Navigating the New Gmail and Yahoo Email Changes 2024
- What Are the Changes in Gmail and Yahoo Mail 2024?
- The New Email Authentication Requirements by Gmail and Yahoo
- Reinforcing Email Deliverability and Security
- Sender Policy Framework (SPF)
- Domain-Key Identified Mail (DKIM)
- Domain-Based Message Authentication, Reporting and Conformance (DMARC)
- In Short
- We can help make your business email safer
What Are the Changes in Gmail and Yahoo Mail 2024?
Beginning February 2024, Google and Yahoo will enforce a more strict policy to combat spam and phishing emails.
The requirements that these two giants are imposing will also help make your business email more secure. It will keep it from being spoofed or impersonated.
If you’re an email marketer who sends emails to gmail or yahoo users, then follow this guide if you want your emails to land in your audience’s inboxes —and not get sent to the spam folder.
In this article, we’ll show you with what you need to do to make your business email compliant and safer, step by step.
The New Email Authentication Requirements by Gmail and Yahoo
1. Authenticating email/domain with security frameworks
There are three email security protocols that your business domain must now keep to stay in Google and Yahoo’s good graces:
- SPF
- DKIM
- DMARC
2. Keeping spam complaint rates below 0.3%
Keeping spam rates low is easy to do if your audience expects emails from you.
Do not send newsletters to people who have not signed up for them. Meeting someone at a networking event and putting them on your mailing list is not an opt-in. They must sign up themselves or give you permission to email them.
3. One-Click unsubscribe option
If you send newsletters or other broadcast emails, you must have a visible option to unsubscribe.
Reinforcing Email Deliverability and Security
These frameworks mentioned in requirement #1 are not new. They have been around for a while as recommended best practices. Since email security is becoming front and center, Google and Yahoo are making their implementation mandatory.
The good news is that when implemented correctly, these protocols can only help boost your business domain’s email deliverability and security.
Sender Policy Framework (SPF)
Sender Policy Framework, SPF, identifies the mail servers and domains that send emails on behalf of your business domain. For example, your business email might have:
- Google Workspace or Microsoft 365 as your primary ESP
- An email marketing platform such as ActiveCampaign or Mailchimp
- An SMTP service on your website that sends messages, forms or comments emails
- A chatbot or helpdesk service that sends and receives leads, customer or ticket emails
SPF Record Option 1:
A) If your business domain uses Google Workspace ONLY
If your domain sends emails using Google Workspace only and no other email sending services, enter this SPF record on your domain DNS:
v=spf1 include:_spf.google.com ~all
B) If your business domain uses Microsoft 365 ONLY
If your domain sends emails using Microsoft 365 only and no other email-sending services, enter this SPF record on your domain DNS:
v=spf1 include:spf.protection.outlook.com -all
SPF Record Option 2:
Your business domain uses Google Workspace AND other senders
You can begin to compose the SPF record using SPF Option 1 and add other senders as needed. For example, for option 1 – A:
v=spf1 include:_spf.google.com include.spf.sender2.com ~all
Or, use an SPF record generator to make it easier.
SPF Record Generator
The easiest way to compose a correct and complete SPF record is to use a SPF record generator. The easiest and quickest tools we found are:
- https://easydmarc.com/tools/spf-record-generator
- https://powerdmarc.com/power-dmarc-toolbox/ > Generator Tools > SPF Record Generator
Publish Your SPF Record
You must now publish your SPF record in your domain’s DNS as a TXT entry:
Host or Name: enter the domain name or “@”
Value, Target or Data: the generated SPF record.
There can only be one SPF record per domain. So make sure to keep it updated to keep your domain safe.
Tip:
Keep an inventory of your business domain authorized senders in Excel, Gsheet or AirTable so you always have your SPF record updated
Domain-Key Identified Mail (DKIM)
Domain-Key Identified Mail, DKIM, increases security for your business outgoing email. It helps protect your domain from spoofing and your outbound emails from being marked as spam.
Spoofing forges the From: field of an email to impersonate your business. DKIM detects when the From: address has been tampered with.
Without DKIM, your outbound emails are more likely to be marked as spam by receiving email servers.
