From:        John Denune <denune@sdsu.edu>
To:          redwards@sciences.sdsu.edu (Rob Edwards)
Cc:          security@sdsu.edu, stewart@sciences.sdsu.edu,
             rich.pickett@sdsu.edu (Rich Pickett)
Subject:     Re: Fwd: Senate Election Ballot - College of Sciences
Date:        Tue, 19 Apr 2011 08:19:10 PDT

Rob,

It sure looks like it; sent from a non-SDSU e-mail address 
directing users to a non-SDSU URL with no SDSU contact
information (SDSU URL, e-mail, phone number or person)
provided or referenced.

But looking at the URL, it does look like a legitimate 
ballot for CoS Senate.

I'm CC'ing Kris Stewart in the hopes that she can contact
the Senate and give them a few guidelines for making future
Senate e-mails seem less like spam, including:

* a valid SDSU return address
* a valid SDSU URL
* an SDSU fac/staff member identified as a contact including
  e-mail address and phone number.

Sometimes when using an outside company, using an SDSU return
address or URL is not possible, in which case, there should be
an SDSU web page referenced to better explain and validate the 
e-mail.  Where possible, this SDSU website can provide a link
to the offsite content rather than including a non-SDSU URL
in the e-mail message.

Provided none of the pages on the form ask for passwords, ID #'s,
credit card numbers or other personal information, it's probably
safe to fill out the ballot if you choose to do so.

---John

John Denune
Technology Security Officer
IT Security Office
San Diego State University
denune@sdsu.edu
Phone: (619) 594-4242