New Email Sending Requirements 2024

Google/Gmail and Yahoo – DMARC, DKIM & SPF Requirements
Starting 1st Feb 2024 – A Guide for All Email Senders

Introduction

As of February 2024, Gmail and Yahoo are implementing stricter email authentication requirements using a combination of Domain-based Message Authentication, Reporting & Conformance (DMARC), Sender Policy Framework (SPF), and DomainKeys Identified Mail (DKIM). These enhanced measures aim to combat spam and phishing email by verifying the legitimacy of sender domains and ensuring only authorized senders can use those domains. If you send emails through your own domain or a third-party email service provider (ESP), it’s essential to understand and comply with these new requirements to avoid potential delivery issues.

This affects anyone sending to a Google Workspace or Gmail account or Yahoo account. Including any business with a domain name tied into the Google ecosystem which you may not necessarily know about because it can be any business that uses Google as their email provider. Essentially this issue will cause deliverability issues for everyone at some point.

*** WARNING ***

From the 1st of April 2024 – The majority of businesses do not have DMARC & DKIM setup correctly and will encounter email sending or receiving issues.
All Emails to/from Company Domains will need to have (DMARC,SPF,DKIM) records in place or they will be missing out on emails either inbound or outbound. A lot of the time they will silently fail without notification to either party.
Initially with a low impact rate in April ramping up to a higher rate later in the year.
Example: You can send the same person 20 emails and depending on various settings – 1 in 5 or 1 in 20 will not be delivered or received.
Many IT companies are failing to look after their clients or are configuring these settings incorrectly.

Please verify your settings at: https://dmarcian.com/

If your email/domain is failing the validation check above – please contact us for advice.

What are DMARC, SPF, and DKIM?

• DMARC: Builds upon existing SPF and DKIM protocols, allowing domain owners to specify how email receivers should handle unauthenticated emails from their domain.
• SPF: Authorizes legitimate sending servers for a domain, preventing unauthorized use for sending spam or phishing emails.
• DKIM: Digitally signs emails with a private key associated with the domain, allowing receivers to verify the sender’s identity and message integrity.

What are the new Gmail and Yahoo DMARC requirements?

Starting in February 2024, Gmail and Yahoo will require all senders with a daily email volume of over 5,000 messages to have and non-bulk users from April 2024:

• A DMARC record published in their DNS specifying a “p=” policy of at least “p=none” (instructs receivers to ideally ‘reject’ unauthenticated emails).
• SPF and DKIM records properly configured to authenticate outgoing emails from their domain.

Key Dates and Phases:

• Feb 2024: Requirement takes effect for senders with over 5,000 daily emails.
• April 2024: Gmail starts rejecting a percentage of non-compliant emails, gradually increasing the rejection rate for everyone.
• June 2024: All bulk senders must implement one-click unsubscribe in all commercial, promotional emails.

What happens if you don’t comply?

Failure to comply can lead to:

• Email rejections: Your emails may be rejected by Gmail and Yahoo, impacting deliverability and communication.
• Sender reputation damage: Non-compliance can raise suspicion and harm your sender reputation.

Steps to comply with the new DMARC requirements:

1. Verify domain ownership: Ensure control over your domain’s DNS records.
2. Generate DMARC, SPF, and DKIM records: Use online tools or consult your ESP for creating records with proper configurations.
3. Publish records in your DNS: Add the generated records to your domain’s DNS.
4. Monitor DMARC reports: Track authentication performance and identify potential issues with Gmail and Yahoo reports.
5. Implement one-click unsubscribe: For bulk senders, ensure easy unsubscribe options in your emails.

Additional Resources:

• Gmail DMARC Guide: https://support.google.com/a/answer/2466563?hl=en: https://support.google.com/a/answer/2466563?hl=en
• Yahoo DMARC Guide: https://yahoomail.tumblr.com/post/82426900353/yahoo-dmarc-policy-change-what-should-senders-do: https://yahoomail.tumblr.com/post/82426900353/yahoo-dmarc-policy-change-what-should-senders-do
• DMARC Analyzer: https://dmarcian.com/: https://dmarcian.com/

Conclusion

Implementing DMARC, SPF, and DKIM alongside the new requirements enhances email security and delivery while protecting your sender reputation. By taking the necessary steps, you can ensure your emails reach their intended recipients and maintain your communication channels effectively. Remember, these are ongoing processes, so monitoring and optimizing your records is crucial for continued success.

If you have any further questions or require this setup for your business – please contact us.

Also view our web page for more information on how we configure DMARC, DKIM & SPF for your business.