Domain-based Messaging and Reporting Compliance (DMARC) was implemented at NSF in October 2018. DMARC is a series of email authentication and reporting checks that improve email security within Federal agencies by improving email fraud defenses.
This Department of Homeland Security (DHS) required protocol may result in some external email recipients not receiving some NSF email if organization email is not configured to meet DMARC requirements or if people are auto-forwarding email to another account, such as a personal email account.
DMARC enables organizations like NSF to verify that email was sent from a trusted source rather than from bad actors such as spammers, hackers or phishers. Since NSF’s implementation of DMARC, NSF has observed that some external organizations use email routing practices such as email auto-forwarding from organization to personal email accounts or using third-party email distribution services (e.g., Constant Contact, GovDelivery, Amazon SES) that cause messages to be blocked from distribution because they are flagged as potentially fraudulent by DMARC security checks. This means some recipients of NSF email may not be receiving some important NSF communications related to research funding actions, deadlines, and/or other important messages.
NSF, as all other federal agencies, is required to implement this standard. In response, some universities communicated to their staff about DMARC and specifically about not auto-forwarding email. (Just a few of the examples include the University of Illinois, Northwestern University, Cornell University and the University of Minnesota. Click on the name of the organization to view their public communications.)
If you are hearing about or believe you or researchers at your organization are experiencing email delivery issues with NSF email, please contact your organization’s IT division. After contacting them, if you still have questions, please contact NSF’s IT Help Central. IT Help Central (ITHC) can be contacted by phone at 703-292-HELP (x4357) or 800-711-8084. ITHC hours of operation are 6:00 a.m. to 7:00 p.m., ET. You may also contact ITHC by email at ITHelpCentral@nsf.gov.
More information about NSF’s experience with DMARC can be found on NSF’s website at https://www.nsf.gov/policies/dmarc.jsp. More information about Binding Operational Directive 18-01 can be found athttps://cyber.dhs.gov/bod/18-01/