DMARC Email Security Compliance
Email communication among our SMC community, partners and vendors is a crucial part of how we function as a higher education institution. To ensure outbound emails from SMC are successfully delivered to inboxes, while compromised emails are sent to spam, IT Services Domain-based Message Authentication Reporting and Compliance (DMARC) Email Validation System is in the process of being implemented.
What is the DMARC Email Validation System?
The DMARC Email Validation System gives SMC the ability to protect college email domains from unauthorized use, like email spoofing.
- College email domains refer to SMC’s primary "stmarys-ca.edu" domain as well as associated subdomains, such as admissions.stmarys-ca.edu, alumni.stmarys-ca.edu, catalog.stmarys-ca.edu, etc.
- Spoofing is a tactic employed by attackers to manipulate the "From" address of an email message, creating a deceptive appearance that it originates from a known sender
Once the DMARC Email Validation System is fully in place, SMC domains cannot be used without explicit authorization. This ensures messages sent and received from SMC email domains are legitimate. To implement the DMARC Email Validation System, SMC IT has partnered with MxToolbox.
What does my Department need to do?
If your department uses a third-party broadcast email platform to deliver emails on behalf of SMC and the service is not listed in the below Existing Third-Party Email Senders, contact IT Services as soon as possible to have your platform configured as an authorized sending service.
If your broadcast email platform is not authorized as a sending service, emails will most likely not reach recipient inboxes during Part 2 of our implementation. Instead, such messages might be rerouted to a spam/junk folder or potentially blocked from delivery altogether.
Please contact SMC IT Services whenever your department:
- Begins working with a new software integration that allows for sending out emails.
- Discontinues a relationship with a third-party broadcast email platform.
Please note that bulk emails sent internally, ie. to all students, all staff or all faculty
are not subject to this new policy.
Implementation Steps
To ensure a smooth transition, the implementation of the DMARC Email Validation System at the college will be conducted in two parts.
Part 1 (Current state at SMC as of March 2024)
The DMARC Email Validation System is currently operating in a “report-only” configuration. This means that all email messages sent on behalf of stmarys-ca.edu domains that fail DMARC are still being delivered. This phase allows time for SMC IT to work with the college’s departments to identify and configure authorized sending services.
Part 2 (May 1, 2024)
SMC IT will begin enforcement by changing the DMARC protection policy to “Reject.” At this point, the DMARC Email Validation System implementation will be complete and stmarys-ca.edu domains will be fully protected from unauthorized use. Emails sent from unauthorized services will be automatically blocked from reaching recipient inboxes. These emails won't even go to Spam—they'll be rejected completely before they can enter an inbox.
Existing Third-Party Email Senders
Below is a list of known third party broadcast email platforms used by SMC and configured with DMARC or SMTP:
Canvas
Colleague
Constant Contact (Performing Arts, Rugby, Honors, New Student and Family Programs, Campus Housing, Student Involvement & Leadership, Library, LEAP)
Digital Ocean
EveryAction
Explorance Blue
GiveCampus
Google GSuite
MailChimp (SEBA)
Qualtrics
Reftab
SendGrid (Slate, Front Rush)
Symplicity (Advocate)
TeamDynamix
ThankView
TouchNet
If your platform is not in the above list, it is not an authorized sending service and all emails will be blocked. As the sender you will not receive a notification that the emails are being blocked. Please submit a ticket to IT Services if you have concerns or want assistance configuring a third party broadcast email platform.
Questions
If you have any questions, or if you experience email delivery issues that you think may be related to the enforcement of the DMARC Email Validation System, please contact IT Services itshelp@stmarys-ca.edu or x4266.