed by (among
>     others) your bosses, prospective employers, and people who have
>     known you in the past.
>
>
>
>
> --
>
> Lisa Ho
> IT Policy Manager
> Information Security and Policy
> University of California, Berkeley
> 510.642.2422
> [hidden email] <mailto:[hidden email]>
>
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Odd "source" data for bMail- any pointers? And Berkeley Online Q as well

Nils Ohlson
Bernie,

Just to make one point a little clearer, this message was not marked as *SPAM* as such; the spam rating was only 18%. It was marked as suspicious. I don't want anyone involved in configuration-tweaking barking up the wrong tree when trying to iron this out.

Thanks for all your work on this,
nils


On Thu, Mar 27, 2014 at 2:31 PM, Bernie Rossi <[hidden email]> wrote:
Convio is the vendor that the Berkeley Online uses to send out the
newsletter.  I believe this is the first time they have been marked as
spam by Google.  While we do not have much control over what Google
feels is spam, we will be making some configuration changes to help
avoid Berkeley Online being flagged as spam.

As an aside, the bConnected team will be working with Public Affairs and
campus stakeholders to develop a limited set of approved bulk
mail/marketing email services.  Bill Allison has been invited to attend
the regular meeting of campus marketing users hosted by Public Affairs
next week where he will lay out the challenges around mass marketing
mail campaigns and solicit feedback and volunteers to work with
bConnected to develop a campus list of recommended email marketing services.

If you would like to participate in developing a set of standard,
"trusted" providers, please send email to Mindy McDaniels,
[hidden email].

