Google and Yahoo are enforcing new rules to protect recipients from unwanted emails and to make it harder for bad actors to impersonate domains and send phishing emails. This is part of their mission to secure their systems against spam and unwanted emails.
The changes are set to roll out gradually from February 2024, with the possibility of adjustments based on industry feedback.
New Requirements: Email senders are required to:
- Authenticate emails using DKIM (DomainKeys Identified Mail), SPF (Sender Policy Framework), and DMARC (Domain-based Message Authentication, Reporting, and Conformance).
- Keep spam complaint rates under 0.3%.
- Provide a one-click unsubscribe link and honor unsubscribes within two days.
- Comply with RFC 5322, and maintain PTR records and rDNS (reverse DNS).
- Ensure sending server IP addresses have valid reverse DNS records.
- Use TLS (Transport Layer Security) for transmitting email.
Impact on Senders: These requirements primarily target large bulk senders, particularly those sending over 5,000 emails a day. However, smaller senders and those sending transactional emails should not ignore these changes, as best practices for large senders today may become requirements for all in the future.
Steps to Compliance: Read our article below provides a detailed guide to ensure compliance, which includes understanding and authenticating your email-sending domains, setting up custom DKIM and SPF, establishing DMARC, and registering your domain with Google Postmaster Tools to monitor spam rates.
Consequences of Non-Compliance: Emails that do not meet these requirements might be rejected or delivered to recipients’ spam folders.
How to comply with those changes? [Step-by-step guide]
Step 1: Understand Email Authentication Methods
- DKIM (DomainKeys Identified Mail):
DKIM is like a digital signature for your emails. Imagine sending a letter with a unique seal on it. When the recipient gets the letter, they check the seal to make sure it’s really from you and hasn’t been tampered with during delivery. That’s essentially what DKIM does for your emails. - SPF (Sender Policy Framework):
Validates that the sender is authorized to send emails from a domain. Imagine your email domain (like @yourcompany.com) is your house. You want to make sure that only your trusted friends (email servers) can send out invitations (emails) from your house.
SPF is like a list you put on your front door that tells the postman (email services) which friends are allowed to send invitations from your address.
So, SPF helps make sure that emails sent from your domain are actually from you or someone you trust, reducing the chance of someone else pretending to send emails from your house. - DMARC (Domain-based Message Authentication, Reporting, and Conformance):
DMARC is like a security guard for your emails. It uses rules to check that emails claiming to be from your domain (like @yourcompany.com) are really from you, and tells email services what to do if they’re not.
Step 2: Set Up DKIM
Generate a DKIM Key
- Use your email service provider’s tools to create a DKIM key. (there are millions of providers so I can’t be more specific here)
- Log in to your email provider’s user interface.
- look for “DKIM settings” or similar inside settings/domain settings.
- Enable and generate a DKIM. Every email sender’s user interface looks different, but here is an example:
Publish the Key to Your DNS
In the next step Add the DKIM key to your domain’s DNS records:
- Open your domain registrar’s administration area (or CDN management area if you using CDN like Cloudflare), and look for DNS records.
- Add a new TXT record and copy-paste the Name (=Host) and Content (=Key). Set TTL to Auto or, the smallest possible value. See our example below:
Step 3: Implement SPF
Create an SPF Record:
- The easiest way to figure out the SPF is to ask your email sender service provider. Most of the time they publish it in their knowledge base. If not ask the support.
- Another option is to generate one with this tool: MXTOOLBOX SPF Record generator. List all servers and domains that are authorized to send emails on your behalf. Example:
Publish SPF Record to DNS
Add this record to your domain’s DNS the same way as DKIM key. Type = TXT, Name = your sender domain name. TTL = Auto
Example:
Test Your SPF Record
Use online SPF check tool to ensure it’s set up correctly.
Step 4: Establish DMARC
Create a DMARC Record
Your DMARC record will look like this (you can use it right away, just replace em***@do****.com with your email address.)
Name: _dmarc
Content: v=DMARC1; p=none; rua=mailto:em***@do****.com" data-original-string="JeFpfU0ZIGSePbxEeTj6jg==197G7eNlo1cfyB9T++LqoRnffyycV1d693jRcgTNjhHAkI=" title="This contact has been encoded by Anti-Spam by CleanTalk. Click to decode. To finish the decoding make sure that JavaScript is enabled in your browser.
IMPORTANT! DMARC1 must be uppercase!
Add the DMARC Record to DNS
Just add a new DNS record the same way as before. example:
As you can see “rua=” part is optional, but still recommended!
Test DMARC
Use this Online tool to check DMARC
Step 5: Manage Email Content and Sending Practices
- Keep Spam Rates Low: Aim for a spam complaint rate under 0.3%.
- Unsubscribe Link: Include a clear, one-click unsubscribe option in every email. Most email services has an easy function for this.
- Honor Unsubscribes: Process unsubscribe requests within two days.
Step 6: Comply with Technical Standards
- Follow RFC 5322: Ensure emails meet the Internet Message Format standard. Most modern email clients (like Gmail, Outlook, etc.) and sender services automatically comply with RFC 5322. They format the emails correctly when you compose and send them. If you’re using a well-known email client/system, it’s likely already following these standards.
- Maintain PTR Records and rDNS: To increase compliance with the new rules, setting up reverse DNS for your sending server IP addresses is recommended. However, in most cases, this is not necessary, since email providers take care of it. To make sure you need it or not, I suggest ask it from your email sender service provider support.
- Use TLS for Email Transmission: If you’re using a popular Email Sending Provider, they already use TLS by default.
Step 7: Monitor and Adapt
- Register with Google Postmaster Tools: This helps in monitoring your domain’s reputation and spam rate. To set this up in 5 minutes, just go to Google Postmaster tools and simply add your domain, then follow the verification steps. (It will require to add one more TXT record to your DNS)
- Stay Updated: Keep an eye on any further updates from Google and Yahoo.
Step 8: Test and Validate
- Send Test Emails: Check if emails are landing in the inbox and not the spam folder.
- Use Email Testing Services: Services like Mail-tester.com can help verify your setup by sending a test email.
If you are using WordPress, use an SMTP for transactional email sending
One more thing I recommend using for sending transactional emails from your WordPress website: always use an SMTP service like Mailgun.com.
Why?
- Server hosting companies often limit the number of outbound emails from their servers.
- And also, if the hosting server is blacklisted for any reason, then your transactional emails will never be delivered!
Following these steps will significantly enhance your email deliverability and compliance with the new requirements set by Google and Yahoo. Remember, maintaining good email practices is an ongoing process, and it’s important to stay informed about the latest developments in email standards and regulations.
Happy sending!