Description
Ohio University uses three email authentication protocols to help protect our email: DMARC, SPF, and DKIM. The following is a guide for users working with external partners to improve email delivery and avoid the need for allow listing IP addresses.
Understanding DMARC, SPF, and DKIM
-
Domain: In terms of email, "domain" refers to the portion of an email address after the @ symbol. For most people reading this guide, that will be "ohio.edu".
-
DMARC (Domain-based Message Authentication, Reporting & Conformance): This helps us make sure no one uses our email address without permission. It ensures that emails from our domain are really sent by us.
Discontinuation of Granting Exceptions
The practice of adding the IP addresses of senders to a list that bypasses spam filters is being discontinued. Granting exceptions can be useful in some cases, but it also has some drawbacks:
-
Reduced Effectiveness of Email Authentication Protocols: Granting exceptions can undermine the effectiveness of DKIM, SPF, and DMARC. These protocols rely on the recipient's spam filters to verify the authenticity of the sender.
Improving Email Deliverability with External Senders
Instead of granting exceptions for third party IP addresses, consider the following best practices to enhance email deliverability with external vendors:
-
Implement Email Authentication Protocols: Request your vendors to set up DKIM, SPF, and DMARC for their domains and ensure they are configured correctly. These protocols help verify the authenticity of the sender and protect against email spoofing.
Best Practices to Avoid Missing Important Emails from External Vendors
Even if your vendors follow best practices, some emails may still end up in your junk mail folder due to various factors. To avoid missing important emails from external vendors, consider the following user best practices:
Communicating with Vendors
The following is sample verbiage users can utilize about these changes when communication with vendors:
"On January 5, 2025, Ohio University will begin enforcing stricter sender authentication policy, which may impact third-parties sending from @ohio.edu email addresses.
Our department/organization currently has an arrangement with you to send emails on our behalf. We'd like to continue that arrangement after the January deadline, but it won't be technically possible if your email system doesn't comply with our stricter policy. Messages you send on our behalf from ohio.edu addresses must be authenticated using DKIM and/or SPF. Can you please confirm that your email system is able to meet these standards?
If it is necessary to make any changes, our IT team will need to be involved. Please provide us with a technical contact that our IT team can reach out to in order to get the process started."
Get Help From OIT