What are CAEN's recommendations for using MCommunity groups?
Anyone at the University of Michigan may create their own groups in Mcommunity. Once created, a group can be used to distribute email to all group members. Particularly for groups with a large number of members, it is important to limit the risk of third parties using your groups for malicious purposes.
While Mcommunity does have some rudimentary features that limit who may send to the group, such as making a group “members only” or adding moderators, these can be easily circumvented by malicious third parties.
If you represent a College of Engineering department using an Mcommunity group for University business (e.g. as a means of reaching staff or students in a particular program), you may wish instead to consider using the Moderated Email Service operated by CAEN. This service offers a number of security benefits that Mcommunity cannot provide, but does have some requirements, such as designating administrators and moderators. Interested departments may request more information about the service by contacting email@example.com.
If you decide that Mcommunity groups are a better option, CAEN advises the following settings:
- Hide the members of your group. This prevents malicious third parties from knowing who is in your group, and whom they may need to impersonate when forging email.
- Make sure your list is not joinable. Always manage the members of your list explicitly so you control who can see its members.
- Designate moderators of your group who are not also owners. While the owners of a group are publicly displayed, moderators are not. By making the owners of your list different than moderators, you will obscure from malicious third parties whom they need to impersonate to have their message moderated automatically.