As part of the university’s ongoing efforts to combat phishing, email scams, and spoofing of our email domain (@princeton.edu), a valid email authentication is required in order to send email from a Princeton email address. While the implementation of email authentication will impact all email sent from Princeton addresses, there is no action required for Princeton Gmail or Microsoft Outlook users.
Who is affected by email authentication
While the implementation of email authentication will impact all email sent from Princeton addresses, there is no action required for Princeton Gmail or Microsoft Outlook users.
If you are using a third-party vendor application or email service, such as MailChimp or Constant Contact, to send communications from a Princeton University email address, the sender must be authenticated. If you have not already worked with OIT to verify the sender, please contact the Service Desk at [email protected] to request or verify that your account is set up for authentication.
Email infrastructure directly managed by Princeton is already properly configured to send authenticated emails, including the following services:
- Princeton Gmail
- Princeton Outlook
- Princeton SMTP mail relay service; e.g. smtp.princeton.edu
- Princeton Proofpoint Secure Email relay service
- Listserv
What Is DMARC email authentication?
Domain-based Message Authentication, Reporting & Conformance (DMARC) provides protection against spam and phishing emails by requiring a valid DKIM (DomainKeys Identified Message) signature or SPF (Sender Policy Framework) entry to verify the authenticity of any sender attempting to send email from a Princeton email address.
What Is Princeton’s DMARC Policy?
Beginning June 11, 2024, Princeton will implement a DMARC “reject” policy that will instruct all systems receiving email from Princeton email addresses to reject any messages that are not properly authorized by Princeton and authenticated via DKIM or SPF.
Email service providers like Google and Yahoo are taking increasingly stringent measures to reduce spam and phishing emails. While Princeton is not yet enforcing a “reject” policy, some vendors have decided to reject and/or quarantine email that is not properly authenticated.