How Do I Request to Allowlist a Vendor or to Have the [External] Tag be Removed From a Specific Email Sender Address?

How do I request to allowlist a vendor or to have the [External] tag be removed from a specific email sender address?

If you receive a message from an external email address that should be allowlisted and/or marked as an approved external sender, you may report it to BGSU Information Security by submitting a request with the following information:

1. Has the vendor been approved for sending to BGSU email accounts through the software procurement request process?
2. Name of the Sending Vendor.
3. Indicate whether or not the email from address is spoofing* an @bgsu.edu email address.
4. Does the vendor support Domain Keys Identified Mail (DKIM - Preferred option)
5. Does the vendor support Domain-based Message Authentication, Reporting & Conformance (DMARC)
6. Does the vendor ONLY have Sender Policy Framework (SPF) implemented (least preferred option)?
7. Provide the full From address being used. 
8. Provide the sending IP address(es).
   • Is the sending IP Address(es) dedicated to only sending mail for this sending vendor?
9. Are you requesting the [External] tag to be removed?
   • If yes, security will need to approve this based on if the email should be treated as an internal BGSU communication and what the existing agreement is with the vendor.

*Email spoofing is the fabrication of an email header/name in the hopes of tricking the recipient into believing the email originated from someone/somewhere (such as an @bgsu.edu email account) other than the intended source.

For additional assistance, please contact Information Technology Services at 419-372-0999 or through chat.