Major email providers have announced that they have started enforcing DMARC/DKIM/SPF email security standards in order to send email to them. What that means to us is that external email providers will increasingly block or mark as spam email coming from UCI unless this email security standard is fully implemented. This is to ensure that all email where the “from” address is “uci.edu” are not being spoofed but rather being sent from a UCI-approved service.
OIT is implementing changes to OIT-managed email services to comply with these standards.
If you are using a 3rd party service to send bulk emails as “uci.edu” (such as Constant Contact, MailChimp, SendGrid, etc), please contact the OIT Security Team at security@uci.edu to help get your 3rd party service configured properly.
OIT is also offering Proofpoint Secure Email Relay (SER) for campus services that require an email relay. SER allows the relay of any uci.edu or uci.edu subdomain email to any recipient. SER sent emails are fully DMARC, DKIM, SPF compliant. SER is available in two options:
Authenticated SMTP in the cloud
If your application or server can support authenticated SMTP, this is the preferred method.
Requirements:
- Authenticated SMTP (SMTP AUTH PLAIN or LOGIN)
- Port 25 (STARTTLS required), port 465 (SMTPS), port 587 (STARTTLS required)
- TLS v1.2+
- Able to connect to smtp-us.ser.proofpoint.com
On-campus network SMTP relay
If your application can not support authenticated SMTP or can not reach the Internet, this on-campus service can relay the email to SER.
Requirements:
- Unauthenticated SMTP only, no support for authenticated SMTP
- Port 25 (STARTTLS optional)
- TLS v1.2+
- Able to connect to ser.service.uci.edu, a round-robin A record to ser1.service.uci.edu [128.200.151.76] and ser2.service.uci.edu [128.200.91.82]
Please contact the OIT Security Team at security@uci.edu to setup your application or server to use Proofpoint Secure Email Relay.