Have you (or your staff) ever uploaded a spreadsheet from your CRM into Gemini for some quick insights?

Or pasted a long email thread into ChatGPT for a summary?

It's convenient.

Maybe a little too convenient.

Twenty years ago, it was hard to convince people that password security mattered.

"Use strong passwords."
"Use different passwords on different accounts.”
"Never send them by email."

For people who were just trying to get things done, the risks felt abstract.

By now, most of us have heard enough stories of hacked accounts, identity theft, and fraud to understand why those precautions matter.

I think we're in a similar place with AI.

The benefits are obvious.
The risks are harder to see.

But I don't think it will be 20 years -- maybe not even 5 -- before we start hearing real stories that make the risks clearer: major data disclosures, fraud, and other abuses derived from the information people are casually sharing with their AI tools.

Please be careful.

If you wouldn't post that info publicly on social media, think twice before sharing it with an AI vendor.

All the best,
A.

Everybody's excited about AI and the possibilities of represents for productivity and insights.

But guess who else is using it.

Criminals, spammers, and troublemakers, that’s who.

This article from NPR covers lots of detail without getting too technical, but my main take-aways for you are two:

1. This is one more reason to apply security updates for your software in a timely fashion. For example, CiviCRM has a security update coming out next week.

2. Password disclosures and other run-of-the-mill weaknesses are still far more common than AI-powered attacks. So use strong passwords and two-factor authentication, and disable unused accounts.

Here’s the thing:

As long as you've got something the bad guys want -- and you probably do -- security will continue to be an arms race.

Staying ahead of the game is worth the effort.

All the best,
A.

Getting new staff into your CRM usually comes with some real challenges in training:

• “There are a ton of features just out of the box; how can we orient them quickly on how it all fits together?”

• “We’ve got our own way of using this CRM; how can we train them in our unique standard procedures?”

For that second one, it may be obvious that documenting your own policies and procedures is a worthwhile endeavor, however tempting it may be to put it off.

After all, if there’s nobody else in the world who does this the way you do, then nobody else can help you train new staff on doing it your way.

But for that first one, you might want to check out CiviAcademy, an ongoing series of training videos published by the creators of CiviCRM.

They describe it as:

Bite-sized tutorials to help you maximize CiviCRM.

Easy to understand video tutorials that will take you from an absolute newbie to a CiviNinja in no time!

... high-level, fast-paced instruction designed for users of CiviCRM ... showcasing major features and common customizations.

It’s a growing library of genuinely well-presented short content.

Honestly, even if you’ve been using CiviCRM for years, I’m willing to be there’s something in there that will improve your understanding.

Finally, a special benefit for my existing clietns:

If you’re already a subscriber to any of my services, and you’d like to use CiviAcademy for your team, please email me about getting a 100% lifetime discount for this resource.

(Since Joinery is a CiviAcademy sponsor, I’m able to offer this to you, no strings attached. I really just think it’s a great resource and want to see more people making use of it.)

All the best,
Allen

If you're sending mass emails from CiviCRM, you really ought to be using a professional SMTP service to handle those outbound emails.

Until recently, I've recommended that my clients consider either SendGrid or SparkPost for this service.

But I can't recommend SparkPost anymore.

They're not evil or incompotent -- nothing like that.

The problem is just that SparkPost isn’t a good fit for any organization that maintains more than one mailing list.

Consider a scenario where your organization lets people sign up for a variety of email lists:

• Legislative Updates

• Monthly Newsletter

• Volunteer Opportunities

CiviCRM is built to allow each person to unsubscribe from any of those lists, while remaining subscribed to others.
That seems pretty reasonable.

Unfortunately, my clients and I have found that SparkPost is not so nuanced.

For each mass email message you send, CiviCRM insists that it offer an “unsubscribe” link of some kind.

But still, SparkPost adds an "unsubscribe" feature of its own.

Unfortunately, if one of your readers uses that feature to unsubscribe from, say "Legislative Updates," SparkPost will treat them as if they've unsubscribed from all possible lists, so they'll also stop receiving the Monthly Newsletter and the Volunteer Opportunities mailings too.

... even though they still appear to be subscribed in CiviCRM.

:-(

Now, I'm sure the intent here was good.

SparkPost surely is trying to prevent the delivery of unwanted emails.
That's an admirable goal.

