Email Delivery Can Be Affected by External Service Providers’ DMARC Policies | Information Technology | University of Pittsburgh
!

Email Delivery Can Be Affected by External Service Providers’ DMARC Policies

Overview

Some external email service providers and organizations have enabled an email authentication policy intended to help prevent email spoofing (a technique used to forge the From address of an email message so that it appears to come from a known sender).

However, in some scenarios this email authentication policy can interfere with the delivery of legitimate email messages, including messages addressed to @pitt.edu addresses. For example, U.S. government agencies do not deliver email to forwarded accounts because of a federal directive to implement DMARC policies. If you forward your Pitt email to a personal account, please be aware that you may not receive emails from federal agencies at that forwarded account—including information about federal grants. 

If you send and read your University email through your Pitt Email (Outlook) mailbox, you will not be affected by this issue. You could be affected by this issue if you read your University email at another location (for example, if you forward your University email to your Gmail, Yahoo, or AOL address).

What Causes This Problem?

Some email providers—such as Gmail, AOL, and Yahoo—have implemented a policy known as DMARC (Domain-based Message Authentication, Reporting, and Conformance). In addition, federal agencies have implemented DMARC because they are mandated by the Department of Homeland Security to follow Binding Operational Directive 18-01.

DMARC is an email authentication method used to verify that messages sent from a certain domain are, in fact, from that domain. DMARC can help prevent phishing emails from being delivered. However, it also has the potential to cause delivery problems for email lists and email forwarding services. This is true not just at the University of Pittsburgh, but at universities and companies around the world.

How Might I Be Affected?

You may be affected if you use a non-University email account with an email service provider that has a DMARC policy set to reject or quarantine messages that have not been sent through its servers. For example:  

  1. If you have your Pitt Email forwarded to a non-Pitt address, then messages sent to your Pitt address from a non-Pitt address may not be delivered.
  2. If you use your non-Pitt Email address to send messages to a pitt.edu address, then your messages may not be delivered to people who have their pitt.edu email forwarded to a non-Pitt address.
  3. If you are using email marketing software or an email campaign manager (for example, Mailchimp or Constant Contact) and you are spoofing a University of Pittsburgh email address, then it is possible your messages might not be delivered due to the security policies put in place by email service providers.

Below is a hypothetical scenario in which a legitimate email message may not be delivered. 

Sample DMARC scenario

What Can Be Done to Prevent This Issue?

The issue with mail delivery is the result of how external email service providers decide to configure their DMARC policies, so there is little the University of Pittsburgh (or any other university or company) can do.

The best way to avoid the issue is to ensure you are receiving your University email in your Pitt Email (Outlook) mailbox (and not forwarding your University email to another address). You can complete these steps to ensure you are receiving your email in your Pitt Email (Outlook) mailbox.  

  1. Log in to accounts.pitt.edu.
  2. Click Email & Messaging.
  3. Click Set Email Preferences.
  4. Click Forwarding.
  5. Click I want to receive my email in my Pitt Email mailbox.
  6. Click Submit.

If you are using email marketing software or a campaign manager and are spoofing a Pitt Email address, please contact the 24/7 IT Help Desk at 412-624-HELP (4357) to make them aware so that they may assist you. If you do not inform Pitt IT that you are using these services and spoofing a University email address, then your email messages may be quarantined or blocked by external email service providers.

Where Can I Learn More About DMARC?

More information is available on the DMARC website: