Important changes coming to U of T’s email security

The University of Toronto is strengthening our email security to better protect our community from spam, phishing and email fraud — and this will affect mass emailing tools.

What's happening?

Starting May 1, the Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol will ensure that any message sent from a U of T email address is verified as coming from an authorized source. Messages that fail certain technical checks will not be delivered to recipients.

What does this mean for me?

If you send emails using a U of T email address from an approved third-party service, you’ll need to contact Information & Instructional Technology Services (I&ITS) to ensure your account is properly configured with the new security enhancements. 

This includes:

• Bulk email or marketing tools (e.g. SendGrid, Envoke, Eventbrite).
• Automated email services (e.g. order confirmations, booking notices).
• Departmental applications or locally managed email systems.

As of May 1, emails sent through services that have not been properly configured for strict alignment to DMARC’s protocol will be rejected or quarantined. 

What should I do to keep my mass emails reaching inboxes?

Connect with I&ITS as soon as possible by logging a ticket through the I&ITS Service Portal to request your email-sending services be properly configured. If you’re unsure whether you’ll be affected, please create a ticket and we’ll be happy to check for you. Important: even if I&ITS has configured your services in the past, you’ll need to request a new check to ensure the latest security enhancements are in effect.

Where can I find more information? 

Visit the DMARC resource hub (for U of T community members only) or check out our FAQ