Beginning August 5, 2024, DoIT will enable email authenticity checks for all inbound mail. This change will protect faculty, staff and students from email attacks. It will only impact mail that does not pass the email authentication criteria published for the email domain you see in the “From” address of the message (e.g., @wisc.edu, @doit.wisc.edu). Mail sent from the UW-Madison Microsoft 365 (M365) environment, Google Groups or Eloqua will not be impacted.

eCALS should not be affected by this change since it uses a Google Groups wisc.edu account. Jason Pursian, CALS’ information security officer, says he has been working with other customers for the past few months to make adjustments so they can be compliant.

Additional information from DoIT:

What is going to happen?
After August 5, if a message fails to pass email authenticity checks, it will be sent to the recipient’s junk folder. 

What do you need to do?
If you are concerned about how this change will impact the emails you send, submit an Email Authenticity (DMARC) Consultation request. DoIT can meet with you and answer your questions. If you send from your M365 account or use Google Groups or Eloqua, your message should pass email authentication checks.

Why is DoIT doing this now?
Attackers frequently send fake emails pretending to be from trusted sources, also known as spoofing. Checking email authenticity is one of the best tools we have to stop these attacks. Support for checking email authenticity was a feature DoIT specifically looked for when they selected an email security solution in 2022, and it will be an important part of their ongoing email security.

Looking for more information on these concepts?

• Email authentication: DMARC
• What is email spoofing?