Increasing our email protection

Charles Sturt University relies on email to communicate with students and colleagues, to provide business critical services and marketing materials. The reputation of the address is paramount in ensuring that emails get from the sender to the receiver(s).

Unfortunately there are other people who pretend to be valid holders of email addresses, and use this service for the purpose of sending malicious or unwanted email. This can damage our reputation, which leads to other providers rejecting all emails.

The good news is we are able to put in place controls to ensure that only emails from a trusted source will be allowed to pass through our email servers. From the 30 June 2019 our email servers will no longer accept any emails that come from a address unless it comes from a trusted source. To be a trusted source you need to use a service provided internally such as Outlook or Web Outlook, or you must be using an approved third-party service like Interact2.

Note: These services can be used from any device, see FAQs below.

At the end of July 2019 we will communicate to all other providers on the registered list, asking them to reject emails that are not from a trusted source.


Will I need to make changes to my device?

If you use email on a Charles Sturt University managed desktop or laptop computer, no changes are required – these devices already use registered services.

If you have set up email on a non Charles Sturt University managed device, then you need to check that you have configured your outbound server correctly. You should be using as your outbound mail server. Check with your email application or visit our IT Services – Email page for more information on how to configure email.

Will I need to change my phone settings?

No. These devices detect the correct settings automatically when you first configure your email.

Will forwarded email be affected?

No. If you forward your email from the university to another email account externally there will be no impact.

Will third party services like MailChimp, Meltwater, Elastic Email etc. be impacted?

Yes. These services will need to be added to the approved third party register to ensure they continue to work. You will need to contact the IT Service Desk to make sure the service won’t be blocked.

How do I find out more?

You can log a request through the Staff Service Centre and remember to subscribe to DIT News, and keep an eye on Yammer and What’s News for updates.

Technical details

Email sent to Charles Sturt University that claims to be from an address but doesn’t come from Outlook, Web Outlook or a registered source like Interact2 will not be delivered.

Email being sent from our services will need to have a DKIM header or be registered in our SPF record so that they can confirm that they do come from a Charles Sturt University service.

What is DKIM?

DKIM – DomainKeys Identified Mail – is a hash (unique string of numbers) of the contents of the email which is then encrypted by a private key. The email can be tested as coming from us by looking up the public key on our server and then unencrypting the email hash and testing it against the contents of the email.

Check out this blog post – How to Explain DKIM in Plain English– for a simple explanation.

This is already part of the hidden fields included by default in our emails.

What is SPF?

SPF – Sender Policy Framework – is a list that we publish of servers that are allowed to send email on our behalf. On receiving an email which appears to come from Charles Sturt University, any other email provider can quickly look up where the email came from, and check it against the list of providers allowed to send email from that address.

Check out this blog – How to explain SPF in plain English – for a simple explanation.


Contact the IT Service Desk.