New Email Requirements for Google, Yahoo and Apple
SPF, DKIM records and DMARC policies required for all domains.
Google, Yahoo and Apple recently announced a joint effort to reduce the number of unwanted emails received by users. Beginning as soon as February 2024, they will start enforcing these new requirements on mail from high-volume senders (5,000+ emails per day).
These new rules will require all senders to follow email authentication best practices which include publishing SPF and DKIM records, as well as DMARC policies for all domains. Senders must have valid forward and reverse DNS records published for their mail servers and use a TLS connection for transmitting mail. Google, Yahoo and Apple also track user-reported spam rates for mail received. That rate must now be below 0.3% and ideally not more than 0.1%.
High-volume senders will be subject to even stricter requirements related to email authentication. Additionally, marketing email and newsletters will need to offer recipients the option to unsubscribe from future emails through one-click unsubscribe implemented according to RFC 8058. Senders who don’t comply with the new requirements will be subject to message rate limiting and blocked messages, or the messages will be marked as spam.
What is DMARC?
DMARC stands for Domain-based Message Authentication, Reporting & Conformance. It's an email authentication protocol that helps protect your domain from being used to send unauthorised emails, a practice known as email spoofing. Think of it like a three-pronged approach to email security:
- Authentication:DMARC relies on two other email authentication protocols, SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). SPF verifies that the email is coming from an authorized server, while DKIM adds a digital signature to the email to ensure it hasn't been tampered with.
- Policy:Once DMARC has determined whether an email is authenticated, it tells receiving mail servers what to do with it if it fails authentication. The policy can range from simply rejecting the email to quarantining it or marking it as spam.
- Reporting:DMARC also provides reporting so you can see which emails are being sent from your domain and whether they are authenticated. This can help you identify any unauthorized use of your domain and take steps to prevent it.
What is SPF and DKIM?
SPF and DKIM are two other email authentication protocols that work alongside DMARC to prevent email spoofing and protect your domain from unauthorized use. Here's a breakdown of each:
SPF (Sender Policy Framework)
- Imagine a whitelist for email senders. SPF allows you to specify which servers are authorized to send email on behalf of your domain. This is done by publishing a TXT record in your DNS zone file. The record lists all the IP addresses or domains that are allowed to send emails for your domain.
- When an email is received, the receiving server checks the SPF record for the domain in the email address. If the IP address of the sending server is listed in the SPF record, the email is considered to be authenticated. If the IP address is not listed, the email may be rejected or flagged as spam.
DKIM (DomainKeys Identified Mail):
- Think of it like a digital signature for your emails. DKIM adds a cryptographic signature to the header of your emails. This signature is generated using a private key that is only known to you. The public key is published in a DNS record for your domain.
- When an email is received, the receiving server verifies the signature using the public key. If the signature is valid, it means that the email was signed with the private key and therefore came from your domain. If the signature is invalid, the email may be rejected or flagged as spam.
We appreciate that needing to make changes to your email setup might seem daunting, especially with rather little notice. We are pleased to be able to assist. We have a series of solutions in place to ensure your emails meet the new requirements.