What does the February policy update mean for me?
Earlier this month, Google and Yahoo both announced significant changes that will impact the sending and receiving of commercial E-mails on a global scale. Starting in April 2024 (originally February), both E-mail platforms will implement stricter filtering and blocking measures for incoming email traffic that fails to meet new message authentication and procedural requirements. These changes, while dramatic, are aimed at improving the overall quality of legitimate emails and aligning with industry best practices.
Despite the initial upheaval, most senders already have elements of compliant commercial E-mail in place. The main areas of focus for these new requirements include the technical infrastructure of commercial E-mail messages and guidelines on permissible levels of email recipient complaints. Notably, senders must ensure proper configuration of outbound emails with passing DKIM and SPF protocols, have a fully qualified reverse DNS (FQrDNS), and maintain a present and passing DMARC record.
Additionally, all commercial messages must feature easy unsubscribe mechanisms, and Google has specified a complaint rate threshold for mail to be blocked outright on their platform. These updates underscore the importance of maintaining a secure, valued, and trustworthy email ecosystem. While they may pose initial challenges, they ultimately aim to enhance user experience and foster a more reliable email environment.
what is spf, dkim & dmarc?
about spf
SPF (Sender Policy Framework) is an email authentication protocol that enables domain owners to specify which mail servers they authorize to send emails on behalf of their domain. To utilize SPF, brands utilizing various email services must publish SPF records in the Domain Name System (DNS). These records list the IP addresses permitted to send emails for the domain.
During an SPF check, email providers verify the SPF record by querying the DNS for the domain listed in the "envelope from" address. If the IP address sending an email on behalf of the domain isn't listed in the SPF record, the message fails SPF authentication.
Reasons to Implement: Implementing SPF records reduces the likelihood of spammers and phishers forging emails claiming to be from the domain. This is because such forged emails are more likely to be caught in spam filters that check SPF records. Consequently, a domain protected by SPF becomes less attractive to spammers and phishers. Additionally, an SPF-protected domain is less likely to be blacklisted by spam filters, increasing the chances of legitimate emails from the domain reaching recipients' inboxes.
ABOUT DKIM
DKIM (Domain Keys Identified Mail) is a protocol designed to enhance E-mail authentication and security. It enables organisations to verify their responsibility for sending a message by using cryptographic authentication. This verification process benefits email recipients by allowing them to accurately identify legitimate emails, thereby improving the effectiveness of domain-based blacklists and whitelists. Additionally, DKIM helps in detecting certain types of phishing attacks more easily.
With DKIM, an organisation can assert responsibility for a message while it's in transit, whether they're the original sender or an intermediary handling the message. The reputation of the organization plays a crucial role in determining whether the message is trustworthy for delivery or not.
ABOUT DMARC
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a protocol designed to bolster E-mail security for domain owners. It allows you to set policies regarding E-mail authentication and specify actions to be taken when authentication fails.
DMARC Policies:
p=none (Monitoring Mode):
In "none" mode, DMARC operates as an observer. It enables you to receive detailed reports on email authentication results without taking any immediate action. This serves as a diagnostic phase, allowing you to assess potential issues without affecting email delivery.
p=quarantine (Quarantine Mode):
With a "quarantine" policy, emails that fail authentication may be diverted to a separate folder, often the recipient's spam or quarantine folder. This offers a middle ground between monitoring and strict rejection, enabling you to identify potential threats without completely blocking them.
p=reject (Reject Mode):
The "reject" policy is the most stringent. It directs email receivers to outright reject messages that do not pass authentication. This level of enforcement ensures a higher level of protection against unauthorised or malicious emails.
Implementing DMARC policies provides domain owners with greater control over their E-mail security. By choosing the appropriate policy, domain owners can effectively manage the handling of E-mails that fail authentication, thereby reducing the risk of unauthorized or malicious messages reaching recipients' inboxes. Additionally, DMARC's reporting feature offers valuable insights into email authentication results, allowing domain owners to continuously monitor and improve their email security posture. Overall, DMARC serves as a vital tool in safeguarding email communications and maintaining trust with recipients.
what do i need to do now?
We’ve compiled a list of the most popular DNS providers, where you will find tutorials and basic information on how to add the given records to your provider.
If you have any issues - feel free to Contact Us so we can help you verify your DNS efficiently and quickly!