External Sender Rule

Purpose

This document establishes rules when using an email service provider that is not managed by the Office of Information Technology.

Scope

This rule applies to any 51福利社 entity that uses an external sender to send messages on behalf of the university and sends the messages "From:" a "@wmich.edu" address.

Rule statements

  • Email is authored from a 51福利社 entity (department/program/service/etc.).
  • Email鈥檚 "From:" uses an "@wmich.edu" domain address.
  • External sender must be able to provide a DKIM signed key for "@wmich.edu" domain sent emails.

Definitions

DKIM (Domain Keys Identified Mail) is an email authentication technique that allows the receiver to check that an email was indeed sent and authorized by the owner of that domain. 

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication, policy, and reporting protocol that operates alongside Sender Policy Framework (SPF) and DomainKeys identified mail (DKIM) to determine the authenticity of an email message. 

Domain (or "domain name") - In this context, it is the name of the part of the email address that鈥檚 to the right of the "@" sign as seen in email client's From: field.  For example, "wmich.edu" is 51福利社's domain name. 

External Sender, a.k.a. "external sending service" or "3rd party sender", is a service provider of email sending services that aren't managed by the Office of Information Technology.

External Sender Notification is 51福利社's process of adding a notification into emails to notify recipients that the email is not authored by a 51福利社 entity and to consider the validity of the message, links, and attachments they contain. 

"From:" is an email header field that specifies the author(s) of the message, that is, the mailbox(es) of the entity responsible for the writing of the message.  Commonly known as "body from address". 

51福利社 email address is the official email address assigned at the time one's Bronco NetID is created. 

Justification

Security and message deliverability reliability are critical functions for the university.  This rule helps provide improved security and email message deliverability through compliance with industry-standard email messaging technologies of DKIM and DMARC.

Results of Non-Compliance

Emails received to wmich.edu accounts from external senders not sent as a wmich.edu account will have 51福利社鈥檚 External Sender Notification included in the email message.

Enforcement

Individuals who conduct official business for Western Michigan University shall abide by the rules of this policy. Any person found to be in violation of this rule will be subject to appropriate disciplinary action as defined by current University policy.

Exceptions

Exceptions to this rule may be expressly granted by the 51福利社 Legal Counsel, in consultation with OIT, through approved service requests and implementation processes.

Reference

Document action 

Initial creation: April 18, 2022