Thanks,

Bernie

On 3/27/14 1:25 PM, Lisa Ho wrote:
> The question raised by this thread:  "How can I tell if this a
> legitimate message?" is exactly the issue I am now trying to tackle with
> an anti-phishing workgroup.
>
> Our goal is to define requirements for legitimate campus electronic
> communications that would allow any message recipient to easily answer
> that question for any UC Berkeley generated message.
>
> We are currently in the early stages of looking at all options and
> reviewing existing industry work on this problem. Drafts of any proposed
> requirements will certainly go out to Micronet and elsewhere for review.
>
> If you are particularly interested in this topic and would like to
> contribute more directly, or have expertise and opinions to share,
> please let me know -- either privately or via open discussion on this list.
>
> Thanks,
> Lisa
>
> --
>
> Lisa Ho
> IT Policy Manager
> Information Security and Policy
> University of California, Berkeley
> 510.642.2422
> [hidden email] <mailto:[hidden email]>
>
>
> On Thu, Mar 27, 2014 at 1:00 PM, Igor Savine <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     Actually, Convio is the name of marketing company (based in Texas).
>     Convio was acquired by another (public for-profit) company called
>     Blackbaud in 2012. Apparently, UC is paying for their services. We
>     have been receiving "Berkeley Online" newsletters for two years
>     delivered by convio.net <http://convio.net>. None were considered
>     suspicious. It is a common marketing practice to capture so called
>     email click-through rates. I guess something has changed either in
>     Convio's embedded (JavaScript) code or in Google's "click-through
>     fraud" detection algorithm.
>
>     --
>     Igor Savine
>     Information Systems Analyst
>     University of California Berkeley
>     993 Evans Hall
>     Berkeley, CA 94720
>     (510) 643-8747
>     [hidden email] <mailto:[hidden email]>
>     <http://en.wikipedia.org/wiki/Austin,_Texas>
>
>
>     On Thu, Mar 27, 2014 at 11:54 AM, Ingrid BERG <[hidden email]
>     <mailto:[hidden email]>> wrote:
>
>         Convio is a software the campus uses to send out bulk email
>         campaigns, kinda like Constant Contact or Mailchimp. It puts a
>         proprietary wrapper around your original html and changes all
>         the links so they can be tracked. I know doesn't answer your
>         question of safety, but with this information you can use your
>         best judgement.
>
>         __
>         _
>         _
>               ingrid berg
>               web/graphic designer
>               uc berkeley school of public health
>               417.g university hall no.7360
>               berkeley ca 94720
>         [hidden email] <mailto:[hidden email]>
>           510.642.9185
>
>         school of public health <http://sph.berkeley.edu/>
>         like us on facebook <https://www.facebook.com/berkeleyhealth>
>         follow us on twitter <https://twitter.com/UCBerkeleySPH>
>         see us on instagram <http://instagram.com/berkeleyhealth>
>
>
>         On Thu, Mar 27, 2014 at 9:10 AM, Nils Ohlson
>         <[hidden email] <mailto:[hidden email]>> wrote:
>
>             Dear patient micronetters,
>
>             My underlying question, now that I see the source thanks to
>             Vivian and John's explanation, is...
>                                Can I trust this content?
>
>             The Return Path shows, if I am interpreting it correctly,
>             that the message originates at convio.net
>             <http://convio.net>, not berkeley.edu <http://berkeley.edu>,
>             regardless of what the Header From says.
>
>             There are some interesting flags:
>
>             X-campaignid: Convio-poola-atcal-94582
>             X-Gateway: c3poola1
>             XData: 1010,4Et94Ke@t4yMK@K9Ky@i-Wwjq-e
>             X-ConvioDeliveryGroup: poola
>
>             which might tend to make me believe this is expected and trusted byberkeley.edu  <http://berkeley.edu>  but how do I know? What's more comforting is that so far as I could tell, all of the embedded links start withmy.berkeley.edu  <http://my.berkeley.edu>  and that's a good thing.
>
>             Is there a way that Campus could avoid triggering this sort of alarm by more carefully crafting this sort of broadcast message?
>
>             Thanks for your time,
>
>             Nils
>
>
>             O
>             n Thu, Mar 27, 2014 at 8:55 AM, John McChesney-Young
>             <[hidden email] <mailto:[hidden email]>> wrote:
>
>                 On Thu, Mar 27, 2014 at 8:43 AM, Vivian Sophia
>                 <[hidden email]
>                 <mailto:[hidden email]>> wrote:
>                  >
>                  > On the right, click the down-arrow next to the reply
>                 arrow, and select show original.
>
>                 To elaborate a bit, by using "View source" in your
>                 browser you saw the
>                 underlying code for the whole page, which included the
>                 50 preview
>                 lines...
>
>                 ::checks it out::
>
>                 Wow, I had no idea AJAX [[1]] uses such
>                 un-human-readable code!
>
>                 John
>
>                 [[1]] See _inter alia_
>                 http://www.w3schools.com/php/php_ajax_intro.asp,
>                 http://www.noupe.com/ajax/how-ajax-works.html, &c.
>
>                 ***
>
>                  > On Thu, Mar 27, 2014 at 8:40 AM, Nils Ohlson
>                 <[hidden email] <mailto:[hidden email]>>
>                 wrote in part:
>                 ...
>                  >> I received a message which bMail marked as
>                 "suspicious" ... I said to myself, "be suspicous, be
>                 very suspicous" and tried to "view source" by
>                 right-clicking in the message body and selecting "view
>                 source".
>                  >>
>                  >> To my consternation, not only was it impossible to
>                 see the message header, but at the bottom of this source
>                 text there was the full content of the whole webpage,
>                 including the preview lines of the top 50 messages in my
>                 inbox. It doesn't matter where I click in the damn thing
>                 [1]. ...
>
>                 --
>                 John McChesney-Young, Administrative Assistant
>                 History of Art Department, 416 Doe MC6020
>                 U. C. Berkeley, Berkeley CA 94720-6020
>                 [hidden email] <mailto:[hidden email]>
>                 // voice 1-510-642-5511 // fax 1-510-643-2185
>
>
>
>
>             --
>             Nils Ohlson
>             Administrative Analyst
>             U.C. Berkeley College of Chemistry
>             Business Office
>             410 Latimer Hall #1460
>             Berkeley, CA 94720-1460
>
>             (510) 642-1325 phone
>             (510) 642-4313 fax
>
>             [hidden email] <mailto:[hidden email]>
>
>
>
>             -------------------------------------------------------------------------
>             The following was automatically added to this message by the
>             list server:
>
>             To learn more about Micronet, including how to subscribe to
>             or unsubscribe from its mailing list and how to find out
>             about upcoming meetings, please visit the Micronet Web site:
>
>             http://micronet.berkeley.edu
>
>             Messages you send to this mailing list are public and
>             world-viewable, and the list's archives can be browsed and
>             searched on the Internet.  This means these messages can be
>             viewed by (among others) your bosses, prospective employers,
>             and people who have known you in the past.
>
>
>
>
>         -------------------------------------------------------------------------
>         The following was automatically added to this message by the
>         list server:
>
>         To learn more about Micronet, including how to subscribe to or
>         unsubscribe from its mailing list and how to find out about
>         upcoming meetings, please visit the Micronet Web site:
>
>         http://micronet.berkeley.edu
>
>         Messages you send to this mailing list are public and
>         world-viewable, and the list's archives can be browsed and
>         searched on the Internet.  This means these messages can be
>         viewed by (among others) your bosses, prospective employers, and
>         people who have known you in the past.
>
>
>
>
>     -------------------------------------------------------------------------
>     The following was automatically added to this message by the list
>     server:
>
>     To learn more about Micronet, including how to subscribe to or
>     unsubscribe from its mailing list and how to find out about upcoming
>     meetings, please visit the Micronet Web site:
>
>     http://micronet.berkeley.edu
>
>     Messages you send to this mailing list are public and
>     world-viewable, and the list's archives can be browsed and searched
>     on the Internet.  This means these messages can be viewed by (among
>     others) your bosses, prospective employers, and people who have
>     known you in the past.
>
>
>
>
> --
>
> Lisa Ho
> IT Policy Manager
> Information Security and Policy
> University of California, Berkeley
> 510.642.2422
> [hidden email] <mailto:[hidden email]>
>
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