Unfortunately, the way they're doing it is rather ham-fisted, a sledgehammer in place of a scalpel.

So ...

If you're using SparkPost, and you've been wondering why some people aren't getting your emails, this may be part of the reason.

There are ways to inspect your SparkPost account (under the "Suppression List") to find subscribers who may have been caught up in this.

But even then, there's no way to say for sure whether they really wanted to unsubscribe from everything, or just a single mailing list.

Now I'm down to recommending just one SMTP service: SendGrid.

If you're using another SMTP service (or "ESP", Email Sending Platform), and are having a good experience there, please let me know.

I'd love to hear about it.

Having more options is generally a good thing — as long as they’re good options.

All the best,
Allen

Let me ask you ...

Where do you go for information?
Your phone, news feed, social media?

And where do you go for knowledge?
Research, experimentation, measurement?

And where do you go for wisdom?
... well ... ?

Here's a thought:

We're generally drowning in information:
Reports.
Dashboards.
Metrics.
Benchmarks.
News.
Updates.
Events.
Opinions.
Facts.

With a little effort,
we can even distill that down for knowledge.

But for wisdom ... it's different.

Wisdom is knowing what matters.

It's understanding that every choice means giving up something else.
It's recognizing that we rarely get everything we want.
But that we can often get what matters most,
And be content with the trade-offs.

That perspective only comes over time,
through experiences, mistakes, reflection, and care.

You can't download it.
You can't subscribe to it.
You can't generate it on demand.

You have to earn it.

A little at a time.

All the best,
A.

CiviCRM has announced a security update to be released on the evening of June 17.

Security updates are important. You don’t want to let this slide.

If you’ll be handling this update yourself, now would be a good time to prepare:

• Review the official documentation on upgrades, including the specifics for your CMS (Drupal, WordPress, Backdrop, etc), and make sure you understand it.

• Ensure you understand how to perform a full site backup — and how to restore your site from a backup if needed.

• If this is your first time, block out a couple of hours for the actual upgrade.

• Consider upgrading twice — once now (or soonish), and once when the security update is released. Sounds crazy, maybe, but there are good reasons to take this approach.

If you’re a subscriber to Joinery’s Operational Assurance plan for ongoing support, and/or a Joinery hosting subscriber, we’ll be handling this upgrade for you, including full pre-upgrade backups and post-upgrade verification.

If you need help preparing for or conducting the upgrade, consider booking a coaching call so we can discuss your particular situation and ensure you have a good plan in place.

Whatever you do, don’t put this off.

• A security release is a great fix for issues you probably don’t even know you have.

• But just as importantly, it’s an announcement to the world that all un-upgraded sites have a specific set of security vulnerabilities. You don’t want to be one of those.

All the best,
Allen

Tech changes will demand organizational changes — like it or not.

But you don't have to do it all at once.

Often it's best to start by doing one thing very well -- get an early success -- to build early confidence, rather than insisting on wholesale change right out of the gate.

Case in point: I spoke recently with a CiviCRM site admin who wanted to start leveraging SearchKit for reporting, rather than just relying on the traditional (and more rigid) CiviReport framework.

But she knew it would make for a lot of questions for her team if she insisted on moving all their reports to SearchKit.

So took it a step at a time.
Picked one simple report.
Recreated it in SearchKit.
Told her team about it.
And even changed the criteria on the old report so it would always display zero rows (a kind of "this is not the data you're looking for" enforcement mechanism).

The result?

Her team have gotten used to the SearchKit interface,
and they're more open to using it in the future.
She's now in a position to start moving more reports to SearchKit,
and to start choosing SearchKit instead of CiviReports for new reporting needs.

Her staff are happy.
She's happy.

Because she moved slowly enough for her team to keep up, and focused on early success.

All the best,
A.

Ever get stuck trying to make “the perfect thing”?

The perfect membership outreach.
The perfect reporting interface.
The perfect sign-up form.

We've all been there.

After all, it's tempting.

But it just never seems to happen.

Here's the thing:

Even with all the funding and all the time you could want,
you'll never make "perfect" tools or systems.

That's because:

"Perfect" is a moving target, not a state of being.
You'll always find a way to make it better.

That's a good thing.

You can start with what you have today,
the best results you can deliver right now.
That gives you something to start with.

Then you can see ways to improve it,
based on what you learn as you go.
That lets you make smart investments where you know they're needed.

