University of Wisconsin–Madison
DMARC Policy

New email policy shields campus from phishing

UW-Madison will soon have another weapon in the battle against the continuous stream of spoofing, and phishing emails hurtling towards our inboxes. In July 2019, the UW-Madison Office 365 team and Office of Cybersecurity will protect the @wisc.edu email domain by implementing Domain-based Message Authentication, Reporting & Conformance (DMARC).

What is DMARC?

DMARC is an email authentication, policy, and reporting protocol. Many external email services, like Gmail, already use DMARC to evaluate inbound mail. The policy allows email providers to differentiate between valid email messages coming from a domain and email messages imitating or “spoofing” that domain. A message that is determined to be a spoof can then be blocked, quarantined, or trashed before it gets to the recipient.

How will DMARC Help?

A campus-wide DMARC policy will allow our mail system to reject email from senders “spoofing” UW-Madison email addresses. This will result in fewer spoofing and phishing emails reaching mailboxes, significantly reducing the number of compromised accounts. Successful phishing attacks are the main cause of compromised accounts on campus systems. Enforcing a DMARC policy will also help ensure the UW-Madison brand preserves its authenticity and credibility.

What do I need to do?

DMARC policy will not affect regular O365 email accounts or mail relayed through WiscMail. However, systems or individuals who send messages through third-party applications (MailChimp, Constant Contact, etc.) or non-UW-Madison email accounts (Gmail, etc.) using the @wisc.edu email domain will be affected. Recipient mailboxes may filter those messages out as suspicious emails because the domains don’t match. You can prevent this risk by using a department subdomain, for example @department.wisc.edu, when sending messages through a third-party system or non-UW-Madison email account.

If you feel you or your department may be affected by DMARC policy, please get in touch with us in the following ways to ensure your messages will be compliant and successfully reach their recipients.

Attend an Information Session:
12/12/18 from 2 pm – 4 pm in CS 3139ABC
1/15/19 from 10 am – 12 pm in CS 3139ABC
1/16/19 at 10 am – 12 pm in HSLC Room 1220/1222
1/22/19 from 1 pm – 3 pm in Pyle Center – Room 226
1/23/19 from 1:30 pm – 3:30 pm in CS 3139ABC

Request A Consultation:
If you would like help to develop a plan for sending DMARC-protected email, fill out the Email Authenticity Consultation Form to schedule a one-on-one consultation.

Contact the Implementation Team:
You can send your related questions to dmarc@doit.wisc.edu.