This message is for IT staff who manage an email system using a domain under the cam.ac.uk domain that doesn’t point to the University’s Microsoft365 tenancy.
Temporary flag limiting DMARC application to some mail domains
As part of our work to tighten SPF/DMARC records for the cam.ac.uk domain, UIS has added a temporary flag, “sp=none”, to the top-level cam.ac.uk DMARC record. This stops it from being applied to domains beneath the cam.ac.uk domain that don’t have a DMARC record.
Mail domains pointing to the University’s Microsoft365 tenancy have appropriate DMARC records in place and no action is required. UIS can’t be confident in identifying all the mail domains under cam.ac.uk that don’t have a DMARC record, hence we need local email administrators to act.
Action needed before 2 September
If you run your own email service, you’ll need to apply an appropriate DMARC record before 2 September 2024, when UIS will remove the “sp=none” flag from the top-level cam.ac.uk domain.
Examples
To replicate the existing behaviour, a null DMARC DNS record for ‘botolphs.cam.ac.uk’ would look like this:
_dmarc.botolphs.cam.ac.uk 3600 IN TXT “v=DMARC1; p=none; rua=mailto:dmarc-rua@dmarc.service.gov.uk”
Mail administrators should, however, be looking to move their DMARC record towards:
_dmarc.botolphs.cam.ac.uk 3600 IN TXT “v=DMARC1; p=reject; pct=100; rua=mailto:dmarc-rua@dmarc.service.gov.uk"
Contact
If you have any queries, please direct them to collab.management@uis.cam.ac.uk.