To put it another way:

"Starting from perfect" is equivalent to "never really starting."

Start from imperfect.

All the best,
A.

Open-source tools like CiviCRM, WordPress, and Drupal are free.

• Free as in "free speech": use them for the cause of your choosing.

• Free as in "free beer": use them with zero license fees.

• Free as in "free reign": modify or extend them however you wish.

They're also free as in "free kittens":
Incredibly likable from the start (not just because of the above freedoms).
And demanding of care, feeding, and attention.

One of the most common mistakes I see in organizations adopting new tools is a tendency to consider only the up front costs of acquisition.

For open source tools, that's a no brainer — they're free!

But don’t forget to account for the cost of ownership.
The effort of maintenance.
The investment of training.

If you've got a plan — and a budget — for that,
you'll be much happier in the long run.

All the best,
A.

It's frustrating to be separated from your favorit pickles or jams only by something as simple as a quarter-turn of a screw-top lid.

But when it's tough, you have escalating options:

1. Try harder. Get a firm grip, keep your hands close to your torso, and exhale while turning.

2. Ask someone stronger. If they're handy and you ask nicely, they'll probably be glad to try -- and if they succeed, they'll often feel even happier to have helped.

3. Try a tea towel. It softens the lid's ridges against your hand, allowing you to grip harder with less pain -- and it eliminates slippage from any incidental moisture.

4. Try a rubber band. If you have one that’s the right size, you’ll find it reduces slippage even more than the tea towel.

5. Use hot water. Heating the lid with hot tap water will expand the metal more than the glass, reducing the friction between lid and jar.

6. Get out the machines. An electric jar opener will take up space in your kitchen and cost you some cash, but it's likely to remove even the tightest of lids.

Getting your pickles out of that jar isn't so different from getting your data out of (or into) your CRM.

When it's easy, life is good.

But when it's tough, there's nothing more frustrating.
I mean, the goods are right there!
You can literally see them!
This should be easy!

Of course, you could spring for an expensive solution like hiring expert help.

But usually you'll benefit most by starting with what's easiest and then escalating only as needed.

Keep that in mind the next time you're in a pickle.

All the best,
A.

Is your organization hosting CiviCRM separately from your main site?

I've seen a few organizations do this, and it's a good idea in certain situations.

For a long time, the only way to do it was to spin up a separate Drupal or WordPress site that really did nothing else but contain CiviCRM.

But these days, it's worth considering CiviCRM Standalone.

It's just CiviCRM, so you don't have the burden of security updates and bug fixes for Drupal or WordPress.

But you do get all the necessary features for multiple user roles and permissions, switching users, and more.

If your separate CiviCRM site really is just CiviCRM, you might consider switching to Standalone.

It can be a whole lot simpler to manage.

All the best,
A.

P.S. If you're having trouble imagining what “just CiviCRM” would look like, head over to the official CiviCRM Standalone live demo site, where you can log in and give it a spin.

So here’s this thing I said yesterday about hiring staff members based on CRM experience:

Compared to someone who knows your tools,
it's much more valuable to hire someone who can
understand your mission,
think on their feet,
take ownership of their work,
and communicate well.

Now that I think of it, that’s not just true of staff hires.

It’s true for anybody you look to for paid help.

All the best,
A.

Your CRM is central to your operations.

So is your staff.

And maybe you're thinking about bringing on a new hire.

And maybe you thought that hiring someone with deep CiviCRM experience would mean quicker on-boarding with less training.

Indeed, there is a job board right on civicrm.org where you can create a job listing.

But it's almost always empty. (Look and see right now, if you want.)

What gives? Why aren't more organizations hiring specifically for CiviCRM?

A few reasons come to mind:

• A listing on that job board will be answered mostly by professional service providers, not potential employees.

• People who want to be employed for their CiviCRM skills usually get hired by service providers. It's the same with most skilled experts, from attorneys to plumbers; they typically work at specialty firms, not in-house at those firms' potential clients.

But perhaps most importantly:

• This kind of specialized skill is only a small part of what you're really hiring for.

To put it another way:

Compared to someone who knows your tools,
it's much more valuable to hire someone who can
understand your mission,
think on their feet,
take ownership of their work,
and communicate well.

Someone like that can be trained on any particular tool or system.

The main value is not in the technical skill.
It’s in the ability to produce results, reliably, in a dynamic environment.

