diff --git a/app/controllers/user_admin_controller.rb b/app/controllers/user_admin_controller.rb
--- a/app/controllers/user_admin_controller.rb
+++ b/app/controllers/user_admin_controller.rb
@@ -12,7 +12,10 @@
   # GETs should be safe (see http://www.w3.org/2001/tag/doc/whenToUseGet.html)
   verify :method => :post, :only => [ :destroy, 
                                       :create, :create_from_list, 
-                                      :update ],
+                                      :update, 
+                                      :manage_contest, 
+                                      :bulk_mail 
+                                    ],
          :redirect_to => { :action => :list }
 
   def list
@@ -301,6 +304,45 @@
     redirect_to :action => 'admin'
   end
 
+  # mass mailing
+
+  def mass_mailing
+  end
+
+  def bulk_mail
+    lines = params[:login_list]
+    if !lines or lines.blank?
+      flash[:notice] = 'You entered an empty list.'
+      redirect_to :action => 'mass_mailing' and return
+    end
+
+    subject = params[:subject]
+    if !subject or subject.blank?
+      flash[:notice] = 'You entered an empty mail subject.'
+      redirect_to :action => 'mass_mailing' and return
+    end
+
+    body = params[:email_body]
+    if !body or body.blank?
+      flash[:notice] = 'You entered an empty mail body.'
+      redirect_to :action => 'mass_mailing' and return
+    end
+
+    note = []
+    users = []
+    lines.split("\n").each do |line|
+      user = User.find_by_login(line.chomp)
+      if user
+        send_mail(user.email, subject, body)
+        note << user.login
+      end
+    end
+    
+    flash[:notice] = 'User(s) ' + note.join(', ') + 
+      ' were successfully modified.  ' 
+    redirect_to :action => 'mass_mailing'
+  end
+
   protected
 
   def random_password(length=5)