News and Announcements

Increased email security: August 5th, 2024

Posted: 2024-08-04 06:00:01   Expiration: 2024-11-02 06:00:01

Disclaimer: This news item was originally posted on 2024-08-04 06:00:01. Its content may no longer be timely or accurate.

Beginning August 5th, 2024, we will enable email authentication checks for all email you receive. If an email fails authentication, it will go to your junk folder.

What do you need to do?

Be suspicious of any message in your junk folder, even if it appears to be from a colleague or trusted organization.

Remember, messages may be sent to your junk folder because they:

  • Received a high spam rating.
  • Failed email authentication checks.
  • Are on your own Blocked Senders list.

I received a legitimate email and it went to my Junk folder. What should I do?

Open a ticket with the DoIT Help Desk. Help Desk staff will gather the information we need to understand the issue. In some cases you may need to contact the sender to let them know that their email isn't passing email authentication checks.

I sent an email and it went to the recipients Junk folder. What should I do?

If you sent the message from your UW-Madison Office 365 account, Google Groups or Eloqua, it is very unlikely that the issue is related to email authenticity. For troubleshooting steps please see: Microsoft 365 - I can't find a folder, message, or a message was not delivered or received.

There are a few common reasons why your messages might fail email authentication:

  • Messages sent from a marketing platform or other 3rd party service using an email address that is not approved for that use. (e.g. Mailchimp, Constant Contact, Salesforce, etc)
    Reminder: @wisc.edu email addresses can not be used with any 3rd party services.
  • Mail sent to a mailing list that does not support current email authentication best practices.
  • Forwarded mail frequently fails email authentication checks.
  • Using a UW-Madison email address to send from a personal Gmail account. This is not supported: Increased email security: Gmail & campus email address.

If you sent the message from a 3rd party service (e.g. Constant Contact, Mailchimp, Salesforce, etc) and you believe the messages are failing email authentication, see our support document: Microsoft 365 - Email Authentication and DMARC Compliance for third party services and marketing platforms.

Why are we doing this now?

Attackers frequently send fake emails pretending to be from trusted sources, also known as spoofing. Checking email authenticity is one of the best tools we have to stop these attacks. Support for checking email authenticity was a feature we specifically looked for when we selected an email security solution in 2022, and it will be an important part of our ongoing email security.

Questions & resources

-- Email Authentication Project Team