How can I get my outbound E-mail to pass DMARC?

Planned Changes

Information Services will start to implement a new security requirement systemwide for all outgoing mail that is sent from @aber.ac.uk email addresses. This is known as Domain-based Message Authentication, Reporting & Conformance (DMARC). It is being rolled out from June 2021.

No changes are required by end users; but it is important to be aware of the changes.

What is DMARC?

DMARC provides extra security to combat E-mail phishing attacks. It allows central control over the action mail servers should take when they process unauthorised mail, in return giving a more consistent approach to how we want spam to be handled during delivery.

Why is DMARC important?

Organisations are seeing an increased threat in ransomware. Most ransomware attacks originate from a simple phishing attack. DMARC will make it difficult for attackers to send mail which spoofs aber.ac.uk addresses, helping to keep phishing/spam out of mail inboxes, protect branding and Aberystwyth University’s reputation.

How does it combat phishing?

There has already been extensive work in place securing against mail attacks using technologies such as Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). Applying DMARC on top ensures we are getting the best out of these two authentication mechanisms.

DMARC makes it easier for mail servers to determine whether a given message is from an authorised sender and assurance on what action can be taken.

Will it help block all types of phishing attacks?

No. DMARC will only help protect attackers abusing and spoofing email that appears from aber.ac.uk addresses.

I need to send bulk mail from a cloud service; what should I do?

You must contact Information Services if you want your service to be registered as a sender for aber.ac.uk. We will need to look at the service to see what the service can support and then continue to make a risk-based decision on whether to allow the service as a sender.

Not all requests can be accepted. The more mail servers that are authorised; the greater the risk to the aber.ac.uk domain.

Will this effect mail delivery?

Internal mail and any service currently registered will not be affected.

This is only likely to effect mail from cloud services that Information Services has not been made aware of beforehand.

To mitigate the risk of legitimate mail being delivered to recipients’ spam folders; reporting tools have been closely monitored and action has been taken to register the services that we know can safely send mail on behalf of aber.ac.uk.

All systems that send E-mail on behalf of aber.ac.uk must be DMARC compliant.

 

As of May 2021, the following services are compliant and have been registered as approved senders for aber.ac.uk:

  • SMTPHOST
  • Microsoft Office 365
  • ALMA Library Management System
  • Blackboard
  • BLACKBAUD Alumni CRM
  • ClickDimensions CRM
  • GECKO Marketing Mail System
  • STEMS Accommodation Inspection System
  • HIRESERVE HR System (jobs.aber.ac.uk)
  • HOBSONS
  • Libraryh3lp Chat System
  • MOLE DARO Alumni Campaign System

If you have been using a service that has not been listed above. It is likely that most of the mail has already been going into recipient’s spam folders as the service has not been registered by existing authorisation mechanisms in place (SPF). Registering mail senders has always been a requirement.

How will DMARC be implemented?

DMARC has a control to allow action to be taken on a percentage of mail.
To reduce impact; the control will be increased over time as we monitor mail delivery.

Date

Percentage of Unauthorised Mail

Action

01/06/2021

25%

Deliver to Quarantine/Spam Folder

08/06/2021

50%

Deliver to Quarantine/Spam Folder

15/06/2021

100%

Deliver to Quarantine/Spam Folder

 

 

 

29/06/2021

100%

Reject with notification to sender

 

What can I do if I suspect mail is going into spam?

Contact Information Services as soon as possible so that we can investigate the underlying cause.

Further reading:

https://cybersecurity.jiscinvolve.org/wp/2020/08/10/hitting-dmarc-phishing-emails-can-easily-spoof-university-and-college-domains-dmarc-and-ncsc-mail-check-are-here-to-help/

https://www.jisc.ac.uk/blog/the-fight-against-phishing-free-new-tool-stops-spoofing-11-aug-2020

Contact for this page:
Information Services, Aberystwyth University, Hugh Owen Library, Penglais, Aberystwyth, SY23 3DZ
Tel: 01970 62 2400 Email: is@aber.ac.uk