Any views expressed within media held on this service are those of the contributors, should not be taken as approved or endorsed by the University, and do not necessarily reflect the views of the University in respect of any particular issue.

Computing Systems

Computing Systems

Informatics Computing Staff jottings

Changes to University DMARC record

To make it harder for spammers and scammers to forge email claiming to originate from the ed.ac.uk domain, the University will shortly be changing the DMARC sub-domain policy (sp argument) to “reject”.

This change will tell any mail services that use DMARC and SPF  tests when validating email, that any email that fails the SPF test for any *.ed.ac.uk, that it is recommended that the mail be rejected.

This, if we did nothing, could affect mail being sent as from @inf.ed.ac.uk addresses. However we have a DMARC record for inf.ed.ac.uk which currently sets our policy as “none”, which will take precedence over the ed.ac.uk’s sp=reject.

Users are unlikely to notice any change (other than hopefully a reduction in forged email claiming to come from a legacy domain like @dai.ed.ac.uk).

However if you are sending mail as coming From: an address that is not @ed.ac.uk or @inf.ed.ac.uk, then mail relays may start flagging your mail as suspicious, and marking it as spam.

Similarly if you are sending mail as From: @ed.ac.uk or @inf.ed.ac.uk but not using the Informatics or University relays as your outgoing SMTP server, then again other relays may see your mail as suspicious and flag it as spam.

Neil

Update 7/2/2022 – Currently this proposed change has been postponed, but will happen at some point in the future

Changes to University DMARC record / Computing Systems by is licensed under a

Posted by

Categories

Information Service Update

Tags

No tags have been added to this post.

Previous post

Next post

1 replies to “Changes to University DMARC record”

  1. neilb says:
    25 May 2023 at 14:50

    FYI, to have a look at what DMARC and SPF record is published for a domain do this for DMARC:
    > dig +short txt _dmarc.dcs.ed.ac.uk
    “v=DMARC1; p=reject; rua=mailto:dmarc-rua@dmarc.service.gov.uk,mailto:dmarc@ed.ac.uk”

    and this for SPF
    > dig +short txt dcs.ed.ac.uk | grep -i v=spf
    “v=spf1 -all”

    Reply

Leave a reply to neilb

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Changes to University DMARC record / Computing Systems by is licensed under a
css.php

Report this page

To report inappropriate content on this page, please use the form below. Upon receiving your report, we will be in touch as per the Take Down Policy of the service.

Please note that personal data collected through this form is used and stored for the purposes of processing this report and communication with you.

If you are unable to report a concern about content via this form please contact the Service Owner.

Please enter an email address you wish to be contacted on. Please describe the unacceptable content in sufficient detail to allow us to locate it, and why you consider it to be unacceptable.
By submitting this report, you accept that it is accurate and that fraudulent or nuisance complaints may result in action by the University.

  Cancel