BMajor players in the email world, namely Google and (to a lesser extent in the Netherlands) Yahoo, have recently announced that they will impose stricter requirements on senders of bulk emails from February 1, 2024. The goal is clear: to reduce spam and phishing in users' inboxes. While this is a positive turn in the fight against unwanted emails, it also puts significant time pressure on many companies.
This announcement is not to be taken lightly, especially since many companies are not yet fully compliant with email security standards. If your company sends bulk emails and does not comply with these new requirements in time, the consequences can be serious. Your emails may be marked as spam or even blocked completely.
Why these new requirements? Senders who send more than 5000 messages per day from a single domain are considered bulk senders, a category in which cybercriminals unfortunately also operate. These criminals send thousands of messages per day, often with malicious intent and without proper identification. Companies have the opportunity to identify themselves correctly, and Google and Yahoo are joining the fight against spam and fishing in mailboxes.
To distinguish legitimate from malicious messages, they introduce stricter checks. This serves as a clear message to email senders: “Please follow the rules if you want your messages to reach our inboxes.” Starting in February, you should be able to better identify your messages, and there are even more details to pay attention to.
New requirements for everyone Regardless of the amount of emails you send, there are some general requirements that every sender must meet:
- SPF or DKIM authentication
- Valid forward and reverse DNS records (PTR records) for all domains and IP addresses that send emails
- Using a TLS connection when sending emails
- Spam rates in Google's Postmaster Tools must remain below 0,10%
- Comply with RFC5322 (emails in the correct format)
- Avoid imitating Gmail's From: headers
- Highly recommended to add ARC headers when using a lot of forwarding or mailing lists
- Add List ID: header for mailing list senders
Rules for bulk email senders. In addition to the general requirements, there are specific rules for bulk email senders:
- Valid DMARC record with at least p=none
- SPF and DKIM authentication
- Domain alignment on at least one of the protocols (SPF or DKIM) for a DMARC pass
- Mandatory 'one-click unsubscribe' option in the email where unsubscribe is required
What happens if you miss the deadline? With the deadline just around the corner, the consequences are serious if you don't meet these requirements on time. Your messages can be marked as spam or blocked completely, causing significant problems such as undelivered invoices and unreachable customers. Your domain reputation can be seriously damaged.
How do you avoid this punishment? While a procedure may be developed to get rid of a spam/block list, it is essential to avoid ending up on one. Prevention is better than cure. Regardless of the volume of emails you send, DMARC Advisor recommends implementing best security practices for your domains.
With February 1st just around the corner, it is crucial to take action now. Protect your email activities with Google and Yahoo. Contact us today and find out how we can support you.
sources:
https://blog.google/products/gmail/gmail-security-authentication-spam-protection/
https://blog.postmaster.yahooinc.com/post/730172167494483968/more-secure-less-spam
