Security Requirements for Bulk Senders
Industry-leading email service providers, like Google and Yahoo, recently announced updated requirements for bulk senders to enhance security, reduce spam, and increase customer satisfaction.
What does this mean for me?
If you regularly send emails to large groups, look for the tool(s) you use below to learn how these new requirements may impact you.
Mailman, Mass Mail, and other internal tools
Computing services validated that all internal tools met the new requirements. Senders should not notice a change.
Salesforce Marketing Cloud
University Advancement
Computing Services worked with University Advancement to validate that their primary instance met the new sender requirements. Senders should not notice a change.
CMU Works
Computing Services worked with the Office of Human Resources to validate that their primary instance met the new sender requirements. Senders should not notice a change.
Other Instances
If you use another instance, work with your vendor’s support resources to ensure you adhere to the new security requirements.
Constant Contact
andrew.cmu.edu
Domain
Computing Services worked with Constant Contact to authenticate our domain, andrew.cmu.edu
. If you send using this domain, you shouldn’t notice a change. You do not need to follow the instructions on Constant Contact’s website to set up DKIM authentication.
Other Domains
If you send from another domain (e.g. cylab.cmu.edu
), email it-help@cmu.edu. Computing Services will work with you to authenticate your domain.
Check for ccsend.com
domains
Constant Contact automatically changed the default email address of some andrew.cmu.edu senders to a shared2.ccsend.com
domain. To remove this address:
- Log in to constantcontact.com
- Click your account name and the Account Settings
- Scroll down to locate your email addresses.
- If you have a
ccsend.com
address in addition to yourandrew.cmu.edu
address, click the three-dot menu near the ccsend.com address and select Delete.
MailChimp
andrew.cmu.edu
Domain
Computing Services verified that MailChimp automatically authenticated andrew.cmu.edu
. If you send using this domain, you shouldn’t notice a change.
Other Domains
If you send from another domain (e.g. cylab.cmu.edu
), email it-help@cmu.edu. Computing Services will work with you to authenticate your domain.
Qualtrics
Computing Services worked with Institutional Research and Analysis to validate that all primary instances met the new sender requirements. Qualtrics sends should not notice a change.
Slate
Computing Services and Enrollment Management validated that the Enrollment Management Slate instance met the new sender requirements. Slate senders in Enrollment Management should not notice a change.
If you use a Slate instance outside of Enrollment Management, visit your Slate Admin console to verify that your DKIM authentication is updated, and work with Technolutions Support as needed.
CMU-Alert (Rave)
Computing Services is collaborating with Enterprise Risk Management and Rave Support to ensure that the CMU-Alert service adheres to the new sender requirements. Check back soon for more information.
Workday
Computing Services worked with the Office of Human Resources to validate that Workday met the new sender requirements. Workday senders should not notice a change.
Frequently Asked Questions
What are the new security requirements?
Bulk senders must now:
- Authenticate their email via industry standard methods (e.g. SPF, DKIM, and DMARC)
- Enable easy unsubscription, ideally with just one click
- Ensure they’re sending wanted email by staying below a spam-rate threshold
Look for the tool you use above to learn how these requirements may impact you. We’ve configured most tools to meet these requirements already, so you shouldn’t notice a change.
Do these requirements apply to emails sent to CMU community members?
According to Google, these new guidelines do not apply to messages sent to CMU community members using their Google Workspace for Education account (@andrew.cmu.edu
or @cmu.edu
).
Senders must only consider these email requirements when sending to personal Google Mail, Yahoo, and other industry email platforms that are implementing these changes.
What happens if I don’t follow these requirements?
Look for the tool you use above to learn how these requirements may impact you. We’ve configured most tools to meet these requirements already, so you shouldn’t have to worry.
If you send email using a service other than those listed above and cannot verify that you’ve met the new security requirements, your messages may be rejected or delivered to a recipient’s spam folder.
When Google rejects a message, you will receive a rejection code with a justification.
I only send emails to small groups. Do these changes apply to me?
While industry-leading email providers like Google and Yahoo currently only target bulk senders, these security requirements may expand to all email senders over time.
As you have time, find the tool you use above to learn how these requirements may impact you. We’ve configured most tools to meet these new requirements already, so you shouldn’t notice a change.
I don't see information about the email tool I use. What should I do?
If you don’t see information about the tool you use listed on this page, please review the documentation provided by your bulk email tool. If you have additional questions, email the Computing Services Help Center at it-help@cmu.edu.