Drexel has implemented DMARC, an email authentication, policy, and reporting protocol, to augment our email security initiative and efforts to combat phishing, email scams and spoofing of our domains.

How DMARC Works

DMARC provides behind the scenes protection against spam, phishing emails and emails that spoof Drexel domains. For additional information on how DMARC works, visit dmarc.org.

This protection leverages two processes and technologies to verify emails:

Processes:

• Detection as to whether an email message is legitimately from a sender and provides information about how to handle illegitimate emails. For example, a spoofed email may be blocked from reaching your inbox or put into the spam folder.
  
  AND
  
  
• Monitoring and Identification of legitimate senders and approved/verified vendor applications (such as Mail Chimp or Constant Contact), mail servers, etc. that send mailings as Drexel University.

Technologies:

• Domain Keys Identified Mail (DKIM), which is a signature-based email authentication process. For more information, visit https://www.valimail.com/blog/what-is-dkim/
  
  
• Sender Policy Framework (SPF) – is a path-based email authentication process. For more information, visit https://www.valimail.com/blog/what-is-spf/

DMARC Implementation and Actions Needed

Everyone at Drexel will be impacted by the implementation of DMARC, but these changes will be transparent to our user community. If you use or support a third-party application or email service sending emails from a university address, please contact the Information Security Team to validate and request DMARC, DKIM, SPF setup.

Contact

Contact the Information Security team at informationsecurity@drexel.edu or 215.895.1984.