Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Statement and Purpose


Table of Contents


This policy clarifies the conditions and terms under which Seattle Pacific University authorizes external and configures third-party email senders to send email to internal SPU recipients without being subject to SPU's default mail-filter restrictionsgenerate email as if they were part of the SPU M365 email system. Such authorization infers a trust relationship between the external third-party and SPU email systems, whereby a third-party can these entities "impersonate" email as if originating from SPU, thereby impacting the overall reputation of SPU email services. In order to maintain the integrity and brand of official Seattle Pacific University SPU email communications, and to prevent spam, phishing and other email security risks affecting both SPU and non-SPU recipients, the following restrictions and requirements are involved in the authorization of external third-party email senders.

Entities Affected By This Policy

All University faculty, staff, students and alumni; entities desiring to send mass emails emails originating from an SPU authorized and verifiable source to SPU recipients originating from within the SPU M365 tenantor external recipients.


Table of Contents
maxLevel2
indent20px
excludeTable of Contents



Panel
borderColorgrey
borderStylesolid

Policy Version: 1.0.02

Responsible Office: Computer and Information Systems, Office of University Communications
Responsible Executive:
  CIO

Effective Date: February March 2024
Last Updated:  
February March 2024



Requirements for Establishment: Purpose


The establishment of authorized email senders in the SPU tenant is reserved exclusively for official university business with Third-party email sender relationships shall be authorized exclusively for entities and service providers conducting official university business under contract with the universitySeattle Pacific University.
Such contractual relationships may include:

  • Software-as-a-Service (SaaS) vendors with whom on-going email communications to students, faculty, staff and alumni is essential. Examples include Blackbaud, Qualtrics, Terra Dotta, StarRez, Slate.
  • Services which support academic resources at the campus level. Example: Inter-Library Loan system.
  • University-wide marketing and survey platforms that have an ongoing contractual relationship with the university. 
    • Currently, Slate and Mail Chimp are the only email entities is the preferred/recommended third-party email entity supported by the Office of University Communications. 
  • Emails from official senders must include the SPU Brand as set forth and approved by University Communications.


Requirements for Establishment: Technology


It is preferred that senders be capable of configuring a DomainKeys Identified Mail (DKIM) relationship and Authorized third-party senders must configure and comply with the three primary authentication methods with SPU mail servers:

  • Domain Keys Identified Mail (DKIM) - cryptographic verification of the sender's identity;
  • Sender Policy Framework (SPF) - IP address(es) of authorized email servers; and 
  • Domain-based Message Authentication, Reporting & Conformance (DMARC)
with SPU mail servers.If DKIM is not an option, SPU may consider establishing SPF authentication relationships under extenuating circumstances and if Mail Chimp is not an option. Such exceptions must be reviewed and approved by University Communications ( re: SPU Brand) and Computer and Information Systems (re: Technical Requirements)
  • - integrity checking of DKIM and SPF scoring.


Periodic Review

Authorizations will be subject to an annual review.

SPU Brand approved by University Communications.


Technical Authorization of these third-party senders is reviewed on an annual basis; technical requirements set forth by Computer and Information Systems.


Related Policies and Procedures