ITS is working with departmental IT staff on implementing protocols to reduce the number of legitimate messages being marked as spam by external email servers and removing the [External] tag on messages sent by university departments using third-party vendors (e.g., Constant Contact, Campaign Monitor, etc.). Implementing these protocols can help with Inbox placement, brand protection, spoofing protection (both in university email systems and external email systems), and by-passing [External] tagging.
Note: External to Office365 email senders with DMARC compliant uiowa.edu subdomains should not need exemptions to external tagging. [External] tagging will not be added if both the following two conditions are met:
- The sender address is .uiowa.edu
- The Authentication-Results email header has dmarc=pass in it.
There are several protocols that we can implement to verify that messages are legitimate:
DMARC (Domain-based Message Authentication, Reporting & Conformance) - https://dmarc.org/ For DMARC, you need to enable SPF or DKIM, preferably both.
SPF (Sender Policy Framework) - https://dmarcian.com/what-is-spf/
DKIM (DomainKeys Identified Mail) - https://dmarcian.com/what-is-dkim/
As a policy, we do not whitelist an IP address or email sender. If we did, anyone sending from that address or vendor (e.g., Constant Contact) could send email as a university address and it would pass through our spam filters. This can lead to spoofed email and phishing messages being sent from what looks like a valid university address.
If you have a third-party application you are using to send email from a university address and you want to improve your Inbox placement and not have your messages flagged as [External], please do the following:
- Fill out the Request Form for DMARC meeting
- Attach and send samples of an actual message sent via your UI or third-party application. We will need a sample message sent from each application if you use more than one. Please send the messages as attachments to email@example.com so that we can have the full headers.
Once we receive the form and full headers samples, we will contact you to schedule a meeting.