Menu

Email security service change: Eliminating email spoofing

The following email was sent by DoIT Communications on behalf of the DoIT Productivity & Collaborative Solutions (PCS) team.

This is a reminder that on August 5, 2024, we will begin enabling email authenticity checks for all inbound mail on our secure email gateway. This change will protect faculty, staff and students from email attacks. It will only impact mail that does not pass the email authentication criteria published by the sender. Mail sent from our UW-Madison Microsoft 365 environment, Google Groups or Eloqua will not be impacted.

What is going to happen?

Simple Answer: Emails that don’t pass email authenticity checks will be routed to the recipient’s junk folder. 

Technical Answer: When an email message arrives at the email gateway, we will check message attributes to confirm its origin. These checks validate the SPF (Sender Policy Framework) result and DKIM (Domain Keys Identified Mail) signature on the message against the DMARC (Domain-based Message Authentication, Reporting & Conformance) policy published for the domain in the header “From” address. Any message that fails authentication checks will go to the recipient’s junk folder.  

What do you need to do?

In spring and early summer, we contacted domain administrators for domains that have authentication issues. If you received our email, please respond. We are committed to working with you to address any potential problems before August 5.

Ask questions. If you are concerned about how this change will impact mail sent from a specific sender, service or campus server, please submit an Email Authenticity (DMARC) Consultation request. We are happy to answer your questions. 

Why are we doing this now?

It is becoming more common for attackers to send emails that impersonate trusted senders in spam and phishing attacks, also known as spoofing. Publishing strict DMARC policies and checking email authenticity is one of the best tools we have to stop these attacks. Support for checking email authenticity was a feature we specifically looked for when we selected a new email security solution in 2022, and it will be an important part of our ongoing email security.

Looking for more information on these concepts?