Email: Email Authentication Requirements


Message to DePaul users of third-party mailing services

Do you send email messages to recipients through third-party applications or mailing services like Mailchimp, Constant Contact, Hubspot, Campaigner, Brevo, or something similar? It’s very important that you read this message.

To improve email security and reduce the threat of phishing and spam, major email providers are implementing changes to verify that email is actually sent from the domain it claims to be sent from. Google and Yahoo/AOL have stated that, starting in February 2024, any piece of email that cannot be authenticated will be quarantined (in other words, sent to the recipient’s Spam/Junk Mail folder).

This will not impact most daily communications sent from individuals at DePaul, but will affect those who send large numbers of emails to groups or large lists of people using outside mailing services such as Mailchimp, Constant Contact or others (see below).

What are examples of unapproved third-party mailing service?

If you send emails through one of the services listed below or a different 3rd party vendor AND your “From” address ends in, your messages will go to spam folders in Gmail, Yahoo, and AOL very soon. Please contact the Help Desk to make appropriate changes before the deadline.

If you are using the mailing service Constant Contact you need to make sure that your “From” address ends in  You will also need go generate a TXT record to send authenticated messages from your account.  You can follow the steps Constant Contact provides to create the records and then open an incident with the Help Desk to get the records created in our DNS.

This does not affect approved, official university email messaging services such as:

General Information

Sending bulk emails through third-party applications or mail marketing platforms (e.g., Mailchimp, Campaign Monitor, or Constant Contact) may require you to take action before February 2024. These changes will not affect official university communication applications and tools such as BlueM@il (Outlook), BlueStar (Salesforce), JangoMail, Slate, or D2L.

Google and Yahoo recently announced plans to implement email authentication requirements on senders of bulk messages. Starting February 2024, the two email providers (which together make up more than half of overall email usage) will begin to block and aggressively filter incoming email traffic that doesn’t meet domain authentication standards.

If you or your department use a service to send email for university business, you will need to verify that the service or application follows the new requirements so that it continues to work properly after the upcoming changes.  You may need to reach out to your vendor to see if they are compliant or not.

Third-party services that are not centrally managed by Information Services should not use email addresses in the domain. The service you are using will determine which domain you should be sending as.  If you are using a third-party service, and especially if you are sending messages with addresses, please open an incident with the Help Desk to work with IS and correct the issue.