Email Authentication: Commercial Vendors Policy


 

Purpose

To ensure the security and integrity of the university's email communications, all commercial vendors associated with our community are required to implement email authentication technologies. This policy outlines the requirements and preferences for email authentication.

Scope

This policy applies to all entities, internal or external who send emails on behalf of the university or use the university's domains or namespaces in their email communications.

Policy

  1. Mandatory Email Authentication: All email senders must implement email authentication technologies to verify the legitimacy of their emails. This includes but is not limited to, DKIM (DomainKeys Identified Mail), SPF (Sender Policy Framework), and DMARC.

  2. Preference for DKIM: DKIM is the preferred method of email authentication. SPF is linked to the often hidden envelope sender while DKIM should align with the visible From line in email clients, this helps prevent spoofed emails.

  3. DMARC Implementation: Vendors are also encouraged to implement DMARC (Domain-based Message Authentication, Reporting & Conformance) to enhance their email authentication efforts. DMARC helps specify how emails should be handled if they fail DKIM or SPF checks and provides valuable reports on email authentication activity.

  4. Compliance Monitoring: IT Services will regularly monitor compliance with this policy. Mailers found to be non-compliant may face penalties, including termination of their commercial relationship with the university.

  5. Reporting and Support: Vendors must provide regular reports on their email authentication status and are encouraged to seek support from IT Services to ensure proper implementation and maintenance of these technologies.

Review and Updates

This policy will be reviewed annually and updated as necessary to ensure it remains effective and aligned with best practices in email security.

By adhering to this policy, we can collectively enhance the security and reliability of our email communications, protecting our community from phishing, spoofing, and other email-based threats. Thank you for your cooperation and commitment to maintaining a secure communication environment.