Email phishing is a 21st-century threat that looms over all those who use email. These types of scams are not limited to personal inboxes, but can impact University inboxes as well.
On occasion, scammers will spoof a University @nd.edu address to build trust and increase the odds that a victim will respond to their request. These types of attacks take many forms, such as a “department head” asking for gift cards or a “colleague” asking for a credit card number confirmation. These types of scams can be difficult to spot, but Notre Dame recently took a big step in mitigating this type of attack.
Each year, scammers send more than 2.6 million emails purporting to be from Notre Dame by using spoofed email addresses. To combat this problem, Notre Dame engineers have tightened email security by requiring all emails with an @nd.edu address to be verified before reaching any inbox.
This new email protocol (known as DMARC) will greatly reduce the number of Notre Dame emails coming from unauthorized senders. By having a system in place to catch these scammers, DMARC provides the University more control over its domain while decreasing the potential for phishing attempts on University inboxes.
DMARC is an industry best practice. With the new layer of protection, Notre Dame continues to benchmark cybersecurity standards amongst other prominent higher education institutions such as Vanderbilt University and the University of Wisconsin. Each week, around three million emails are sent from @nd.edu addresses, making the verification standard both important and necessary to maintain inbox security amongst a large volume of users.
When asked about the new measure, Paul Drake, Notre Dame’s IT risk program manager, echoed the importance stating, “Our team is proud to be delivering another protection for Notre Dame's mission, reputation, and users. Malicious email impersonation attacks happen tens of thousands of times every day and this work completely stops the most convincing type. We appreciate the work of the dozens of staff involved in making this happen."
As the University implements DMARC, emails that fail verification standards will begin to be delivered to the spam folder. By this summer, all emails that fail DMARC will not be delivered to any University inbox - not even to spam. The OIT appreciates the University’s support of this change as part of our commitment to keep Notre Dame’s systems and data safe and secure.
To learn more about DMARC, check out this knowledge article.