{"id":16916,"date":"2023-08-30T15:00:15","date_gmt":"2023-08-30T13:00:15","guid":{"rendered":"https:\/\/blog.rwth-aachen.de\/itc\/?p=16916"},"modified":"2025-11-04T15:58:21","modified_gmt":"2025-11-04T14:58:21","slug":"e-mail-4","status":"publish","type":"post","link":"https:\/\/blog.rwth-aachen.de\/itc\/en\/2023\/08\/30\/e-mail-4\/","title":{"rendered":"Email Security \u2013 Evaluation of DMARC Policy for Incoming Emails"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_16916 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_16916')){$('.twoclick_social_bookmarks_post_16916').socialSharePrivacy({\"txt_help\":\"Wenn Sie diese Felder durch einen Klick aktivieren, werden Informationen an Facebook, Twitter, Flattr, Xing, t3n, LinkedIn, Pinterest oder Google eventuell ins Ausland \\u00fcbertragen und unter Umst\\u00e4nden auch dort gespeichert. N\\u00e4heres erfahren Sie durch einen Klick auf das <em>i<\\\/em>.\",\"settings_perma\":\"Dauerhaft aktivieren und Daten\\u00fcber-tragung zustimmen:\",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/blog.rwth-aachen.de\\\/itc\\\/en\\\/2023\\\/08\\\/30\\\/e-mail-4\\\/\",\"post_id\":16916,\"post_title_referrer_track\":\"Email+Security+%E2%80%93+Evaluation+of+DMARC+Policy+for+Incoming+Emails\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p><div id=\"attachment_16922\" style=\"width: 310px\" class=\"wp-caption alignright\"><a href=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2023\/08\/mail-3813618_1280-1.jpg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-16922\" class=\"size-medium wp-image-16922\" src=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2023\/08\/mail-3813618_1280-1-300x199.jpg\" alt=\"Letters of a keyboard representing the word email\" width=\"300\" height=\"199\" srcset=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2023\/08\/mail-3813618_1280-1-300x199.jpg 300w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2023\/08\/mail-3813618_1280-1-1024x681.jpg 1024w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2023\/08\/mail-3813618_1280-1-768x511.jpg 768w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2023\/08\/mail-3813618_1280-1.jpg 1280w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><p id=\"caption-attachment-16922\" class=\"wp-caption-text\">Source: <a href=\"https:\/\/pixabay.com\/de\/photos\/e-mail-tastatur-taste-schaltfl%C3%A4che-3813618\/\">Pixabay<\/a><\/p><\/div><\/p>\n<p>In the fourth part of our <a href=\"https:\/\/blog.rwth-aachen.de\/itc\/en?s=E-Mail-Sicherheit\">e-mail security series<\/a>, we would like to inform you about an innovation in our e-mail security policy.<\/p>\n<p>After we reported on e-mail, e-mail statistics at RWTH Aachen University, and the SMTP protocol and its pitfalls in the <a href=\"https:\/\/blog.rwth-aachen.de\/itc\/en\/2022\/06\/15\/e-mail-1\/\">first<\/a> and <a href=\"https:\/\/blog.rwth-aachen.de\/itc\/en\/2022\/06\/15\/e-mail-1\/\">second<\/a> articles, and informed you about the DKIM identification protocol and DMARC in the <a href=\"https:\/\/blog.rwth-aachen.de\/itc\/en\/2022\/09\/07\/e-mail-3\/\">third<\/a> article, this fourth part is now about a new e-mail security requirement. To ensure that RWTH can continue to provide a secure e-mail service in the future, we have decided to introduce the evaluation of a sender&#8217;s DMARC policy when accepting mail at the university&#8217;s central mail gateway. You can find out what this means in this blog post.<\/p>\n<p>&nbsp;<\/p>\n<p><!--more--><\/p>\n<h3><\/h3>\n<h3><span style=\"color: #00549f;\">About the Background of the Previous Configuration Options<\/span><\/h3>\n<p>Mail domain owners can have different settings and appropriate measures. For example, setting special DNS records can ensure that a receiving mail system can check an e-mail to see if a sending mail system is authorized to send mail with a specific sender address. This process is known as a Sender Policy Framework (SPF) entry, which classifies email as a trusted or problematic source. Furthermore, the sending mail server can form a digital signature (DKIM) using e-mail header information: This allows the receiving mail server of a message to verify that a header information has not been modified during the transmission of an email.<\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #00549f;\">New E-Mail Security Default: DMARC Policy Evaluation<\/span><\/h3>\n<p>In addition to these two basic configuration options, a mail domain owner can now also make a recommendation to a receiving mail server. Based on the published defaults (DNS records) of the mail domain owner, the receiving mail server (RWTH Mailserver) can decide how to handle emails that do not or not fully comply with the defaults.\u00a0 This instruction that a mail domain owner can issue is called a DMARC policy.<\/p>\n<p>The RWTH&#8217;s central mail gateway now evaluates the DMARC policy of the sender&#8217;s domain for incoming e-mails as a new e-mail security requirement. Based on the settings and recommendations made there, the mail gateway decides whether an e-mail is classified as trustworthy or not. If an email is deemed untrusted, then the email acceptance is rejected, based on the mail domain owner&#8217;s settings.<\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #00549f;\">Is There a Need for Action?<\/span><\/h3>\n<p>There is currently no need for action on the part of the end user (students and employees of RWTH), since RWTH has not published a DMARC record in the DNS for itself at this time. However, the university may no longer accept redirected mails from other mailboxes due to the new configuration, if the published DMARC policy of the sender&#8217;s e-mail domain so provides.<\/p>\n<p>You have questions about mail security? Then send us a message to the <a href=\"mailto:servicedesk@rwth-aachen.de\">IT-ServiceDesk<\/a>.<\/p>\n<hr \/>\n<p>&nbsp;<\/p>\n<p>Responsible for the content of this article are <a href=\"https:\/\/www.itc.rwth-aachen.de\/go\/id\/epvp\/lidx\/1\/gguid\/PER-UKBNRQJ\/allou\/1\/\">Lina-Louise Kaulbach<\/a> and <a href=\"https:\/\/www.itc.rwth-aachen.de\/go\/id\/epvp\/lidx\/1\/gguid\/PER-2J3BZDS\/allou\/1\/\">Thomas P\u00e4tzold<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>Sorry, this entry is only available in Deutsch.<\/p>\n","protected":false},"author":3675,"featured_media":16917,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"c2c_always_allow_admin_comments":false,"footnotes":""},"categories":[306,314],"tags":[990,988,50,951,81,991,989],"class_list":["post-16916","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ankuendigungen","category-it-sicherheit","tag-dkim","tag-dmarc-policy","tag-e-mail","tag-e-mail-sicherheit","tag-it-security","tag-spf","tag-vorgabe"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/16916","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/users\/3675"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/comments?post=16916"}],"version-history":[{"count":7,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/16916\/revisions"}],"predecessor-version":[{"id":20573,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/16916\/revisions\/20573"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/media\/16917"}],"wp:attachment":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/media?parent=16916"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/categories?post=16916"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/tags?post=16916"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}