DCU DMARC information page

On the 1st March 2024, DCU moved to a DMARC quarantine level with all staff and student email identities.

DMARC is an email authentication protocol that is designed to protect the DCU email domain from unauthorized use, commonly known as email spoofing.

The purpose and primary outcome of implementing DMARC is to protect a domain from being used in business email compromise attacks, phishing email, email scams and other cyber threat activities.

Please see the FAQs below for more information.

Q. What is DMARC and why is the university implementing it?

A: Domain-based Message Authentication, Reporting and Conformance is an email authentication protocol. It is designed to give the university the ability to protect our domain from unauthorized use, commonly known as email spoofing.

Q: How will DMARC help protect the university from phishing attacks?

A: With DMARC in place, receiving email servers will not deliver any incoming email until authenticated the sending domain. This helps protect university owned domains from business email compromise and phishing attacks that use domain spoofing to trick victims.

Q: When can we expect to see a rise in rejected emails after implementing a DMARC reject policy?

A: Unauthorised server providers sending emails using @dcu.ie will get a reject immediately. To have a service provider authorised for sending as @dcu.ie please raise a ticket with DCU ISS

Q: What resources are available to help us analyze DMARC reports and identify legitimate senders?

A: ISS can analyse all mail rejections using our DMARC analysis tools, please raise a ticket with DCU ISS if you believe your mails have been dropped due to DMARC

Q: Are there any specific concerns related to how our university email infrastructure interacts with DMARC?

A: All authorised service provider mails will be delivered as normal.

Q: How will DMARC integrate with our existing email authentication protocols (SPF and DKIM)?

A: Our dmarc policy requires authorised mail sending services to have either a DKIM key or SPF record within our DNS.

Q: How can we ensure emails from legitimate third-party services like mailing list providers or HR software aren't blocked?

A: ISS have undertaken extensive analysis work to ensure all existing third-party services will work as expected when DMARC is in place.

Q: What is the process for whitelisting authorized senders?

A: To have a service provider whitelisted through the use of DKIM key please raise a ticket with DCU ISS

Q: Will this new policy affect how I send emails to students or colleagues?

A: No, Sending mails from the gmail interface to students or colleagues will not be impacted. If you use a mail handling service such as mailchimp or sendgrid you will contact us first and have a DKIM key setup.

Q: What should I do if I receive a notification that an email I sent was rejected?

A: Please raise a ticket with DCU ISS so we may investigate

Q: Is there anything else I can do, beyond DMARC, to improve my email security?

A: Yes, DMARC acts as a foundational layer of email security but for well rounded protection ISS recommends only checking email from university managed systems as these have advanced security tools and MFA as standard.