What Is DMARC?

DMARC is a set of standards and policies used to validate the authenticity of an email’s sender and prevent delivery of “spoofed” email. 

“Spoofing” is when a sender has disguised who they are to appear to be someone other than who they are, usually to impersonate a trusted or legitimate account. To avoid having your email considered “spoofed,” your email should always be sent using an approved service. 

Cornell Official Email Services

When you send email using your Cornell NetID email address, or a Cornell email alias address linked to your NetID address, you must use an email client such as Outlook, Apple Mail, Thunderbird, or Gmail set up for one of these mail services:

• Cornell's Microsoft Mail Service (“Microsoft Exchange”)
• Cornell's Google Mail Service (“Cornell Google Workspace”)

Your email will not be tagged as “spoofed” and blocked by DMARC policy if you use an email client with one of these services to send mail from your Cornell email address.

Email Practices That Risk Being Blocked

Starting January 28, 2026, Cornell’s DMARC policy will be enforced. Some examples of email setups that will fail DMARC include the following:

• If someone else has spoofed your email address without your knowledge, it will fail DMARC. This is what DMARC security policy has been designed to detect and prevent.
• If you send email using your Cornell email address through email services other than those mentioned above (such as a personal Gmail account), it will be blocked by DMARC and not delivered.
• If you use a third-party email and marketing vendor to send mass communications (for example, MailChimp or Constant Contact) and use your Cornell NetID email address as the sender “From” address, the mass communication will be blocked.
• If an originally legitimate email is forwarded multiple times, it can result in an email failing DMARC security policy and not being delivered. This may happen when an account that automatically forwards all email is used to subscribe to Google Groups, e-Lists, or other email lists. When subscribing to an email list, consider using an email account that does not automatically forward email.
• If a message has been sent via a Google Group, the email appearance may change from what you are used to. Email sent via Google Groups will likely continue to be delivered after Cornell DMARC policy is enforced. However, details in the email's header may be changed.
  • Testing indicates that, for the “From” field, Google Groups replaces your email address with the group's posting address, while keeping your name as the "From" display name. (For example, the “From” field might resemble “Phil Schmertz via My Group <mygroup@googlegroups.com>”.)
  • Also, Google Groups adds a “Reply-to” header field with your email address, so if another group member replies to your group email, it will go only to you. To reply to the entire group, use your email client’s Reply All feature.

Note that mass communications sent using Marketing Cloud or Lyris will not be blocked.

For guidance on properly setting up a process for sending mass communications, visit Official Mailings and Third-Party Mail Senders.

For background on Cornell’s DMARC Enforcement initiative, visit Cornell Moves Forward on DMARC Enforcement to Prevent Email Fraud.