What's the background?
Analysis of Warwick email during 2019 revealed a significant amount of suspicious email traffic, with nearly 4,000 sources spread across 147 countries. This underlies the experience of Warwick staff and students who have received fraudulent emails allegedly from Warwick email accounts, which may contain malicious content – with associated security risks to our network.
There is a suite of email authentication protocols and standards (DMARC, DKIM and SPF) which enable organisations to protect their mail services and to publish information on the servers and service providers authorised to send email on their behalf. At Warwick this is a long list, reflecting our use of cloud-delivered services such as SuccessFactors, Office 365, Service Now. There are also a number of ITS and departmental servers which send automated email.
What are we doing?
Earlier this year a service provided by Valimail was chosen to implement DKIM, DMARC and SPF standards effectively here. Valimail is the only provider which offers the levels of capability Warwick requires and critically, it removes the need for departments and external service providers to reconfigure email servers or move to new email.
Valimail Implements these technology standards in three steps:
- analysing the current mail flows to identify services or servers sending as Warwick,
- confirming their legitimacy and
- collating and publishing information on authorised senders.
Once compliant with the standards, we will be able to publish definitive information on the originators of Warwick emails. Receiving organisations can also use this information to verify that incoming emails are legitimate and ensure they are delivered. Those that fail will not be delivered, reducing the security risks from spoofed emails with
a malicious content.
The Valimail implementation work has been underway during 2020. This has included adjusting email mechanisms on a range of internal and cloud systems such as Success Factors, Service Now, Azorus, Office 365 and many others. In addition, users of services such as MailChimp have been advised of changes needed to ensure that emails sent from that service conform to the policy.
What happens next?
Moving from monitoring to enforcement
The Valimail service has been in monitoring mode, analysing email flows and reporting on the percentage which comply with the policy. Shortly, the percentage passing authentication should exceed 90%.
From January 2021, the service will enforce policy compliance. In future, email from a Warwick address that does not match the policy, will be discarded; it will never arrive at the recipients’ inbox or junk folder.
Benefits and outcomes
- A significant reduction in the amount of spam and phishing emails which appear to originate from Warwick email addresses.
- With fraudulent email to Warwick staff and students from spoofed Warwick email addresses blocked, there will be a reduction the number of successful attacks, data compromised and post-incident work by SIM and ITS Security teams.
- Delivery rates of legitimate Warwick emails will improve, reducing the risk of non-delivery of important legitimate emails.
- Warwick is also less likely to be categorised as a source of SPAM and blocked by third-party email services such as Hotmail. This has happened twice in the last 2 years, disrupting communication with external parties, including inquirers and applicants.
- Targeted email attacks on Warwick staff purporting to come from senior staff at Warwick will be reduced (but not eliminated).
Help and support
If you think you detect any unusual online activity, please report it immediately.
Who needs to know this?
This information concerns us all. If you use a Warwick staff card, a Warwick email address, access one of our staff or student record systems or share your Warwick work with colleagues within or beyond the University, you are involved in activities that must be kept secure.
Data Protection Officerdpo@warwick.ac.uk
The University of Warwick
Coventry CV4 8UW