--
Nils Ohlson
Administrative Analyst
U.C. Berkeley College of Chemistry
Business Office
410 Latimer Hall #1460
Berkeley, CA 94720-1460

(510) 642-1325 phone
(510) 642-4313 fax

[hidden email]


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Odd "source" data for bMail- any pointers? And Berkeley Online Q as well

Orlando Antonio Sánchez
We have users who have experienced this same issue. We are concerned that our members will experience the same and will not open the Gala invitation. Can this be fixed?

Orlando


On Mon, Mar 31, 2014 at 8:24 AM, Nils Ohlson <[hidden email]> wrote:
Bernie,

Just to make one point a little clearer, this message was not marked as *SPAM* as such; the spam rating was only 18%. It was marked as suspicious. I don't want anyone involved in configuration-tweaking barking up the wrong tree when trying to iron this out.

Thanks for all your work on this,
nils


On Thu, Mar 27, 2014 at 2:31 PM, Bernie Rossi <[hidden email]> wrote:
Convio is the vendor that the Berkeley Online uses to send out the
newsletter.  I believe this is the first time they have been marked as
spam by Google.  While we do not have much control over what Google
feels is spam, we will be making some configuration changes to help
avoid Berkeley Online being flagged as spam.

As an aside, the bConnected team will be working with Public Affairs and
campus stakeholders to develop a limited set of approved bulk
mail/marketing email services.  Bill Allison has been invited to attend
the regular meeting of campus marketing users hosted by Public Affairs
next week where he will lay out the challenges around mass marketing
mail campaigns and solicit feedback and volunteers to work with
bConnected to develop a campus list of recommended email marketing services.

If you would like to participate in developing a set of standard,
"trusted" providers, please send email to Mindy McDaniels,
[hidden email].

