Preventing Emails From Looking Phishy

Legitimate emails can easily be mistaken for malicious activity if they share characteristics with phishing emails or other scams. For a list of characteristics typically associated with phishing emails, see Avoiding Phishing Emails. For specific examples of recent phishing emails, see The Phish Bowl.

Recipients may be wary of opening or responding to emails that appear suspicious, leading them to ignore or delete the message. Additionally, if a significant number of recipients report the email as spam or phishing, it could also lead to the sender's email address or domain being flagged or blocked by email service providers.

Writing an Email Message That Doesn't Look Phishy

The following practices will help ensure that legitimate emails are perceived as credible and trustworthy communications. 

Provide Context

  • Explain to the recipient why they are receiving the message, what person or group at the university is sending the message, and why the action needs to be taken.

Provide Verification

  • Always clearly indicate who is sending the email and provide a UC Santa Cruz or UC contact, phone number, and email address for the recipient to verify the email.

Notify Recipients in Advance

  • If possible, send recipients advanced notification to expect an email requesting action. The advanced notification should be from a known sender and should be free of links, attachments, or action requests.

Keep the ITS Support Center and Information Security Informed

  • The ITS Support Center ( and Information Security contacts ( are often the first place email scams get reported. If you let these groups know about the email beforehand, they can be prepared to let recipients know that the email is legitimate.

Avoid Using Attachments

  • Email attachments are viewed as suspicious by both spam filters and recipients because they can contain malware that infects computers and puts information at risk. Include a link to a Google Doc or online PDF instead.

Use Best Practices for Links

  • Link to UCSC, UC websites, or Google Drive files
  • Spell out all links completely so that recipients can see where they lead. This also allows recipients to type them directly into their browser or copy and paste rather than clicking the link.
  • Keep the number of links in the email message to a minimum. The fewer links the better.
  • Use embedded "click here"-type links or shortened or obscured URLs.
  • Link directly to non-UCSC/UC websites.
  • Link to non-html documents.
  • Link to an IP address.
  • Link to executable files (such as .exe, .cmd, .scr).

Avoid Sending Emails From an External Source

  • Emails should come from a valid UC Santa Cruz or UC email address. Emails from an external source or a link to an external website may make the recipient suspicious.
  • If you must link to an external website, provide a link to a UC Santa Cruz or UC website that links to the external website. If this is not possible, or if the email must be sent by an external party, include a link to a known website, or local contact information, where the recipient can confirm the legitimacy of the email.

Example of a Good Email

Below is an example of a well done mass email communication. The details and contact information are fake, but this is based on actual email sent at a UC location. This email provides a good yet brief explanation and context, a campus link for information and to access the non-UC-hosted survey, and local, verifiable contact information for recipients to confirm the validity of the email and ask questions.

Good Example

Subject: Employee Satisfaction Survey
From: UCOP Human Resources <>
I am writing to notify you that UCOP is conducting an Employee Satisfaction Survey. I encourage you to participate. This is an opportunity for UCOP to get direct feedback from individual employees that will help shape how we will all work at UCOP.
The survey is open and will be available through September 30th. This survey is being administered by a Professional Survey Company. Please visit for information about the survey and a link to the actual survey.
The survey is completely confidential. Individual responses and personally identifying information will not be shared with UCOP.
I will be happy to answer any questions you may have. I can be reached at or by phone at (510) XXX-XXXX, from 7 am - 3 pm.
Employee Name
Title / Department

Get Help

If you have any questions, please email You can also learn more about protecting yourself online on the ITS Security webpage.