OIT is making changes to our email infrastructure to better serve NC State. These changes will require action on the part of many IT staff on campus.
Beginning in 2016 and continuing until completed, OIT is making changes to its email infrastructure to better serve our campus. These changes include: These changes will provide significant protection to our users from phishing, while also improving our global mail reputation.
Project Phases
Each phase will require campus IT staff to make changes to targeted services and devices.
Phase 1
Action by campus IT staff is required for:
Web Apps
Web apps includes content management systems like WordPress or Drupal, and custom apps powered by PHP, ColdFusion, or other web based languages.
Web Servers
Web servers are computers that are primarily for the purpose of delivery apps and content via the web. If these computers generate email, they must send via Google SMTP.
Cloud Services
Cloud Services are hosted applications or services that’s primary function is NOT the sending of email (bulk mailers) but may send email as the course of normal operation. Examples include Eventbrite & Terra Dotta.
What's happening in Phase 1?
- Target web-based use cases for transition to Google SMTP
- Begin process of eliminating unity.ncsu.edu implicit aliases
- Turn on DKIM for messages originating from Gmail
Phase 2
Actions by campus IT staff are required for:
Includes multifunction copiers/printers and other devices that are on private IP space that cannot talk out to the public internet without use of a proxy
Includes most servers in the 152.X.X.X IP space as well as many devices that are part of the Protected Network
Any device, application or service that will generated more than 10,000 message per day will need to use our SendGrid service.
What's happening in Phase 2?
- Target restricted network and multi function devices for transition to Google SMTP
- Turn on DKIM for messages originating from 3rd-party mailers
Phase 3
Actions by campus IT staff are required for:
The information provided is targeted at mailing list owners for the migration of their mailing lists from Majordomo2 (Mj2) to Google Groups and a timeline of when the changes are made.
By removing 200,000+ aliases for each domain, we will greatly reduce the complexity of our mail environment. Users that actively use those aliases will be added as explicit aliases.
Enabling SPF and DMARC in advisory mode is the first step in improving our email security stance for the university.
What's happening in Phase 3?
- Migrate Majordomo2 (Mj2) mailing list services to Google Groups
- Turn on SPF and DMARC in advisory mode
- Convert tx.ncsu.edu and eos.ncsu.edu from an implicit to an explicit alias
- Launch campus Limited Functionality Relay for devices that cannot OAuth
Phase 4
Actions by campus IT staff are required for:
DMARC is a method to prevent email spoofing by providing an approved list of services/servers leveraging SPF or DKIM that are allowed to send as your domain and providing reporting when emails are sent using your domain’s addresses but not from approved infrastructure.
What's happening in Phase 4?
- Turn on DMARC in quarantine mode
- Target 3rd Party Bulk Mailers and remaining computers for transition to Google SMTP
- Finish eliminating unity.ncsu.edu implicit aliases
- Launch the SMTP -> Splunk Gateway for email-based logging
- Eliminate smtp.ncsu.edu relays
- Investigate the use of ARC
- Configure email infrastructure to meet ARC specifications
- Review additional mail domains for decommissioning