Thanks,

Bernie

On 3/27/14 1:25 PM, Lisa Ho wrote:
> The question raised by this thread:  "How can I tell if this a
> legitimate message?" is exactly the issue I am now trying to tackle with
> an anti-phishing workgroup.
>
> Our goal is to define requirements for legitimate campus electronic
> communications that would allow any message recipient to easily answer
> that question for any UC Berkeley generated message.
>
> We are currently in the early stages of looking at all options and
> reviewing existing industry work on this problem. Drafts of any proposed
> requirements will certainly go out to Micronet and elsewhere for review.
>
> If you are particularly interested in this topic and would like to
> contribute more directly, or have expertise and opinions to share,
> please let me know -- either privately or via open discussion on this list.
>
> Thanks,
> Lisa
>
> --
>
> Lisa Ho
> IT Policy Manager
> Information Security and Policy
> University of California, Berkeley
> 510.642.2422
> [hidden email] <mailto:[hidden email]>
>
>
> On Thu, Mar 27, 2014 at 1:00 PM, Igor Savine <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     Actually, Convio is the name of marketing company (based in Texas).
>     Convio was acquired by another (public for-profit) company called
>     Blackbaud in 2012. Apparently, UC is paying for their services. We
>     have been receiving "Berkeley Online" newsletters for two years
>     delivered by convio.net <http://convio.net>. None were considered
>     suspicious. It is a common marketing practice to capture so called
>     email click-through rates. I guess something has changed either in
>     Convio's embedded (JavaScript) code or in Google's "click-through
>     fraud" detection algorithm.
>
>     --
>     Igor Savine
>     Information Systems Analyst
>     University of California Berkeley
>     993 Evans Hall
>     Berkeley, CA 94720
>     (510) 643-8747
>     [hidden email] <mailto:[hidden email]>
>     <http://en.wikipedia.org/wiki/Austin,_Texas>
>
>
>     On Thu, Mar 27, 2014 at 11:54 AM, Ingrid BERG <[hidden email]
>     <mailto:[hidden email]>> wrote:
>
>         Convio is a software the campus uses to send out bulk email
>         campaigns, kinda like Constant Contact or Mailchimp. It puts a
>         proprietary wrapper around your original html and changes all
>         the links so they can be tracked. I know doesn't answer your
>         question of safety, but with this information you can use your
>         best judgement.
>
>         __
>         _
>         _
>               ingrid berg
>               web/graphic designer
>               uc berkeley school of public health
>               417.g university hall no.7360
>               berkeley ca 94720
>         [hidden email] <mailto:[hidden email]>
>           510.642.9185
>
>         school of public health <http://sph.berkeley.edu/>
>         like us on facebook <https://www.facebook.com/berkeleyhealth>
>         follow us on twitter <https://twitter.com/UCBerkeleySPH>
>         see us on instagram <http://instagram.com/berkeleyhealth>
>
>
>         On Thu, Mar 27, 2014 at 9:10 AM, Nils Ohlson
>         <[hidden email] <mailto:[hidden email]>> wrote:
>
>             Dear patient micronetters,
>
>             My underlying question, now that I see the source thanks to
>             Vivian and John's explanation, is...
>                                Can I trust this content?
>
>             The Return Path shows, if I am interpreting it correctly,
>             that the message originates at convio.net
>             <http://convio.net>, not berkeley.edu <http://berkeley.edu>,
>             regardless of what the Header From says.
>
>             There are some interesting flags:
>
>             X-campaignid: Convio-poola-atcal-94582
>             X-Gateway: c3poola1
>             XData: 1010,4Et94Ke@t4yMK@K9Ky@i-Wwjq-e
>             X-ConvioDeliveryGroup: poola
>
>             which might tend to make me believe this is expected and trusted byberkeley.edu  <http://berkeley.edu>  but how do I know? What's more comforting is that so far as I could tell, all of the embedded links start withmy.berkeley.edu  <http://my.berkeley.edu>  and that's a good thing.
>
>             Is there a way that Campus could avoid triggering this sort of alarm by more carefully crafting this sort of broadcast message?
>
>             Thanks for your time,
>
>             Nils
>
>
>             O
>             n Thu, Mar 27, 2014 at 8:55 AM, John McChesney-Young
>             <[hidden email] <mailto:[hidden email]>> wrote:
>
>                 On Thu, Mar 27, 2014 at 8:43 AM, Vivian Sophia
>                 <[hidden email]
>                 <mailto:[hidden email]>> wrote:
>                  >
>                  > On the right, click the down-arrow next to the reply
>                 arrow, and select show original.
>
>                 To elaborate a bit, by using "View source" in your
>                 browser you saw the
