Skip to main content
IT Services

Breadcrumb

  1. IT Services
  2. Projects
  3. Current Projects
  4. Email Enhancement Project

Email Enhancement Project

Email Enhancement Security Project 

Project Introduction 

Improving QMUL Email Security and Deliverability 

Queen Mary University of London (QMUL) is modernising its email systems to ensure messages are secure, trusted, and reliably delivered.

Recently, some QMUL emails sent externally were flagged as untrusted or potentially malicious, causing delivery issues and highlighting limitations in the current system.

Email remains a primary vector for sophisticated threats including phishing, malware, and business email compromise. A modernised infrastructure will enable the University to implement advanced security controls, adopt industry-standard authentication protocols, and scale protections in line with increasing data volumes.

Enhancing the resilience of our email systems against misuse and abuse will safeguard critical institutional data, support compliance with regulatory requirements, and maintain the trust of students, staff, and external partners.

Why Change Is Needed 

Our IT and Information Security teams identified several problems: 

  • Legacy email systems which do not support modern security protocols. 
  • Inconsistent governance of bulk email sent by internal and external groups resulting in emails from @qmul.ac.uk being treated as spam 
  • Outdated security standards for applications using email technologies (e.g., SMTP relay). 

 

What the Project Will Deliver 

  1. Implement email security protocols - SPF, DKIM, and DMARC authentication. 
  1. Align with industry best practices for email security. 
  1. Centralise management of department-run SMTP servers. 

This will ensure emails from QMUL are verified, secure, and delivered without disruption. 

 

Email Authentication Technologies 

SPF (Sender Policy Framework) – Confirms emails are sent from authorised QMUL servers, blocking spoofed messages. 

DKIM (DomainKeys Identified Mail) – Adds a digital signature to verify that emails are genuine and untampered. 

DMARC (Domain-based Message Authentication, Reporting, and Conformance) – Works with SPF and DKIM to tell receiving systems how to handle unauthorised messages (quarantine or reject) and provides reporting for monitoring. 

Together, these technologies: 

  • Block fake or malicious emails. 
  • Ensure genuine emails reach inboxes instead of spam folders. 
  • Build trust in QMUL communications. 

 

Valimail at QMUL 

Valimail is the service we use to manage SPF, DKIM, and DMARC. It: 

  • Protects against phishing and spoofing. 
  • Improves email deliverability. 
  • Simplifies management of authorised senders. 

 

Moving to DMARC Enforcement 

We are gradually tightening our DMARC policy: 

  • Phase 1 – Quarantine: Emails from unauthorised sending services (including mailing list vendors) are sent to spam/junk folders. 
  • Phase 2 – Reject: Such emails are fully blocked. 

 

What to Do 

Email Deliverability Issues 

  • Service Owners report problems via the Helpdesk. 
  • The Information Security Team investigates and works with the owner of the sending service or mailing list vendor if needed. 
  • If required, cases are escalated to Valimail Support. 

Adding/Removing an Authorised Sending Service 

  • Service Owners contact the Information Security Team. 
  • An authorised administrator updates the Valimail platform. 
  • If needed, the request is escalated to Valimail Support (support@valimail.com). 

 

Bringing Trust to QMUL Email Services 

By modernising our infrastructure and enforcing DMARC, QMUL strengthens protection against phishing, spoofing, and email compromise—ensuring our communications are trusted and reliably delivered. 

Back to top