As always:
Never let the tool distract you from the task.

All the best,
A.

When folks read your next announcement or newsletter or appeal, would you rather they …

• Think it sounds polished?
  OR:

• Get the message and act on it?

I’m after that second one.
You probably are too.

So …

What’s a great way to create content that sounds polished?
Have your AI write it.

It’s polished, professional, smooth …
and sounds like it was written by a machine (or worse, by a politician; or a marketer).

What’s a great way to create content that sounds real?

Write it yourself.
Use your own voice.
Write as if for one person.
Say the thing you want to say.

Now …

If you want to chat with your AI to flesh out an idea, go ahead.

But if you let it speak for you,
it’s probably going to sound just like
every other mass-market email you saw (and ignored) today.

All the best,
A.

What would it be like to explain, over a phone call, how to make tiramisu?

Even If you've made it dozens of times yourself...

How much time would it take?
What could go wrong?

What if … you'd never made it before, but you have a recipe in front of you?

What if … you've never made it, and you have no recipe, but you've tasted it many times, and thought carefully about making it?

What if … you've never tasted it, don't know what it's called, but have a great idea for it in your head?

In that case, you might have to go through a long process of trial and error describing your idea of tiramisu to someone, such that they could make it happen the way you see it.

Custom reports are a lot like that tiramisu.

The more you understand the ingredients, how they fit together, and the actual intended result, the easier it gets.

It's not that customer reports — or tiramisu — are particularly difficult.

It's just that it takes a good deal of careful thinking, and careful communication, to get the result you want.

All the best,
A.

Systems provide safety and convenience by enforcing a structure.

Take my small but rapidly growing North Texas town.

Somebody has to lay out the streets.
Somebody has to set limits on speed, traffic direction, stop lights, etc.
Somebody has to be the cop, and the zoning department, and the building inspector.

Any of those are sure to ruffle somebody's feathers at one time or another.

But most of us prefer some structure -- even with its expense and limitations -- over limitless flexibility for everyone at all times.

Your CRM, and your website, will present similar challenges.

A tighter structure requires more planning, maintenance, training, and enforcement.
And it will limit your flexibility.

A looser structure is easier in the short term and gives you more flexibility,
but requires a greater tolerance for surprises.

Somewhere in there is a sweet spot.

And it will always come with trade-offs.

All the best,
Allen

A friend in the office down the hall tells me he’s spent around $3,000 on paint samples in the past year.

His company builds condos and apartments.

He says $3,000 for paint samples is a lot better than $30,000 for the wrong paint.

Of course it is.

When you're trying out new ideas, it helps to have an operational budget that allows you to test them on a small scale.

The alternative is “doing everything live,” and “waiting to see if it fails.”

All the best,
A.

This note contains links to the online CiviCRM community resources I'll be mentioning in the upcoming CiviCRM Admin Training at CiviCamp Toronto 2026.

Whether you're attending that training or not, you might still find these resources useful.

--

Having a community of people around you is a huge advantage for learning.

Fortunately, you don't even have to change out of your pajamas these days to find an online community of people a lot like you who are making great things happen with CiviCRM.

The online CiviCRM community is active, communicative, and in my experience very supportive.

If you want to accelerate your journey in mastering CiviCRM, I recommend you check out these online community resources:

CiviCRM Extensions Directory:

When you need CiviCRM to do something it doesn't do out of the box, you don't always have to build it yourself. The CiviCRM Extensions Directory contains over 700 extensions for everything from visual layout tweaks to import/export helpers, specialized PDF creation, calendars, and more. They're all available for you to try, and to continue using indefinitely at no cost.

Community chat:

CiviCRM’s online chat platform is the closest thing we have to an online forum, with separate channels for a wide variety of topics.

Need help with Mosaico, or something Drupal-specific, or financials, or general system administration? There are dedicated channels for those topics, and lots more.

Just trying to figure out where you fit in with this new community? Try the Town Square channel, where "all things CiviCRM" are on-topic; or even the Off Topic channel, for "Random chit-chat about anything at all".

It's sometimes just referred to as "MatterMost", the name of the software that powers the chat platform. It works about like Slack, in case you've used that elsewhere. If someone in the CiviCRM community suggests asking on MatterMost, they just mean chat.civicrm.org.

You can just use it easily in your browser, but dedicated desktop and mobile apps (look for "MatterMost") make it even easier.

