End users sending email
End users should use the email server specified by their email service to send outbound email. Typically, this will be Exchange Online and will have been configured when the email account was added to the user's email client.
Servers sending email from the UDN
UIS provides an outbound SMTP email relay to allow any host on the University Data Network (UDN), registered in DNS, to be able to send SMTP email. (SMTP.cam.ac.uk port 25)
If the volume of email from a computer is likely to be large – that is, peak rates of more than 60 messages per hour – you should contact us so that we can ensure that our rate limiting system doesn't interfere. For more information, see bulk email and rate limiting.
The maximum size of messages sent via SMTP.cam.ac.uk is 100MB. Note that binary attachments must be encoded, which increases their size by 1/3, so the maximum size of un-encoded binary attachments is about 70MB.
Servers sending email from outside the UDN
UIS does not offer a service for servers and services outside the UDN to relay email.
SPF/DKIM/DMARC
SPF, DKIM and DMARC are a trio of technologies that aim to reduce the spoofing of email addresses. These are policies published via DNS TXT records that announce to the world which servers are to be considered authoritative for sending email from specified email domains.
Traditionally, SPF/DKIM/DMARC policies at Cambridge have been very liberal. This made setting up new systems and services easier, but it has also made it trivially easy for bad actors to spoof a Cambridge email address.
UIS' strategy is to tighten up the policies on email domains at Cambridge to reduce the amount of spoofed email.
Domains are set up to reject email if it does not originate from our UIS central email system, Exchange Online or the SMTP relay service.
MMDs hosted on an institution's own mail servers
We strongly encourage institutional email administrators to set their SPF/DKIM/DMARC policies to the highest possible setting as soon as possible.
Sending email from cloud services
Services hosted in third-party clouds (such as Amazon Web Services (AWS), Google Cloud and Microsoft Azure) will often want to send email too. Owners of such services must ensure that the service sends from a separate domain to that in which users are based. For example: instead of setting your service to send as [service]@[institution].cam.ac.uk you must setup a new domain (such as [sender]@[service].[institution].cam.ac.uk) and configure your service to send from that domain. You can then set the SPF/DKIM/DMARC policies for that new domain so that only that cloud service can send from it.