>                 underlying code for the whole page, which included the
>                 50 preview
>                 lines...
>
>                 ::checks it out::
>
>                 Wow, I had no idea AJAX [[1]] uses such
>                 un-human-readable code!
>
>                 John
>
>                 [[1]] See _inter alia_
>                 http://www.w3schools.com/php/php_ajax_intro.asp,
>                 http://www.noupe.com/ajax/how-ajax-works.html, &c.
>
>                 ***
>
>                  > On Thu, Mar 27, 2014 at 8:40 AM, Nils Ohlson
>                 <[hidden email] <mailto:[hidden email]>>
>                 wrote in part:
>                 ...
>                  >> I received a message which bMail marked as
>                 "suspicious" ... I said to myself, "be suspicous, be
>                 very suspicous" and tried to "view source" by
>                 right-clicking in the message body and selecting "view
>                 source".
>                  >>
>                  >> To my consternation, not only was it impossible to
>                 see the message header, but at the bottom of this source
>                 text there was the full content of the whole webpage,
>                 including the preview lines of the top 50 messages in my
>                 inbox. It doesn't matter where I click in the damn thing
>                 [1]. ...
>
>                 --
>                 John McChesney-Young, Administrative Assistant
>                 History of Art Department, 416 Doe MC6020
>                 U. C. Berkeley, Berkeley CA 94720-6020
>                 [hidden email] <mailto:[hidden email]>
>                 // voice 1-510-642-5511 // fax 1-510-643-2185
>
>
>
>
>             --
>             Nils Ohlson
>             Administrative Analyst
>             U.C. Berkeley College of Chemistry
>             Business Office
>             410 Latimer Hall #1460
>             Berkeley, CA 94720-1460
>
>             (510) 642-1325 phone
>             (510) 642-4313 fax
>
>             [hidden email] <mailto:[hidden email]>
>
>
>
>             -------------------------------------------------------------------------
>             The following was automatically added to this message by the
>             list server:
>
>             To learn more about Micronet, including how to subscribe to
>             or unsubscribe from its mailing list and how to find out
>             about upcoming meetings, please visit the Micronet Web site:
>
>             http://micronet.berkeley.edu
>
>             Messages you send to this mailing list are public and
>             world-viewable, and the list's archives can be browsed and
>             searched on the Internet.  This means these messages can be
>             viewed by (among others) your bosses, prospective employers,
>             and people who have known you in the past.
>
>
>
>
>         -------------------------------------------------------------------------
>         The following was automatically added to this message by the
>         list server:
>
>         To learn more about Micronet, including how to subscribe to or
>         unsubscribe from its mailing list and how to find out about
>         upcoming meetings, please visit the Micronet Web site:
>
>         http://micronet.berkeley.edu
>
>         Messages you send to this mailing list are public and
>         world-viewable, and the list's archives can be browsed and
>         searched on the Internet.  This means these messages can be
>         viewed by (among others) your bosses, prospective employers, and
>         people who have known you in the past.
>
>
>
>
>     -------------------------------------------------------------------------
>     The following was automatically added to this message by the list
>     server:
>
>     To learn more about Micronet, including how to subscribe to or
>     unsubscribe from its mailing list and how to find out about upcoming
>     meetings, please visit the Micronet Web site:
>
>     http://micronet.berkeley.edu
>
>     Messages you send to this mailing list are public and
>     world-viewable, and the list's archives can be browsed and searched
>     on the Internet.  This means these messages can be viewed by (among
>     others) your bosses, prospective employers, and people who have
>     known you in the past.
>
>
>
>
> --
>
> Lisa Ho
> IT Policy Manager
> Information Security and Policy
> University of California, Berkeley
> 510.642.2422
> [hidden email] <mailto:[hidden email]>
>
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



--
Nils Ohlson
Administrative Analyst
U.C. Berkeley College of Chemistry
Business Office
410 Latimer Hall #1460
Berkeley, CA 94720-1460

(510) 642-1325 phone
(510) 642-4313 fax

[hidden email]



-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.




--
Orlando Antonio Sánchez
IT Manager
UC Berkeley Art Museum and Pacific Film Archive (BAM/PFA)

(510) 642-1552

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.