Texas Tech University

SMTP Mail

This section contains SMTP mail standards for TTU. If you have questions about the standards contained herein, please contact the Director of Unified Communications, Authentication, and Cloud..

Glossary

  • DKIM: DomainKeys Identified Mail
  • DMARC: Domain-based Message Authentication, Reporting, and Conformance
  • Hosted service: A vendor service, typically in the cloud, that is administered by TTU
  • Impersonation: Sending email from an address or domain that closely resembles a valid or expected address or domain with the intent of deception
  • Phishing: Email attacks that try to steal information or convince recipients to take ill-advised action
  • SPF: Sender Policy Framework
  • Spoofing: Sending email from an address or domain without authorization
  • Third-party service: A vendor service that is administered by the vendor on behalf of TTU
  • UCE/UBE: Unsolicited Commercial Email/Unsolicited Bulk Email

Overview

  1. All SMTP mailers are centrally managed by Information Technology under the TechMail umbrella. SMTP protocol access through the Internet firewall is limited to these systems.
  2. All emails are subject to hygiene checks for protection against impersonation, spoofing, phishing, malware, suspicious links, and potentially malicious activity.
  3. All emails are subject to spam filtering.
  4. All messages sent from the ttu.edu domain must pass DMARC via DKIM.
  5. Spoofing is prohibited. Messages that spoof the ttu.edu domain are subject to rejection, quarantining, or being sent to junk mail folders.

SMTP Relay Service

TechMail includes SMTP relay service for web sites and applications hosted on servers, as well as printers, copiers, and appliances on TTUnet. Administrators may request permission for such systems to relay email through TechMail via the SMTP Relay request form

  1. SMTP relay permissions must be renewed annually on a per system basis to retain relay permissions.
  2. External systems may not relay email through TechMail systems.
  3. All email must be sent from a valid @ttu.edu email address.

Workstations: All workstation clients directly using the SMTP protocol to send messages must use authenticated SMTP via smtp.office365.com.

Authorization to Send from ttu.edu Addresses

TechMail, including TTU SMTP relay service and TTU’s Exchange Online tenant, are authoritative mailers for the ttu.edu domain. Hosted services and third-party services associated with TTU may be considered for authorization to send from the ttu.edu domain subject to the following conditions:

  1. Services must have a bona fide relationship with TTU.
  2. Services require IT review and approval via Intended Use of Technology form detailing the email requirement prior to entering into agreements.
  3. Emails must pass DMARC via DKIM; SPF is recommended in addition to DKIM.

Whitelisting

Whitelisting allows email to bypass TTU’s server-side content filters. Whitelisted messages do not bypass other messaging hygiene mechanisms and therefore whitelisting does not guarantee delivery to TTU inboxes. Whitelisting increases the risk associated with fraudulent email and therefore is subject to scrutiny. Information Technology will consider whitelisting vendor emails under the following conditions:

  1. Individual safelists are not practical for a given situation.
  2. Vendors must have a bona fide relationship with TTU.
  3. Vendor emails must pass DMARC.
  4. Where possible, individual email addresses will be whitelisted instead of entire domains. Vendor IP addresses will not be whitelisted.
  5. Whitelisted email addresses and domains must be under the control of the vendor and dedicated to use for TTU.
  6. Vendors’ third-party or hosted services must be under their control and dedicated to the vendor’s use.

Marketing, Announcements, Surveys, Spam, and UCE/UBE

  1. It is illegal for an unauthorized individual to use State of Texas mail systems to deliver unsolicited commercial mail. Texas Tech University has an obligation to prevent such use and to assure that email from Texas Tech University will be received by other mail domains.
  2. Sending of spam and UCE/UBE through TechMail is prohibited.
  3. Accounts that send spam will be disabled and outgoing mail will be removed from TechMail.
  4. External marketing campaigns, surveys, and large volume mail applications require Office of the CIO approval before being sent through TechMail and must be CAN-SPAM compliant in order to ensure ongoing deliverability of University email.
  5. Email surveys of TTU faculty, staff, or students require Office of the CIO approval, whether generated internally or by a third party. Approval may be revoked if TechMail deliverability is negatively impacted.