OIT Office of Information Technology
| Menu
A laptop screen highlights a digital envelope with a warning sign, indicating a phishing email.

Stricter email authentication policy takes effect June 11

Submitted by crei1741
on
 

On Wednesday, June 11, OIT will adjust the campus DMARC policy to direct email servers to reject rather than quarantine messages that claim to be from CU Boulder but fail authentication checks.

This is the final step in a yearlong process to make it harder for scammers to phish our community using spoofed CU Boulder email addresses.

What it is

Email authentication is a collection of methods that help protect email recipients and senders from phishing attempts by using DNS records to verify the identity of a sender.

CU Boulder's domain-based message authentication, reporting and conformance (DMARC) policy tells email servers how to handle messages that claim to be from CU Boulder but fail authentication checks.

Today, the campus DMARC policy tells servers to quarantine unauthenticated messages, which reduces the likelihood that recipients will interact with phishing emails. Starting June 11, the policy will instead tell servers to reject those messages, further reducing the risk to recipients.

To learn more about email authentication, visit OIT's Email Authentication & Anti-Spoofing page (login required).

What to do if a legitimate email is rejected

Legitimate emails may be flagged as spam or rejected when:

  • The sender hasn't configured their third-party mailing service to comply with authentication standards.
  • The message was sent through an external listserv that isn't configured properly.

After June 11:

  • Unauthenticated campus senders may start receiving email rejection notifications. For next steps, visit OIT's Email Authentication - Help page.
  • Email recipients may stop receiving messages from unauthenticated campus senders.

OIT will continue to monitor email logs and assist campus senders whose messages are being rejected.

Resources & Support

Visit OIT's Email Authentication - Help and Email Authentication - FAQ pages to learn more. If you have additional questions or concerns, please contact the IT Service Center at (link sends email)oithelp@colorado.edu or 303-735-4357.

Related Articles