Email spoofing (creating forged email addresses and content); is widely used in email-based fraud, such as phishing messages, making it necessary to have validated identification of email.

In practice, someone sends a message claiming to be from [email protected]. The goal is to convince the recipient to accept and read the email. The name of the sender may look familiar or the message like a known organization; making it difficult for recipients to determine if they should trust this message.

DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. The purpose and primary outcome of implementing DMARC is to protect a domain from being used in email compromise attacks, phishing emails, email scams and other cyber threat activities.

Once the DMARC DNS entry is published, receiving email systems can authenticate the incoming email based on the instructions published by the domain owner within the domain name service (DNS) entry. If the email passes the authentication, it will be delivered and can be trusted. If the email fails the check, depending on the instructions held within the DMARC record the email could be delivered, quarantined or rejected.

DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect forged sender addresses in emails (spoofing). By affixing a digital signature to your messages, DKIM allows recipient systems to verify that your messages have been authorized by the email domain owner (UCSF).

Departments prefer sending from an @ucsf.edu email address to help promote acceptance of their email communications as being from the University. These messages may be an application notification or part of a mass email campaign; in both cases the sender wants their message to be identified as from UCSF.

Correctly identifying email communications legitimately sent as "from UCSF (@ucsf.edu)", while blocking email traffic from anyone not authorized to do so, is our task. The added benefit is that this also assists in better delivery of UCSF branded messages to all email services as well as helping protect the reputation of UCSF.

Learn more about DKIM at https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail.

Use-cases

• Managing Email Sent from a UCSF System or Application

• Managing External Email Vendors