Email Security: Domain-based Message Authentication (DMARC)
As part of an ongoing effort to combat phishing scams and increase email security, the Office of Information Technology (OIT) is implementing the Domain-based Message Authentication, Reporting & Conformance (DMARC) protocol.
How DMARC Works
DMARC is an email authentication, policy, and reporting protocol. It works in two ways:
- It detects unauthorized activity, and provides information about how to handle unauthorized email. For example, the email may be put in the spam folder.
- It identifies legitimate senders, either emails sent by UMN Gmail or by approved/verified email services.
DMARC uses one of two technologies to verify emails:
The University recommends using DKIM whenever possible but can support either technology.
UMN Implementation of DMARC
Currently we are monitoring “spoofed” emails, or emails when the "from" address is forged by the sender. Over time, we will move forward with the DMARC implementation by increasing the amount of email that is marked as spam, or that is bounced/rejected from unapproved/unverified services.
Everyone in the umn.edu domain will be impacted. However, the rollout will be gradual so that impact to our users is minimized.
Implementing DMARC will not cause your email messages to be delayed. DMARC only affects how your email is “viewed” by the receiver’s domain setup.
What Do You Need to Do?
UMN Gmail Users
Individual UMN Gmail users do not need to do anything. You can continue to use Gmail as you normally would.
UMN Mass Email Senders
If you are using an approved email service (see list below), you do not need to do anything. You can continue to send mass email as you normally would.
Examples of Approved/Verified Email Services
- UMN Gmail via web browser, desktop client, or mobile app
- UMN SMTP mail relay service
- UMN Google Groups
- L-Soft Listserv
- Salesforce Marketing Cloud
If you are using an unapproved/unverified email service (see list below), please contact Technology Help so that we can help you develop a plan to become compliant.
Examples of Unapproved/Unverified Email Services
- Third-party email services that are not configured to work with the new DMARC controls
(e.g., Constant Contact, Silverpop, MailChimp, iContact, off-campus servers, etc.)
- Non-UMN Gmail accounts that send as a umn.edu address
(e.g., a hotmail.com or gmail.com address set to send as a umn.edu address)
Test Whether Emails Will be Affected
Technical staff who would like to test whether emails will be affected can do so by sending a message from a umn.edu address that originates from a non-University mail server (ie: MailChimp) to email@example.com, where it will be reviewed by OIT Email administrators.
For more information, contact Technology Help.