We have had to do this to select users when there's evidence of a
password compromise. And yes, it could be mistaken for a phish, so we
don't include a password change link, direct people to our helpdesk page
with instructions on finding the change password instructions, provide a
local contact, and when appropriate include a link to a local web page
explaining changes to procedure, etc. We also have a daily newsletter
that announces system changes.
Of course even with all this some people require multiple contacts, and
when that doesn't work the password is preemptively changed and we wait
for them to contact us. (This last might not be appropriate in all
circumstances, or with all business models.)
Mike
On 9/23/21 6:59 AM, Geert Ijewski via mailop wrote:
On 23.09.21 11:45, Jaroslaw Rafa via mailop wrote:
Dnia 23.09.2021 o godz. 08:21:40 Sidsel Jensen via mailop pisze:
Unfortunately we can only do this in our Webmail, we have no good way of
sending this message to a user of a 3rd party mail client. If someone on
this list has a good idea on how that can be accomplished with a good UX I
am very eager to hear it :-)
Maybe just send mail to them? :)
An email telling users to change their password because it has been
compromised, will -- rightfully -- be seen as a phishing attempt; even
if in this case it would be true.
--
Michael D. Sofka [email protected]
ITI Software Architect, Email, TeX, Epistemology
Rensselaer Polytechnic Institute, Troy, NY. http://www.rpi.edu/~sofkam/
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
