Body
Question
How do I request to allowlist a vendor or to have the [External] tag be removed from a specific email sender address?
Answer
If you receive a message from an external email address that should be allowlisted and/or marked as an approved external sender, you may report it to BGSU Information Security by submitting a request with the following information:
- Has the vendor been approved for sending to BGSU email accounts through the software procurement request process?
- Name of the Sending Vendor.
- Indicate whether or not the email from address is spoofing* an @bgsu.edu email address.
- Does the vendor support Domain Keys Identified Mail (DKIM - Preferred option)
- Does the vendor support Domain-based Message Authentication, Reporting & Conformance (DMARC)
- Does the vendor ONLY have Sender Policy Framework (SPF) implemented (least preferred option)?
- Provide the full From address being used.
- Provide the sending IP address(es).
- Is the sending IP Address(es) dedicated to only sending mail for this sending vendor?
- Are you requesting the [External] tag to be removed?
- If yes, security will need to approve this based on if the email should be treated as an internal BGSU communication and what the existing agreement is with the vendor.
*Email spoofing is the fabrication of an email header/name in the hopes of tricking the recipient into believing the email originated from someone/somewhere (such as an @bgsu.edu email account) other than the intended source.
For additional assistance, please contact Information Technology Services at 419-372-0999 or through chat.