Home > Services > Email at UCT > Domain-based message authentication policy

Domain-based message authentication policy

Domain-based message authentication policy to be implemented

Universities are constantly being targeted by cybercriminals because they have access to large amounts of world-class research, sensitive information (e.g. patient files), and confidential data such as banking details, ID numbers, usernames and passwords). Cybercriminals are therefore always looking at sophisticated ways to gain access to the UCT network.

While phishing attacks remain one of the most common strategies, email spoofing is becoming increasingly popular. Spoofing occurs where a legitimate email address is forged so that it looks like you’re receiving an email from a trusted source (e.g. your Dean), when in fact the message is from a completely different entity – usually a cybercriminal.

 

New policy ensures that UCT email domain cannot be used without authorisation

In addition to our existing security measures, ICTS will implement a Domain-based Message Authentication Reporting and Compliance (DMARC) policy. This will ensure that only UCT-authorised vendors can send emails to campus on behalf of UCT departments or groups.

This policy applies only to a service or platform that’s hosted outside the university and has been configured to send emails on behalf of UCT, (using any @uct.ac.za email address). The policy also guarantees UCT’s email recipients that such messages from UCT domains are indeed genuine.

 

Authenticated mail delivery senders’ criteria

Below is a list of approved or verified senders. If the service you're using is not on this list, you need to log a call to register an authenticated mail delivery service and motivate why you require that service.

Approved or verified senders
  • Office 365

  • Mimecast

  • Everlytic

 

Register external messaging platforms to ensure delivery

If you send emails on behalf of UCT, but you use a service or platform messaging platform that’s hosted outside the university, please contact the IT Helpdesk to register these vendors. You will need to provide the following information:

  • Vendor/Service name
  • Email address you would like to send from
  • Recipient types:
    • UCT staff
    • UCT students
    • UCT alumni
    • Other: please specify
  • Motivation for using this mail delivery sender

This will ensure that the new system authorises those vendors to communicate via the UCT domain.

If you do not register the vendors, your intended recipients will not receive your communications as the emails from those platforms may be blocked or placed in the recipients’ spam or junk folders.

 

Later changes to vendor authorisation

Beyond this initial registration, if you add or remove vendors at a later stage, please log a call with the IT Helpdesk to ensure that the correct vendors are authorised. Vendors whose access has been removed will no longer be able to send emails via the UCT email domain.

 

Need help?

Should an authorised vendor experience email delivery issues, please log a call on their behalf with the IT Helpdesk using one of the following methods:

You will need to provide the following information:

  • Date
  • Time
  • Sender address
  • Subject
  • Error description