DKIM works with a pair of keys: Private and public.
The ESP keeps the private key secure and secret. The public key goes into the DNS record, which receiving email servers use to authenticate the DKIM signature.
Find out if your domain provider supports 2048-bit DKIM keys. 2048-bit keys are more secure than 1024-bit keys. If you’re not sure which your domain registrar supports, begin with 2048-bit and change if it gives you trouble later.
Creating a DKIM Record for Google Workspace
Here’s the step-by-step article to create your DKIM record, including, of course, your private and public DKIM keys:
https://support.google.com/a/answer/180504?hl=en&ref_topic=2752442&sjid=13662279917825445544-NC
Tip:
If the new record generates successfully but it doesn’t show under your domain, switch to a different domain in the dropdown (or go to the dashboard,) and come back or just hit refresh. You should see your domain’s DKIM record now.
Creating a DKIM Record for Microsoft 365
Creating DKIM Records for Multiple Sender-Domains
If multiple services send emails on your business’s behalf, you need to create one DKIM record per domain. For example, Google, Mailchimp, Zendesk, Sendgrid, etc.
Each service should give you its corresponding DKIM record so you can include it in your domain’s DNS settings.
Publish your DKIM Record
Go to your domain registry and enter the DKIM record as a TXT record in the DNS settings:
Host or Name : the selector given
Value, Target or Data: the generated public key
Domain-Based Message Authentication, Reporting and Conformance (DMARC)
Domain-Based Message Authentication Reporting and Conformance, DMARC, is an email security standard that uses SPF and DKIM filters to perform more advanced security validation on emails received.
DMARC attempts to combat email scams by allowing email-receiving servers to determine whether or not an email claiming to come from a domain actually comes from that domain.
DMARC defends your domain against phishing and spoofing attacks and improves your business email deliverability. This means it will reduce the chances that your emails will be mis-flagged as spam or untrusted email.
The DMARC standard is a must if you’re sending sensitive info with your business email, such as:
- Personal Identifiable Information, PII
- Payment details or requests
- Invoicing
- Business transaction details
DMARC Record Settings
We could list the 11 tags needed to create a DMARC record from scratch.
But (a) you can find tons of those online, for example:
And (b) Using one of the DMARC record generator tools is easier and faster.
DMARC Record Generator
These are the easiest tools we found. Their forms gather all the information needed to compose a complete DMARC record.
EasyDMARC > DMARC Record Generator Tool
PowerDMARC > https://powerdmarc.com/power-dmarc-toolbox/ > Generator Tools > DMARC Record Generator
EasyDMAR’s tool in particular offers clear instructions on what info needs to go in each field. It also alerts you if there are errors or missing details.
Most importantly, you create a policy to reject and quarantine emails that do not pass the SPF and DKIM filters. Since your domain’s DNS can only have one DMARC record, you must combine all policies/tags into that record.
Tip:
Start relaxed and gradually become more strict as you gather more deliverability information from your domain’s DMARC reports.
Publish Your DMARC Record
Only one DMARC record per domain can be published in your domain’s DNS.
Add a new TXT entry:
Host or Name: _dmarc
Value, Target or Data: the generated DMARC record.
Monitoring Email Sender Domains
DMARC reports are sent by your email sending servers/sources, like Gmail and Yahoo, with valuable data such as:
- Message volumes processed
- SPF/DKIM authentication rates (are your sources complying?)
- Actions taken: quarantine or reject
- Threat/Unknown (detection of your domain spoofing or impersonation)
- Forwarded (your recipients forwarding your domains to others)
The DMARC reports allow you to fine-tune issues as they arise for ongoing domain security.
Understanding DMARC Reports
DMARC reports come in XML. Saying they’re hard to read is an understatement. Use these free tools to see a human-friendly, easier-to-understand version:
https://us.dmarcian.com/xml-to-human-converter
https://mxtoolbox.com/DmarcReportAnalyzer.aspx
https://easydmarc.com/tools/dmarc-aggregated-reports
In Short
Email security is among the most important items in a proactive cybersecurity agenda. Email is the heartbeat of your business operations, so ensure that it is well taken care of.
Need help setting these up?
0 Comments