Body
Email
SUNY Orange does not Allowlist Email Senders. The practice is long outdated due to being both insecure and ineffective for modern Email systems.
SUNY Orange doesn't interfere with incoming emails directly. Instead, we conform to global requirements:
- All emails are subject to Gmail's global Spam policies
- All emails are subject to Industry-wide SPF/DKIM/DMARC requirements
Most senders, especially large organizations with whom we have regular relations, are already in compliance with the above. However even those who are compliant still retain the outdated practice of requesting that recipients Allowlist their emails. This is typically due to not having updated all of their potboiler communications. Some may do it as an attempt at a disclaimer/responsibility shift. In any case, these can be ignored.
However, it's possible that a smaller entity lacking IT services are not in compliance. Unfortunately, allowlisting them will not result in a successful email - instead, they have to come into compliance on their end.
The vast majority of emails do not fail. In the rare instance when they do, the only way that ITS can assist is to address an actual failure by determining why an email has failed, and advising as to what the Sender would have to do in order to come into compliance.
IP/URL/DNS
Requests to Allow something in the Firewall requires 3 pieces of information:
- Source
- Destination
- Port/Protocol
Again, 3rd parties can often be vague due to outdated communication blurbs. The statement "Allow XYZ in your Firewall" does not provide enough information to form a Firewall Rule, and so ITS is unable to act on this request.
Prior to making a request, please obtain the required information.
Please also note - a request is often unnecessary. We do not restrict Outbound communications on commonly used Ports - that is to say when the following pattern is true:
- Source - Campus
- Destination - Anywhere on the Internet
- Port/Protocol - 80/443 (Web), 21 (FTP), 22 (SFTP/SSH)