SUBJECT:

Enhancements to Email Fraud Defense

Over the past year, we have seen an alarming increase in email fraud within the @ucsd.edu email domain. Spammers, phishers and the like fake email messages to impersonate trusted users, campus organizations and even universities. The result of a single compromise can be damaging, oftentimes targeting research, student and/or personal financial data from fraudulent email and spam. That is why we are pleased to announce several critical enhancements to your email to further protect your reputation and identity.

IT Services recently completed the implementation of three email authentication protocols (SPF, DKIM and DMARC) to effectively identify legitimate UC San Diego email. As an added layer of protection to our users, these protocols require identity verification when sending email. This is accomplished transparently when using any campus email service.

What you need to know if you are using:

-UC San Diego Email System: Your identity has already been authenticated and there is nothing you need to do.

-External Email Newsletter Provider: If IT Services has already authenticated your provider, such as MailChimp or Constant Contact, no further action is needed. If you are unsure or are setting up a new external service, please contact the ITS Service Desk to consult with a technician on DMARC authentication.

-External Email: If you are using an external email provider (personal Gmail account, Hotmail, etc) to send email as your @ucsd.edu address, you must use UC San Diego’s SMTP server. Configuration instructions are available at
https://blink.ucsd.edu//technology/email/tasks/non-uc-email.html

Additional information about SPF, DKIM, and DMARC is available at https://blink.ucsd.edu/technology/email/email-fraud-defense.html.

For questions, contact the ITS Service Desk at servicedesk@ucsd.edu or (858) 246-4357.

Brett Pollak Director, Workplace Technology Services Michael Corn Chief Information Security Officer