DMARC or Domain-based Message Authentication Reporting & Conformance is an authentication protocol used by email systems to ensure the sender is who they say they are. This policy will prevent someone from using the bowdoin.edu domain without our knowledge. This will help to minimize both spoofing and phishing emails.
How does this work?
A DMARC policy allows a sender to indicate that their messages are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes – such as junk or reject the message. DMARC removes guesswork from the receiver’s handling of these failed messages, limiting or eliminating the user’s exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation.
What do I need to do?
There isn’t anything you need to do. Bowdoin IT has already taken the action needed to set up this policy.
Why are you telling me?
There are two reasons we are communicating this:
-
There may be a third-party solution that is sending mail on our behalf that Bowdoin IT is not aware of. At this point IT has made necessary changes for systems that have sent email since January 2024.
-
If you are using your Bowdoin email for a service not purchased, licensed, or contracted by Bowdoin and they are sending email on your behalf your email will not be delivered. For example, if you are using the service “Book Me Now” and that service is using your Bowdoin email to send notifications and confirmations those emails will fail. This is not something Bowdoin IT can fix. Using this example, “Book Me Now” is aware of the impact of DMARC and has a dedicated support page explaining how customers can change how they are communicating via email.
Why is this being turned on?
Google and Yahoo announced last year they will be required to use DMARC for all mass emails that are sent to their mail system beginning February 2024. This was the warning to the rest of the world to get your DMARC policy configured. DMARC is also highly recommended by auditors and security experts to protect