Web Hosting - Sending Email (DMARC/DKIM/SPF Considerations)

It is no longer a good assumption that you can use any From address on your emails and have them make it past Spam, Junk, or Phishing filters. Here are some things to check yourself and who to follow up with if you have more questions.

Overview:

Shared Hosting has configurations that use the Campus SMTP relay service (smtp.wiscmail.wisc.edu) for our servers, including relaying of mail to non-wisc.edu domains (ex: Gmail.com). Use of this isn't required, but many default configurations (ex: php) will use smtp.wiscmail.wisc.edu

Begin your adventure here: https://it.wisc.edu/it-community/email-authenticity
Note: We do not provide consultation about interpreting your current settings or making suggestions about what to change your settings to, Please schedule a consultation directly with the mail team: https://kb.wisc.edu/82804

Example #1: Sending email to Gmail

  • Gmail will commonly Junk your email message if you are failing validation of some parts of DMARC/DKIM/SPF
  • If you haven't put in the dedicated effort to test and ensure your messages are getting through to Gmail recipients, over the past few years, it is likely your messages gradually started landing in the Junk folder instead of Inboxes
  • If email delivery succeeds, but your headers include "best guess", your configuration is still wrong. Read this for more details: https://www.spamresource.com/2019/02/gmail-spf-status-of-best-guess-what.html

Example #2: Arbitrary From address

  • If you just pick an arbitrary From address for your email message, you will commonly see failures from some part of DMARC/DKIM/SPF.
  • In the past you could pick any email address, and your sending program would happily spoof the email address, and your recipients would happily receive a spoofed email from address. (Think of bad examples like sending an email as the Chancellor, but you are not the Chancellor - that used to work)
  • Better bet: Use a From address that is a real email address with a real mailbox. In the case of wiscmail, a Service Account is a good idea: https://kb.wisc.edu/68238
  • Another better bet: If you are sending email from a website like mysitename.wisc.edu, try having your email From address be something like emailaccountname@mysitename.wisc.edu

Tests you can run yourself: