DMARCDomain-based Authentication, Reporting, and Conformance
DMARCfor campus email
DMARCDomain-based Authentication, Reporting, and Conformance
An email standard that allows email providers to to verify that email was sent from a valid email address.Case 1: Email from [email protected] to [email protected] asks WiscMail servers, “Is this email legitimate?”WiscMail servers, “Yes, that is legitimate. Bucky rocks!”Gmail delivers mail to [email protected]
What is DMARC?
DMARCDomain-based Authentication, Reporting, and Conformance
Email systems “talk” to each other using the DMARC standard to verify email senders are legitimate.Case 2: Email from [email protected] to [email protected] servers ask MSU servers, “Is this email legitimate?”MSU, “Nope! We don’t know who that is!”WiscMail potential actions include:deliverblockquarantinediscard
How doesDMARC work?
DMARCDomain-based Authentication, Reporting, and Conformance
Who is impacted by this change?
Any system “spoofing” or impersonating a UW Madison email addressesUW-Madison users who send email messages thru 3rd-party mass email providers (e.g. MailChimp, Constant Contact, etc.) using an @wisc.edu email address as the “From” address.*Non-UW-Madison email accounts which send as an @wisc.edu email address (e.g. Gmail account configured to send as an @wisc.edu address).Third-party email scripts/servers that don’t send email using on-campus mail services which are sending “FROM” a wisc.edu email address.* Can be configured to send DMARC compliant email
DMARCDomain-based Authentication, Reporting, and Conformance
Who is not impacted by this change?
UW-Madison Office 365 web client, desktop app, and mobile appIndividuals sending outbound emailOffice 365 add-ons for mail-merge functionalitySystems which are able to authorize end-users’ use of their own email address within the systemList servers configured to work with DMARC*UW-Madison email listsGoogle GroupsUW-Madison campus SMTP Relay service*Departmental and off-campus list servers need to be updated to support DMARC
DMARCDomain-based Authentication, Reporting, and Conformance
How does this impact UW Madison inbound/outbound email messages?
InboundInbound messages (from any source other than the UW-Madison Office 365 tenant) which spoof an @wisc.edu email address will be flagged as SPAM.These messages will either be rejected by the email system, quarantined, or delivered to the intended recipient’s SPAM email folder.OutboundRecipient email systems (e.g. Gmail, etc.) will reject or quarantine email messages which spoof an @wisc.edu email address.
DMARCDomain-based Authentication, Reporting, and Conformance
What can you do to ensure you are compliant with DMARC standards?
Faculty/Staff/StudentsNo changes necessary unless they are sending messages from a non-UW email service which is “spoofing” an @wisc.edu email address.Email Domain/Application/System AdminsSee theDMARC Websitefor more information on how to achieve DMARC compliance.Contact 3rd-Party email providers to determine if they are capable of DMARC compliance.If you manage a system which sends email through a mechanism other than UW Madison mail relay, contact the ECC Team for a consultation.
DMARCDomain-based Authentication, Reporting, and Conformance
What is thetimeline?
Current and OngoingExecute communication planDevelop domain policies with HostmasterConvert campus relayersFall/Winter 2018Tag subjects of inbound mail violating DMARC standardPublish SPF ~all for wisc.edu(following conclusion of Spring semester)Spring/Summer 2019 (Tentative)Publish 1% DMARC record for wisc.eduFall 2019 (Tentative)Publish DMARC record for wisc.edu
DMARCDomain-based Authentication, Reporting, and Conformance
Questions?
0
Embed
Upload