On Your DMARC, Get Set, Go!

Google and Yahoo are requiring DMARC beginning February 2024. So what does that mean for your organization, and how do you implement it?

Starting February 1, 2024, Google and Yahoo will implement new requirements for inbound email, primarily geared toward bulk senders. However, the changes may result in potential delivery (and cybersecurity) issues for your organization and customers if the requirements are not implemented correctly.

“What are the new requirements?”

Effective February 1, Google will require the following for all senders who send email to Gmail accounts:

• Set up SPF or DKIM email authentication for your domain

• Ensure that sending domains or IPs have valid forward and reverse DNS records (aka PTR records)

• Use a TLS connection for transmitting email

• Keep spam rates reported in Postmaster Tools below 0.1% to avoid ever reaching a spam rate of 0.3% or higher

• Format messages according to the Internet Message Format standard

• Don’t impersonate Gmail “from:” headers. Gmail will begin using a DMARC quarantine enforcement policy, and impersonating Gmail “from:” headers might impact your email delivery

• If you regularly forward email, including using mailing lists or inbound gateways, add ARC headers to outgoing email

As of February 1, Yahoo will also require the following for all senders:

• Implement stronger email authentication leveraging industry standards such as SPF or DKIM, at a minimum

• Only send emails users want. Yahoo will start enforcing a 0.3% threshold based on user-reported spam rates.

• Have a valid forward and reverse DNS record for sending IPs

• Additionally, for bulk senders:

  • Implement both SPF and DKIM

  • Publish a valid DMARC policy

  • Support one-click unsubscribe and honor user requests within two (2) days

“What does this mean for me?”

If you send 5,000 messages a day or more to Gmail or Yahoo accounts, even if you’re using a third-party email service provider (ESP) like Constant Contact or MailChimp, you will need to follow these requirements and implement DMARC.

“How do I know where to start?”

A company called dmarcian offers a free domain checker tool to help verify the status of the DMARC compliance for your email domains. This tool also checks your SPF and DKIM records.

Next, you will want to start implementing the technical requirements to meet Google and Yahoo’s new rules. Hive Systems has published a series of guides to help you understand and implement SPF, DKIM, and DMARC. Having a correctly configured SPF, DKIM, and DMARC policy is important for two reasons: 1. It helps prevent “spoofing” of your email domain, and 2. Increases the deliverability of your emails, both marketing and 1:1 emails. To get started:

Have a DMARC Policy for your DNS

• You can simply set p=none in your DMARC record to meet the new requirements, but there are more options for enhancing your email security with DMARC:
  Check if you have a DMARC record and if you don’t, create one

• Enable DMARC monitoring to monitor senders who are sending on behalf of your domain. Hive Systems can help! Contact us to learn how we can help for as low as $10 per month.

Make sure your messages pass DMARC

Your messages can pass DKIM and/or SPF using the same domain as the message “From:” header. A DKIM-first approach is recommended, but there must also be a valid SPF record.

• Sending IPs must have a PTR record. If you maintain your own mail servers, validate that each IP address has a corresponding PTR record in your DNS (also known as forward and reverse DNS or a hostname).

• Don’t send spam. Pretty self-explanatory. Google and Yahoo require your spam complaint rate to be below 0.3%, and Google even offers a free reputation service to help you keep track of your spam rates.

• Properly format your messages. Emails must meet the standards established by RFC 5322.

• Don’t spoof gmail.com or yahoo.com. If you’re using an email service that allows you to send “as your @gmail.com or @yahoo.com address” you’re going to start experiencing delivery issues as Google and Yahoo crack down on their own DMARC policies.

• Include one-click unsubscribe. If you’re using Google, you also need to make sure the unsubscribe link is clearly visible. If you’re using Yahoo, you’re going to need to honor a user’s unsubscribe request within two (2) days.

Not sure how to configure DMARC or how to meet these requirements? Hive Systems can help! Contact us today and we’ll help you configure and monitor your SPF, DKIM, and DMARC configurations for as low as $10 per month.