Email Spoofing and Authentication

Summary

Explains what spoofing is and the technology USD has employed to deter it

Body

Issue/Question

Why is somebody receiving email from me or my department that I did not send or authorize to be sent?
How can I stop somebody from sending email as me or my department?

What is DMARC?

Environment

  • Email
  • Authorized Senders
  • Email Authentication

Cause

Email addresses are easily spoofed 

Spoofing is a process wherein email is sent, from what appears to be a legitimate USD email address, to another user, without the email address owner's permission or knowledge.   Spoofed USD email - email sent as some.address@usd.edu - is used by hackers to deliver phishing emails and malware to our campus  

Spoofed email is also used at times by legitimate services to send on USD's behalf, ie. Salesforce, which has made malicious spoofing difficult to stop

Resolution

A technology has recently emerged that addresses this problem by using "DMARC email authentication"

As of August 1, 2023, USD will whitelist a set of authorized external spoofing senders and deliver spoofed email from non-approved senders, like scammers and hackers, to email Junk folders. 

This proofs our email to other email systems and should help improve delivery rates, reduce fraud, deter hackers from even trying to spoof our email, and not allow a type of highly successful phishing that leverages email spoofing to make its way to our users. 

Current authorized spoofing senders have been identified with campus stakeholders and are already on the whitelist. Some of those authorized senders include, but are not limited to:

  • Salesforce Marketing Cloud
  • Constant Contact
  • LSoft
  • D2L
  • Salesforce
  • Qualtrics
  • ExamSoft
  • Volusion
  • Paciolan
  • OCLC

Note: ITS cannot guarantee the delivery of forwards to non-USD accounts.  Some outside email providers may treat forwarded email as SPAM or JUNK.  Please see Setting Up and Removing Mail Forwarding for more information.

Please contact the Service Desk if you have any questions or concerns related to email or email delivery

ITS STAFF ONLY

  1. Follow Adding a Vendor to Valimail and Setting Up DMARC

Details

Details

Article ID: 8547
Created
Mon 7/31/23 1:56 PM
Modified
Thu 8/3/23 10:34 PM
KCS Article Status
WIP: Only Problem & some Environment captured
Not Validated: Complete & Resolution captured, confidence lacks in structure, content, no feedback
Validated: Complete & reusable, used by licensed KCS user, confidence in resolution & std. compliance
Validated