Back in January 2022 the University intended to set a default DMARC policy for all sub-domains to be “sp=reject”. As inf.ed.ac.uk is a sub-domain that would have affected us, and so we set it to “none” while we considered the implications.

Though the University has still not made its change, we are now going to change our DMARC policy to “p=reject”. This should not affect people sending legitimate email via Informatics or University mail services, but will make it harder for spammers to forge email claiming to be from @inf.ed.ac.uk addresses.

Anyone who is sending mail as from an @inf.ed.ac.uk address, but who are not using Informatics or University mail systems (Office 365), as defined by our SPF record for inf.ed.ac.uk, then their mail is likely to be flagged as spam by receiving mail servers.

We expect to make this change to our DMARC record in 2 weeks time, the 14th of June 2023.

Update: 14/6/2023

The above change has had an unanticipated effect on our mailing lists. A while back the action mailman takes when it receives posts from domain with a DMARC “reject” policy is to “munge” the From header when sent to the list – see blog post https://blog.inf.ed.ac.uk/systems/2021/07/19/dmarc-change-to-mailman-lists/.

This means that posts from @inf.ed.ac.uk address are also now munged, even though we are entitled (via our SPF records) to send mail as @inf.ed.ac.uk . This would seem to be a bug in mailman (our mailing list software), but if it is an issue for a particular list, it can be turned off per list.

By the end of the year our mail server will have been upgraded, and running a newer version of mailman. This less than optimal behaviour will hopefully be resolved at that point.

Update: 27/6/2023

Following a couple of mail forwarding incidents related to this change, the “reject” policy has been lessened slightly to “quarantine” while we investigate the issues.

Neil

Changes to inf.ed.ac.uk DMARC policy / Computing Systems by is licensed under a