DMARC Email Validation System

Trusted email communication among our community, partners, and vendors is an important part of how we function as a higher education institution. To that end, Pitt Information Technology's Domain-based Message Authentication Reporting and Compliance (DMARC) Email Validation System ensures that only legitimate outbound email messages from University email domains are delivered to recipients.

What is the DMARC Email Validation System?

The DMARC Email Validation System gives Pitt IT the ability to protect University email domains from unauthorized use, like email spoofing.

University email domains refer to the University's primary "pitt.edu" domain as well as associated subdomains like "athletics.pitt.edu" or "cfo.pitt.edu".
Spoofing is a technique that attackers use to forge the "From" address of an email message so that it appears to come from a known sender.

Once the DMARC Email Validation System is fully in place, Pitt domains cannot be used without explicit authorization. This ensures email users that messages sent and received from University email domains are legitimate. To implement the DMARC Email Validation System, Pitt IT has partnered with Valimail.

Preparing for the Transition

If you use a third-party broadcast email platform (such as Campaign Monitor, Mailchimp, or Constant Contact) to send email on behalf of the University via the pitt.edu domain or one of its subdomains, contact the Technology Help Desk as soon as possible to have your platform configured as an authorized sending service.

If your broadcast email platform is not set up as an authorized sending service, then email sent through the platform will not be delivered to recipient inboxes as we begin phase 2 of our implementation. Instead, messages will be redirected to a spam/junk folder or blocked from delivery entirely.

In addition, contact the Technology Help Desk whenever your department:

Begins working with a new third-party broadcast email platform, so that Pitt IT can set up that platform as an an authorized sending service.
Discontinues a relationship with a third-party broadcast email platform, so that Pitt IT can remove that platform as an an authorized sending service.

Implementation Phases

To ensure a smooth transition, the implementation of the DMARC Email Validation System at the University will be conducted in phases. We will update this page as specific timelines are determined.

Phase 1 (Current Phase)

The DMARC Email Validation System is currently operating in a “report-only” configuration. This means that all email messages sent on behalf of pitt.edu domains that fail DMARC are still being delivered. This phase allows time for Pitt IT to work with University departments to identify and configure authorized sending services.

Phase 2

Pitt IT will begin enforcement by changing the University's policy to “Quarantine”. During this phase, email messages sent via unauthorized sending services will be redirected from the recipient's inbox to their spam or junk folder.

Phase 3

After the “quarantine” period, Pitt IT will change the University's policy to “Reject.” At this point, the DMARC Email Validation System implementation will be complete and pitt.edu domains will be fully protected from unauthorized use. Email sent by unauthorized sending services will be automatically blocked from delivery to recipient inboxes.

We Are Here to Help

If you have any questions, or if you experience email delivery issues that you think may be related to the enforcement of the DMARC Email Validation System, please contact the Technology Help Desk so that we can assist you.

Examples of Third-Party Broadcast Email Platforms

Following is a list of third-party broadcast email platforms who may provide email sending services on behalf of the University:

Amazon SES
Campaign Monitor
CampusLogic StudentForms
Constant Contact
DigitalOcean
EAB Navigate
Emma
ICORS Mailing List
iModules Encompass
Jaggaer
L-Soft EASE
Mailchimp
MBS
Oracle Taleo
Paciolan
Salesforce
SendGrid

Information Technology

Search form