Enhancing Email Security with DMARC
domain-based message authentication, reporting, & conformance
As part of an ongoing effort to combat phishing scams and increase email security, the Information Technology Services department is implementing the Domain-based Message Authentication, Reporting & Conformance (DMARC) protocol.
Bad guys and spammers can forge the "From" address on email messages to make messages appear to come from someone @bc.edu.
WHAT CAN YOU DO?
BC ITS can use technology called DMARC to protect messages sent from authorized BC senders and stop messages from unauthorized ones. By default, authorized BC senders include all students, faculty, and staff, sending messages from actual BC Gmail accounts.
BC Implementation of DMARC
The tricky part is that enabling DMARC in our current technological environment would actually prevent many legitimate messages from reaching recipients, in addition to stopping unauthorized ones. This is because many departments at BC use non-BC tools which can send emails that appear to be from “@bc.edu” email accounts but are not sent from an actual BC Gmail account. These tools include email marketing tools and other 3rd party applications, such as:
- Email Marketing Tools: Mail Chimp, Constant Contact, Salesforce etc.
- 3rd Party Applications: Qualtrics, ZenDesk, AutoDesk, and Cashnet
These tools must all be made DMARC compliant by working with the vendors to ensure your accounts are set up in a way that meets the DMARC requirements.
What Do You Need to Do?
If you use an email marketing tool or a 3rd party application to send emails that appear to be from @bc.edu email accounts, please let us know by filling out this google form. We will use this information to determine if any action is needed to ensure your emails reach their intended audiences after DMARC is turned on.
For security reasons, we may need to enable DMARC in the next 6-18 months, so verifying your tools are compliant beforehand will ensure they continue to work once DMARC is enabled.