A few months ago, Google and Yahoo announced they would be changing their email authentication requirements starting in February 2024. What used to simply be good practice is about to become a requirement. These changes are intended to ensure email recipients only receive valuable and wanted mail. If you want your emails to always reach the inbox, even after the changes are introduced in February, check out more details about email authentication and our recommendations.
What are the new requirements for?
Email authentication helps prevent others from impersonating our domain(s), keeping both senders and recipients safer. The more your sending domain or IP address is authenticated, the less likely someone will send malicious emails on your behalf, protecting email recipients from spoofing and phishing attacks. And that is why Google and Yahoo chose to make their requirements stricter. They want to take care of email recipients, but at the same time, they want to help protect you and your company from being impersonated. Also, if you send relevant and wanted messages, the new rules will make your emails less likely to be rejected or marked as spam.
New email authentication requirements and what you should do to meet them
Let's now go through all the new email authentication requirements - including what you should do about each of them and how to make sure your Elastic Email account is ready for these changes.
Set up SPF and DKIM email authentication for your domain
SPF record was already mandatory, but now DKIM has changed from recommended to necessary as well. SPF (Sender Policy Framework) allows you to list all email servers authorized to send mail for your domain. It is used to prevent spammers from sending mail with fraudulent From addresses in that domain. In turn, DKIM (Domain Keys Identified Mail) allows receiving servers to sign and verify your email address as the sending domain.
Both these records can be authenticated through the domain verification process within your Elastic Email account.
Provide your subscribers with an easy unsubscribe option
All marketing and subscription emails must include an unsubscribe link that can be easily found when someone decides they no longer want to receive emails from you. When someone unsubscribes, you should remove them from your list within 2 days.
You can learn more about the unsubscribe settings in our help center.
Keep your spam rate in Postmaster Tools below 0.3%
Postmaster Tools is a product offered by Google that analyzes your email performance and helps Gmail route your email to the right place. It gives you valuable information, including spam rates with Gmail subscribers. Ideally, your spam rate should be below 0.1%, but more realistically, it should never reach 0.3% or higher.
Set up DMARC authentication of your sending domain
Domain-based Message Authentication, Reporting, and Conformance (DMARC) is built on top of SPF and DKIM records and ensures proper authentication of your domain. It checks if the records of incoming emails are properly authenticated. If yes, the message goes through. If not, the DMARC policy is executed. Meaning if either SPF, DKIM, or both checks fail, the sender chooses via the DMARC policy if the email goes to the spam folder or is bounced. You can implement DMARC in many ways and our DMARC Generator will help you create and customize a DMARC policy suited for your needs. You can then check, when verifying your domain in your Elastic Email account, if this record was properly verified.
Ensure valid forward and reverse DNS records
Forward and reverse DNS records, also referred to as PTR records, verify that the sending hostname is associated with the sending IP address. It allows email clients to verify the sender of an email via the reverse DNS lookup.
You can add entries to your DNS settings during the process of verifying your domain in your Elastic Email account. As for adding reverse DNS, or rDNS, this option is available for private IPs with our Email Marketing Pro plan and Email API Pro plan. If you want to set up rDNS, please contact our Customer Support team.
Use a TLS connection for transmitting email
TLS (Transport Layer Security) is a standard security protocol that encrypts emails for privacy. It evolved from a previous encryption protocol - SSL (Secure Sockets Layer). TLS was designed to provide security for data sent between applications. Any email transmitted to Gmail or Yahoo will have to have secure TLS connections.
At Elastic Email, we support standard SSL and TLS encryption for all SMTP traffic.
New email authentication requirements - takeaways
As you can see, there is a lot going on to improve the safety of email recipients and email authentication. The most important things to take care of are:
- Authenticating your emails with SPF, DKIM and DMARC
- Providing easy unsubscription
- Keeping your SPAM rate below 0.3%
If you’d like to know more about the new requirements, check out email sender guidelines prepared by Google and Yahoo. If you use Elastic Email to send your mail and need assistance in meeting the new email authentication requirements, do not hesitate to reach out to our Customer Support team.