I currently work for the web communications part of a small-to-medium size university. We have around 2000 employees and 8000 students. We embrace all google products on campus. We actually use gmail for our primary email system. We use google forms to collect data throughout our website (not perfect by a long shot, but makes data collection approachable and accessible to end users). We would never shut down google forms. We simply couldn't. We regulate mass email by only allowing a select few individuals to email to all users. We have literally a dozen or so users on campus that can send an email to all users, and most are in the communications department or IT. All this talk of authentication systems, and teaching users not to get caught by phishing, sounds like "ideal world" solutions. Our solution is simple. If you want to send out an email to everyone, send it to a central authority that can approve the sending. It is easier to make sure a dozen people have the skill to send a mass email appropriately and avoid phishing attempts, then it is ten thousand. Also, it has the added advantage to allow us to consolidate less urgent emails into a single newsletter once a week, keeping faculty/staff and students email boxes free of non-urgent notifications. I'm not pretending we have a perfect solution, but it seems like we'd never get approval to stop using google docs in a situation like this. I'm actually rather impressed by Oxford's ability to react and then write a long and thorough explanation of their actions.
> Our solution is simple. If you want to send out an email to everyone, send it to a central authority that can approve the sending.
It sounds like all you are doing is regulating access to some sort of all@university mailing list. How does this solve the much bigger problem of spammers using compromised accounts to spam Gmail/Hotmail addresses, which then end up getting the university blocked? And even ignoring that how does it prevent people from just looping through a list of your university's email addresses and sending them one at a time?
You are mostly correct. We are primarily regulating access to a all@university mailing list, but we also have restrictions that prevent mass emails being sent via gmail (though I'm not the authority on this). You are correct, nothing prevents a compromised account, that I know of, from sending out emails one at a time to an list of users, though we do have control over all email accounts and can disable a compromised accounts. If the traffic is internal we have other ways of preventing it. I'm not saying our solution is an absolute substitute for all combinations of possibilities. Just that if we were to be blocked we'd have to deal with it in some other way then to disable google forms. We just couldn't get away with it, and according to some of the comments, Oxford couldn't get away with it very long either.
