New email standards from Google and Yahoo = more protections and less SPAM
- Posted by:
- Category: Industrial Marketing
As of February 01, 2024, Google and Yahoo now require all email newsletter senders to comply with their updated security requirements. These requirements add another layer of protection for all email communications, which are crucial for both the sending company and the receiving customer or prospect. Why? Newsletters often contain valuable and sensitive information, including promotions, product updates, and sometimes even customer account details. Ensuring the security and integrity of these communications is essential for maintaining customer trust and protecting sensitive data from unauthorized access or manipulation.
Emails are also prime targets for phishing and spoofing attacks, where malicious actors impersonate legitimate companies to deceive recipients into providing personal information or clicking on malicious links. Email authentication mechanisms such as SPF, DKIM, and DMARC help mitigate these risks by verifying the authenticity of sender domains and detecting fraudulent emails, thus safeguarding both the company’s reputation and the recipients’ security.
Robust email protections enhance deliverability and ensure emails and newsletters reach the intended recipients’ inboxes rather than being flagged as spam or phishing attempts. This helps maximize the effectiveness of email marketing campaigns by increasing open rates and engagement with the content.
What are the changes that you need to be aware of and need to configure?
Here is a quick list of what needs to be done:
- Send from your branded company domain (you can no longer send from free email domains such as @gmail.com or @outlook.com).
- Setup a DMARC policy.
- Authenticate your sending domain using SPF or DKIM authentication.
- Make it easy for people to unsubscribe from your newsletters with one simple click.
- Maintain an email newsletter SPAM rating below 0.1%.
Read more directly from Google and Yahoo here:
What is a branded domain?
A branded domain refers to a domain name (or URL) that includes your company or organization’s brand or trademark as part of the domain itself. For example, a company named “Example Corp” owns the domain “example.com,” then “example.com” would be considered a branded domain for Example Corp. Branded domains are used for company websites, email addresses, and other online assets to reinforce brand identity and establish a consistent online presence. Branded domains create memorable and recognizable web addresses for customers, partners, and stakeholders to access online content and services. Additionally, branded domains can help enhance trust and credibility with users by providing a recognizable and official online presence for the brand.
What is a DMARC Policy?
DMARC, which stands for Domain-based Message Authentication, Reporting, and Conformance, is an email authentication protocol that helps prevent email spoofing and phishing attacks. A DMARC policy specifies how a receiving email server should handle emails that claim to be from a particular domain but fail authentication checks. This policy is published in the DNS (Domain Name System) records of the sending domain and includes instructions for how receiving servers should handle emails that don’t pass authentication checks, such as SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). A DMARC policy can instruct receiving servers to either accept, quarantine, or reject emails that fail authentication, giving domain owners greater control over their email delivery and helping to protect recipients from fraudulent emails. Additionally, DMARC policies include mechanisms for reporting email authentication results, allowing domain owners to monitor and analyze email traffic to detect and mitigate abuse or unauthorized use of their domain.
What does SPF and DKIM authentication mean?
Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) are email authentication methods designed to enhance the security and integrity of email communication.
SPF is a mechanism that helps prevent email spoofing by allowing domain owners to specify which mail servers are authorized to send emails on behalf of their domain. This is done through DNS records, where the domain owner lists authorized mail servers’ IP addresses or hostnames. When an email is received, the recipient’s server checks the SPF record to verify if the sending server is legitimate, reducing the likelihood of spoofed emails.
DKIM adds a digital signature to email messages. The sending mail server generates a unique cryptographic signature based on the email’s content and adds it to the message header. The recipient’s server can then use the public key published in the sender’s DNS records to verify the signature’s authenticity. DKIM helps ensure that the email content has not been tampered with during transit and verifies the sender’s identity.
Both SPF and DKIM play crucial roles in email authentication, working together to verify the legitimacy of email senders and reduce the risk of phishing, spoofing, and other malicious activities. These authentication methods contribute to a more secure email environment and are widely adopted by email providers and organizations to enhance the trustworthiness of their communication.
What will these rules accomplish?
These email protections will significantly reduce the amount of spam email we all receive. The authentication mechanisms work together to verify the legitimacy of email senders and detect spoofed or fraudulent messages. SPF allows domain owners to specify authorized mail servers, preventing spammers from impersonating legitimate domains. DKIM adds a digital signature to emails, ensuring the message content hasn’t been tampered with and verifying the sender’s identity. DMARC further enhances these protections by providing a policy framework for handling emails that fail authentication checks, allowing domain owners to specify how receiving servers should treat suspicious messages. By implementing these email authentication methods, ISPs and email providers can better identify and filter out spam, reducing inbox clutter and improving overall email security.
These email protections are essential for companies sending newsletters to customers to uphold security, protect sensitive data, maintain trust, and optimize the success of their email marketing efforts.
What are the easiest parts of this to configure?
A few of these items can be easily addressed without the need for technical support. Here are three that are the easiest and quickest to update or check for compliance:
- Send from a branded domain: If you don’t have a branded domain you will need to purchase one and setup email on it. If you have a domain and email setup, you simply need to adjust the settings in your newsletter platform (platforms such as MailChimp, Constant Contact, Mail Jet, and more) to be sure that you are sending from a branded domain email address.
- Easy unsubscribe: Provide clear and easy-to-find unsubscribe links or buttons in your newsletters, and promptly honor any unsubscribe requests.
- SPAM rating: Regularly clean your newsletter email list(s) by removing inactive or bouncing email addresses. Also, monitor your email deliverability and engagement metrics regularly and adjust your strategies accordingly to maintain a positive sender reputation and avoid being flagged as spam.
How do you update the more technical information?
The last two items on the list are a bit more technical in nature and may require the assistance of your IT staff or webmaster. Specific instructions provided by your email service provider or DNS hosting provider are best to follow when updating DMARC and SPF or DKIM settings, though some platforms do not offer any guidance. Here are the basic steps involved:
- Updating DMARC Settings: Updating DMARC settings involves making changes to the DNS records associated with your domain. Access your DNS management dashboard and locate your domain’s DNS settings. Look for an existing DMARC record associated with your domain to update; or if you don’t have a DMARC record, you will need to create one.
- Updating SPF or DKIM Settings: Updating SPF or DKIM settings also involves making changes to the DNS records associated with your domain. Access your email service provider’s administration panel where the SPF or DKIM is configured. Generate new SPF or DKIM keys (if necessary). After generating new keys, update the SPF or DKIM DNS records associated with your domain. This typically involves copying the new SPF or DKIM public key provided by your Email Service Provider (ESP) and adding it as a TXT record in your domain’s DNS settings.
All industrial – all the time!
With over 30 years of experience, The Rico Group specializes in helping industrial manufacturers and job shops grow their businesses and diversify their customer base. We know how engineers think and what they are looking for. We know your processes, equipment, and materials. We also know that you have very little time to take away from your production and getting your customer’s orders delivered.
Grow your business with better marketing with The Rico Group.
(805) 497-7401