As you may know, the university has encountered email spoofing and phishing attempts for some time. OTS has been working to develop ways to minimize its impact on our community. To that end, new email authentication protocols and polices will be implemented to provide an added layer of protection. The below-listed changes will be made to the university’s email environment across all campuses, colleges, and administrative units.
Changes to Your Email Experience:
- DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting & Conformance) will be implemented to handle the authentication of all emails sent from an IIT email address. Unauthenticated emails will be delivered to and quarantined in the receiver’s spam folder. This email authentication protocol will begin on May 29.
- For those emails coming into IIT’s email server from outside the university, the system will automatically add “[EXTERNAL]” to the subject line of those emails to alert the recipient that the incoming email originated from beyond the confines of Illinois Tech. This message will begin appearing on your emails on May 16. Please note that the appearance of this message on an external email does not necessarily signal that the email is cause for concern; instead, it is meant to remind you to pause before deciding whether it is prudent to respond.
Implementation of this Security Initiative
To effectively implement this initiative, Illinois Tech will need your assistance, as outlined below:
- Any university application from which emails are sent, such as Banner, for example, will need to be properly authenticated before May 1. To do so, you can employ either of the following two methods:
- Configure the application or any email-generating device such as a scanner to point to “smtp-relay.gmail.com,” using port 25, port 465, or port 587. This service is only available on the Illinois Tech campus; or
- Install a DKIM key. To do this, please contact the OTS Support Desk at email@example.com.
- If you are using a mass email service such as Constant Contact or Mail Chimp, please contact the OTS Support Desk at firstname.lastname@example.org before May 1 to explore your options.
- Illinois Tech departments running their own email servers will need to migrate to the university’s Google Suite no later than May 16. The university will enable the Google Suite to allow you to retain your existing subdomains and email addresses as aliases to the official university addresses, so no changes to existing email addresses will be necessary.
How Your Actions Assist the Illinois Tech Community
Once the authentication protocols are fully implemented on May 29, the university should see a significant reduction in the number of spoofing and phishing emails Illinois Tech receives. Of course, we will never be able to completely eliminate all spoofing and phishing emails from our environment; there will still be episodic instances in which such emails slip through our protective shield. As responsible members of the university community, it is important that we all exercise caution with any email we receive that:
- Contains an unusual/unexpected message;
- Contains content purporting to be from someone in a university leadership position;
- Comes from a sender that does not match the displayed name. The addition of the word “[EXTERNAL]” to the modified subject line on all external emails beginning on May 16 should assist us in flagging this;
- Contains text conveying a sense of urgency;
- Does not have a greeting or contains generic content;
- Provides little to no explanation; and/or
- Comes with an unexpected attachment, which you should AVOID opening.
If you have questions about these changes on the Mies, Rice, or Moffett Campuses, please contact the OTS Support Desk at email@example.com or if you are on the Downtown Campus, please contact the ITS Help Desk at firstname.lastname@example.org.