Major players in the e-mail world, namely Google and (to a lesser extent in the Netherlands) Yahoo, recently announced that they will impose stricter requirements on bulk e-mail senders from 1 February 2024. The aim is clear: to reduce spam and phishing in users' inboxes. While this is a positive turn in the fight against unwanted e-mails, it also brings considerable time pressure for many companies.
This announcement is not to be taken lightly, especially since many companies are not yet fully compliant with e-mail security standards. If your company sends bulk emails and does not meet these new requirements in time, the consequences could be serious. Your emails could be flagged as spam or even blocked completely.
Why these new requirements? Senders who send more than 5,000 messages a day from a single domain are considered bulk senders, a category in which, unfortunately, cybercriminals also operate. These criminals send thousands of messages a day, often with malicious intent and without proper identification. Companies have the option to identify themselves correctly, and Google and Yahoo are taking up the fight against spam and fishing in mailboxes.
To distinguish legitimate from malicious messages, they are introducing tighter controls. This serves as a clear message to e-mail senders: "Stick to the rules if you want your messages to reach our inboxes." From February, you should be able to better identify your messages, and there are more details to watch out for.
New requirements for everyone No matter how many e-mails you send, there are some general requirements that every sender must meet:
- SPF or DKIM authentication
- Valid forward and reverse DNS records (PTR records) for all domains and IP addresses sending emails
- Using a TLS connection when sending e-mails
- Spam rates in Google's Postmaster Tools must stay below 0.10%
- Complying with RFC5322 (emails in the correct format)
- Avoid imitating Gmail's From:-headers
- Highly recommended to add ARC headers when using many forward or mailing lists
- Adding List-id: header for mailing list senders
Rules for bulk e-mail senders. In addition to the general requirements, there are specific rules for senders of bulk emails:
- Valid DMARC record with at least p=none
- SPF and DKIM authentication
- Domain alignment on at least one of the protocols (SPF or DKIM) for a DMARC pass
- Mandatory 'one-click unsubscribe' option in the e-mail where unsubscribing is required
What happens if you miss the deadline? With the deadline almost around the corner, the consequences are serious if you don't meet these requirements on time. Your messages could be marked as spam or blocked completely, causing significant problems such as undelivered invoices and unreachable customers. Your domains' reputation can be seriously damaged.
How do you avoid this penalty? While a procedure may be developed to get off a spam/block list, it is essential to avoid ending up on it. Prevention is better than cure. No matter how many emails you send, DMARC Advisor recommends implementing the best security practices for your domains.
With February 1 just around the corner, now is crucial to take action. Protect your email operations with Google and Yahoo. Contact us today and find out how we can support you.
sources:
https://blog.google/products/gmail/gmail-security-authentication-spam-protection/
https://blog.postmaster.yahooinc.com/post/730172167494483968/more-secure-less-spam