Skip to main
University-wide Navigation

Securing Email with DMARC

The University of Kentucky is working toward implementation of the Domain-based Message Authentication, Reporting & Conformance (DMARC) protocol to protect from cybersecurity attacks via email (e.g., phishing, spoofing).  

How does DMARC work? 

DMARC monitors all mail that is sent on behalf of the University (e.g., @uky.edu), including mass mailing, third-party email service providers, automated notifications, and mail servers. DMARC tells a receiver what should happen to their mail if it does not pass an authentication method (e.g., junk or block message) and removes guesswork from the receiver’s handling of these failed messages. This limits exposure to potentially fraudulent or harmful messages.  

DMARC works in two ways: 

Unauthorized
It detects unauthorized activity and provides information about how to handle unauthorized email. For example, a spoofed email may be blocked from reaching your inbox or put into the spam folder. 
Legitimate
Monitoring and Identification of legitimate senders and approved/verified vendor applications (e.g., Salesforce Marketing Cloud, M365 groups), mail servers, etc. that send mail as University of Kentucky.

 

To verify emails, DMARC uses one of two technologies: 

What does this mean for email at UK? 

UK Information Technology Services (UK ITS) has been working to ensure that legitimate email sent on behalf of the University is compliant with DMARC. For most, the implementation will happen with no further action required.  

For those that administer servers or send email using platforms that are not compliant with DMARC, you will need to contact UK ITS Directories & Messaging team by filling out the Third-Party Email Application Support form. 

Examples of DMARC compliant email service providers at UK: 

  • M365 Groups or distribution lists 

  • Salesforce Marketing Cloud 

Examples of email service providers that may not be DMARC compliant at UK and need technical assistance to become DMARC compliant: 

  • MailChimp 

  • Constant Contact 

  • Emma 

What happens if the email I send is not DMARC compliant? 

After DMARC is implemented, any mail that is not compliant will be blocked or sent to junk/spam folders. 

How can I test whether my emails will be affected? 

If you would like to test whether emails will be affected by DMARC, send a message from the @uky.edu email address in question (e.g., MailChimp) to dmarcverify@uky.edu, where it will be reviewed by the UK ITS Directories & Messaging team.

How can I get help?

If at any time you would like to request support for configuring third-party email applications, please fill out the Third-Party Email Application Support form.

Customer Services

Important Information
24/7 Urgent Assistance 859-218-HELP (4357)
Non-Urgent Matters techhelpcenter.uky.edu/assistance
Online Support techhelpcenter.uky.edu
 1:1 Assistance Student Tech Help @ The Hub in W.T. Young Library
University of Kentucky Homepage A link to return to the University of Kentucky Homepage
An Equal Opportunity University
Accreditation
Directory
Email
Privacy Policy
Accessibility
Disclosures
© University of Kentucky
Lexington, Kentucky 40506