Quick Start

Available to: Faculty, Staff, Departments

Cost: Third-party services may have additional licensing costs.

In today’s world, email authentication is essential to ensure that Boston University has a secure online reputation and maintains brand trust with correspondents. It is imperative that any vendor that sends email ensures that compliance with standard email policy is at the top of a best practice list.

Email vendors such as Google and Yahoo, among others, have announced that they are now enforcing Domain-based Message Authentication, Reporting and Conformance (or DMARC) for email security. In order for your email system to pass DMARC requirements, emails must pass Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM) checks.

Requirements for third-party email senders:

In order to send email from a third-party service with a high level of confidence that the email will not be marked as spam, two records need to be added to the DNS configuration of @bu.edu or @subdomain.bu.edu:

SPF Record(s)

SPF records are used to prevent spammers from spoofing your domain name. Recipient servers can use the SPF record you publish in DNS to determine whether an email that they have received has come from an authorized server or not. The servers are then able to decide about how to treat that email.

The SPF record will contain the IP address(es) or IP Address range that the third-party service will be using to send email. This information will need to be obtained from the third-party service.

Example:

v=spf1 ip4:ip-address,addresses or range ~all

DKIM Record

DKIM is a form of email authentication that allows an organization to claim responsibility for a message in a way that can be validated by the recipient. DKIM uses public key cryptography to verify that an email message was sent from an authorized mail server in order to detect forgery and to prevent delivery of harmful email like spam. The DKIM record will contain a public key generated by the same third-party service that provided the SPF information.

Example:

v=DKIM1; k=rsa; h=sha256; p=MIGfM30GCSqGSIv3DQEv3QU334GN3DCviQKvgQDmvSkO7TiWkvD4K+CqtJVCsfh0yFcOnvZfmhUZsjzKIivvvlhEYGyXdt3IToiCoYvp3Cf+Nt8gHtC/f7FSew+SWVxgGlWH7gSCeJ27icivCD8JNhvvCfveXvy7P5QJSq77ZvztzvML3cR+MOjtUd5YVKn31v4zh8xDw8P1qIcCcwID3Q3v

Getting Started

Please provide IS&T at least a two week lead time from the original request to sending the first bulk email due to the multiple steps needed to ensure delivery.

The process to enable a third-party to send as BU is as follows:

  1. Client ensures that the prerequisites are met.  Most third-party senders will have this documentation clearly published on their company’s website.
  2. Please submit a request with the requested SPF and DKIM information as well as what email address you will be sending from (i.e. marcom@bu.edu).
  3. IS&T will verify documentation and will work with you to verify that your vendor and email address are in compliance.
  4. In coordination with IS&T, send a test message from the third-party service to test the DNS configuration and successful delivery of the email message. The email headers will provide the DKIM and SPF validation status.

Additional Information

IS&T supported services are configured for DMARC compliance. For example, ServiceNow, Ariba, Salesforce, BlackBoard, Qualtrics, etc. are already compliant.