As part of an ongoing effort to combat phishing scams and enhance email security, the Office of Information Resources and Technology (OIRT) is implementing the Domain-based Message Authentication, Reporting & Conformance (DMARC) protocol. DMARC monitors mass mailing, hosted vendor applications, and mail servers used to send emails on behalf of the University (e.g., fdu.edu, wc.fdu.edu).
Important Email Delivery Requirements
For Individual FDU NetID Users
No action is required. You can continue to use Outlook as you normally would.
For Mass FDU Email Users
Fairleigh Dickinson University prioritizes information security and is enforcing these email authentication standards to ensure reliable and secure email delivery. All non-FDU services used by FDU users and departments must adhere to these best practices to ensure proper delivery of emails to FDU recipients. Failure to comply will result in email delivery failures.
If you plan to use any new service to send emails to FDU users, you must submit a SAMI ticket at least one month in advance. For any existing email delivery issues, submit a SAMI ticket.
As an FDU user, you generally won’t need to manage the technical details of DMARC unless specifically requested by OIRT. While DMARC is typically managed by your email provider, individuals or departments using external services like CRM tools (e.g., Constant Contact, MailChimp) for bulk emailing must ensure that DMARC is enabled within those platforms. This helps prevent messages from being marked as spam.
OIRT will provide guidance and work with the service provider after you submit a SAMI ticket.
For those interested in the technical aspects of this email security standard, continue reading below.
How DMARC Works
DMARC is an email authentication, policy, and reporting protocol that operates in two primary ways:
- It detects unauthorized activity and specifies how to handle unauthorized emails (e.g., placing them in the spam folder).
- It identifies legitimate senders, including emails sent by FDU or approved/verified email services.
DMARC uses two key technologies to verify emails:
Domain Keys Identified Mail (DKIM)
What is it?
Domain Keys Identified Mail (DKIM) verifies the identity of an email sender to prevent email spoofing. It acts as a unique electronic signature, allowing recipients to confirm that a message claiming to be from you was indeed sent by you.
Why is it important?
DKIM helps email hosts (e.g., Microsoft, Google) detect phishing attempts. By verifying the message’s signature, DKIM ensures that the sender address belongs to its rightful owner and confirms that the message has not been tampered with during transit.
How does it work?
DKIM adds a hidden, unique digital signature to your outgoing emails. A public “key” is published online under your domain or subdomain. When a recipient receives your email, their system uses this public key to verify the signature. If it matches, the email is confirmed as authentic and unaltered, helping it reach the inbox and preventing spoofing.
Sender Policy Framework (SPF)
What is it?
Sender Policy Framework (SPF) is like a digital “authorized senders” list for a domain. When an email arrives, the recipient’s system checks whether the sending server is approved by the domain owner. If the server isn’t on the list, the email may be flagged as spam or rejected.
Why is it important?
SPF helps prevent spammers and phishers from forging the “from” address in email messages. It allows email hosts (e.g., Microsoft, Google) to verify that the server sending the email is authorized to send on behalf of the specified domain.
How does it work?
Your email provider (e.g., Microsoft 365) publishes a list of authorized servers that can send emails on behalf of your domain. When a recipient’s mail server receives a message, it checks this list to verify the sending server. If the server is authorized, the message is considered legitimate. If not, the recipient’s mail server may reject, quarantine, or flag the message as spam based on its policy.
Feedback 
Copy Link
