skip to content

IT Help and Support

University Information Services
 

End users sending email

End users should use the email server specified by their email service to send outbound email. Typically, this will be Exchange Online and will have been configured when the email account was added to the user's email client.
 

Servers sending email from the UDN

UIS provides an outbound email relay called ppswith (PPSW) to allow any host on the University Data Network (UDN), registered in DNS, to be able to send SMTP email. (ppsw.cam.ac.uk port 25)

If the volume of email from a computer is likely to be large – that is, peak rates of more than 60 messages per hour – you should contact us so that we can ensure that our rate limiting system doesn't interfere. For more information, see bulk email and rate limiting.

The maximum size of messages sent via ppsw.cam.ac.uk is 100MB. Note that binary attachments must be encoded, which increases their size by 1/3, so the maximum size of un-encoded binary attachments is about 70MB.

The PPSW service will eventually be retired and replaced. We have not yet specified the design of PPSW's replacement, but the service provided will change in two key ways:

  1. Institutions that run their own email service will need to send outbound email direct and not via the UIS central service.
  2. Each host wanting to send email via the new service will need to be registered with the service. Currenly, hosts only need to be registered in DNS.
     

Servers sending email from outside the UDN

UIS does not offer a service for servers and services outside the UDN to relay email.
 

SPF/DKIM/DMARC

SPF, DKIM and DMARC are a trio of technologies that aim to reduce the spoofing of email addresses. These are policies published via DNS TXT records that announce to the world which servers are to be considered authoratitive for sending email from specified email domains.

Traditionally, SPF/DKIM/DMARC policies at Cambridge have been very liberal. This made setting up new systems and services easier, but it has also made it trivially easy for bad actors to spoof a Cambridge email address.

UIS' strategy is to tighten up the policies on email domains at Cambridge to reduce the amount of spoofed email.
 

MMDs on Exchange Online

As MMDs are moved to Exchange Online, we work with the domain owners to set the SPF/DKIM/DMARC policies to their highest setting.
 

MMDs on PPSW

The PPSW-based MMD service is due for retirement and domains should move to the new Exchange Online service. We're happy to increase the SPF/DKIM/DMARC policies for domains hosted on PPSW, but strongly encourage migrating the domain to Exchange Online first.
 

MMDs hosted on an institution's own mail servers

We strongly encourage institutional email administrators to set their SPF/DKIM/DMARC policies to the highest possible setting as soon as possible.
 

Sending email from cloud services

Services hosted in third-party clouds (such as Amazon Web Services (AWS), Google Cloud and Microsoft Azure) will often want to send email too. Owners of such services must ensure that the service sends from a seperate domain to that in which users are based. For example: instead of setting your service to send as [service]@[institution].cam.ac.uk you must setup a new domain (such as [sender]@[service].[institution].cam.ac.uk) and configure your service to send from that domain. You can then set the SPF/DKIM/DMARC policies for that new domain so that only that cloud service can send from it.