CiviCRM documentation:

CiviCRM's official documentation is free — free to access, free to distribute to your staff, free to modify and reuse as you see fit.

And if you want to make the most of CiviCRM, you'd be well served by becoming very familiar with what it can do right out of the box.

The documentation is also quite extensive. So it can feel like a lot to consume.

But it's well organized, divided into several Guides covering major areas:

• User Guide: For staff members who use CiviCRM's web-based interface as part of their job at an organization.

• Installation Guide: For anyone who wants to install CiviCRM on a compatible CMS.

• System Administrator Guide: For tech-savvy people who install, upgrade, and maintain CiviCRM for an organization.

• Training Guide: For CiviCRM trainers who train users, system administrators, and developers who would like to learn more about configuring and using CiviCRM.

• Developer Guide: For developers (programmers) who create and improve functionality within CiviCRM or those wishing to write software code for CiviCRM.

Official CiviCRM Demo Site:

Sometimes you just need a quick playground. Often because you haven’t even installed CiviCRM yet and you’re just curious what it can do. But sometimes — even when you’re running your own CiviCRM installationn already — you just need to try something before you actually implement it on your own site.

The official CiviCRM demo site runs CiviCRM standalone (i.e., not under Drupal, WordPress, or another CMS) at the very latest available version. It’s also rebuilt automatically every 24 hours. So it’s strictly ephemeral, but feel free to try oiut new ideas there before doing them on your own site.

CiviCRM Stack Exchange:

Have a question that you just can't seem to get answered? The CiviCRM Stack Exchange is a dedicated Q&A forum for exactly that: getting your questions answered.

It's not a general forum for open-ended conversation; it's designed to get "the one best answer" to a specific answerable question.

Questions and answers are all provided by real people in the CiviCRM community — from complete noobs to seasoned experts. There's no guarantee that you'll get a perfect answer, but it's a great place to start, and often turns up exactly what you need to know.

Community Blog:

The CiviCRM blog is the primary source for news and announcements in the CiviCRM community. You'll learn about upcoming events, new features, new extensions, and more. (You'll also see a quick link to all the latest blog posts in the "CiviCRM News" dashlet within your own CiviCRM dashboard.)

Developers’ workspace, “CiviCRM GitLab”:

This is CiviCRM’s online repository for code development, bug reports, and community planning.

Even if you're not a software developer, this is still a great resource for learning about new feature improvements and new bug fixes that are in the works — or completed.

And you don't have to be super technical to file a bug report either. If you're sure that CiviCRM should be behaving in a certain way and isn't, there may be an existing bug report that you can add to, or you can file one yourself.

Ultimately, CiviCRM is just a bunch of code files. Peeking into that world now and then is like learning a little more about your car’s engine or your household plumbing:

You don't always have to be the one to pull out the tools, but it can help to have some idea what's inside when it's acting strangely.

Conversational AI, “CiviCRM DocBot”:

Official CiviCRM documentation (linked above) is great. But it's a lot to digest.

CiviCRM DocBot solves this problem by offering an AI-driven conversational interface. Ask it a question. Give as much detail as you like. DocBot's answers are based on the full contents of the official documentation, plus documentation from many extensions, plus ongoing Q&A from the CiviCRM StackExchange, and more.

For more convenience, the DocBot extension will give you a DocBot interface right on your CiviCRM dashboard. Very useful for detailed answers to complex and detailed questions.

All the best,
A.

Your next mass email, social post, or announcement:

Will it be optimized for awareness?
Or for action?

Both are valuable.
But they're not the same thing.

It's hard to aim for a desired outcome
unless you're clear about what the desired outcome is.

All the best,
A.

High tech solutions can seem attractive -- they're just so darned shiny -- but they aren't always “better" than low tech.

Consider the problem you're solving:

• Is the process highly predictable?

• Does it need to happen frequently or at high volume?

• Will your high-tech solution offer some kind of logging, so you can inspect what happened if something doesn't look right?

• Will your high-tech solution actually reduce your total time and effort?

The less those things are true, the less attractive a high-tech solution becomes.

I know plenty of organizations that still prefer paper lists for their event registration tables -- instead of a live CRM system -- because it reduces setup requirements, gives staff rapid access to all the relevant information, and never goes offline.

Sometimes low-tech is the real win, unsexy as it may be.

All the best,
A.