What is email authentication?
Email authentication is a technique used to prove that an email is not forged.
For example, it provides a way to verify that an email coming from firstname.lastname@example.org is actually from that person. Email authentication is most often used to block harmful or fraudulent uses of email such as phishing and spam.
Why is email authentication being enforced?
Trinity, like other large institutions suffers from regular email 'phishing' attacks. 'Phishing' emails are fraudulent emails aimed at getting recipients to divulge important information such as passwords. The 'phished' information can then be used to gain unauthorised access to a system.
The 2021 ransomware attack on the HSE started with a phishing mail.
Phishing emails generally use a technique called 'email spoofing'.
The phishing email will try to 'spoof' a legitimate Trinity email address like email@example.com or firstname.lastname@example.org and trick you into thinking the email is from a legitimate Trinity email account.
To counter the threat of spoofing, IT Services have implemented email authentication checks that aim to stop the spoofing of Trinity email accounts.
How does this impact me?
If you send email, using a @tcd.ie address, from an official Trinity email service (Student email, Staff email), mail authentication will not impact you and will help to ensure that your mail is delivered.
If you send email, using a @tcd.ie address, from a non-Trinity email service (Gmail, Yahoo, or cloud application for example), the email will likely not be delivered. Your email will likely be quarantined or rejected by the receiving mail service.
Third-party services that send email
Some third-party services (e.g. cloud applications) may have a requirement to send mail. An example would be using a cloud-based product to send marketing emails.
In general, when using third-party services, a non-Trinity email address should be used to send email from the service. If you attempt to send email, from a third-party service, using a @tcd.ie email address, the email will likely be quarantined or rejected.
As an exception to this, certain third-party services have been approved to be able to send email using a Trinity email address. Please see the below a list of approved and some non-approved services.
Services that are approved
- Mailchimp - For staff only
- ClickDimensions - used by Global Relations
- TargetConnect - used by Trinity Careers Service
- The Summer reservations system - used by the Accommodation Office
- Meltwater – used by Public Affairs and Communications
Services that are not approved
- Any other cloud application
Requesting that a service be 'approved' for use
If you want to send mail using a TCD email address from a third-party service, it cannot be facilitated by IT Services unless it is being implemented as part of a College approved project and if there is an enterprise level agreement with the cloud application provider.
'Approval' will be granted on a case-by-case basis and is not guaranteed. The domain portion of the mail address (the bit after the "@") will always be a TCD sub domain (e.g. @app1.tcd.ie or @service1.tcd.ie). Please note that a mail address of the form "X@tcd.ie", i.e. using the "tcd.ie" domain cannot be facilitated.
For services that are used by a small number of people, and that are not part of a College project, 'approval' will not be granted. In these situations, using a non-Trinity email address is advised.
If you have a service that is being implemented as part of a project, and require further information, please contact the IT Service Desk.