Technology

DMARC

Last modified 12/19/2024

What is DMARC?

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol that provides a way for email receivers to check that incoming messages are legitimate and have not been forged or altered. The reject policy means that any incoming emails that do not pass DMARC authentication will be rejected and not delivered to the recipient’s inbox. When this happens, an email will be generated and sent to the sending email address to inform the sender that their email was not delivered.

DMARC provides a layer of security for our email communications and protects against phishing and other malicious attacks. DMARC implementation may result in some legitimate emails being marked as spam or rejected. Unified Communications has taken steps to minimize any potential impact this may cause. More information on what users and system admins can do to prepare for DMARC can be found in a later section.

Illinois State's Implementation of DMARC

We have been monitoring email traffic in addition to working with various groups across the campus to ensure that emails being sent by their applications are DMARC compliant. If your group uses a third-party application to send email using either ilstu.edu or illinoisstate.edu and you have not worked with the Unified Communications team to ensure that DMARC has been configured for your application, please reach out to SupportCenter@IllinoisState.edu. If you want more information about what users and admins can do to prepare for this, please refer to the Actions section.

How DMARC Works

DMARC works in the following two ways:

DMARC detects unauthorized activity and provides information about how to handle unauthorized email. Example: Unauthorized email may be put in the spam folder.
It identifies legitimate senders. Example: Emails sent by ILSTU Outlook or by approved/verified email services are put in the inbox.

DMARC uses these two technologies to verify emails:

DomainKeys Identified Mail (DKIM)

With DomainKeys Identified Mail (DKIM), a domain will provide a cryptographic signature in the email message that it sends. That signature can be verified via a Domain Name System (DNS) record containing the public key. The DKIM signature contains both a domain identifier for the hosted public key record to query from DNS, and the selector to uniquely identify the email messages signed. This DKIM signature is added to the email headers of signed email messages.

A domain may publish multiple DKIM keys and have multiple selectors. This permits the domain to configure multiple keys to distinguish and manage sending from different accounts and email servers. An email server receiving a signed email message will query the public DNS record according to the DKIM signature to verify that the domain from which it is intended to have been sent matches the signature.

Sender Policy Framework (SPF)

Sender Policy Framework (SPF) allows a domain to define which mail systems are permitted to send emails on its behalf. SPF records may contain the mail system IP addresses of its domain as well as those of its partner domains that are trusted to send emails. (Example of trusted partner domains: a vendor-managed email system or a constituent relationship management (CRM) service.)

The SPF record is published in the domain’s DNS records. An email server will query the SPF record from the domain’s DNS records when it receives an email with a sending address from that domain. A match authenticates the message as having originated from a trusted sources on behalf of the sending domain.

Tip

The University recommends using DKIM whenever possible, but can support either DKIM or SPF.

Actions

Forwarding and Redirecting

Third-Party Email Service Providers Sending on Behalf of the University

Using Different Email Application

Examples of Third-party Email Service Providers That Have Been Made DMARC Compliant

Note: There may be more options that have been made compliant with DMARC, but just may not be listed here.

Technolutions/Slate
Emma
TouchNet
Qualtrics
PostMarkApp
Paciolan
Ungerboeck
ExLibris (now part of ProQuest)
Terra Dotta Software
SparkPost
Dyn

How to Get Help

Technical assistance is available through the Illinois State University Technology Support Center at:

Phone: (309) 438-4357
Email: SupportCenter@IllinoisState.edu
Submit a Request via Web Form: Help.IllinoisState.edu/get-it-help
Live Chat: Help.IllinoisState.edu/get-it-help