Written by: Scott Bernstein | Senior Consultant, CIO Landing
You probably have a Gmail or Yahoo email account. They are everywhere. But like Gmail, spam and phishing emails are everywhere too. You and your business are constantly at risk and under attack from such emails. According to dmarcinc.org, “90%+ of all cyber-attacks involve fake email.” Google and Yahoo have said “Enough is Enough” and are forcing better protection when sending bulk emails to those using their email service, whether you like it or not. This is to protect the recipient from the sender.
From dmarc.org: “The key thing for end users to understand is that DMARC is a mechanism that enables senders and receivers to coordinate their efforts in identifying fraudulent messages and preventing them from reaching inboxes. But it only protects mailboxes where the receiver has implemented DMARC, and only for those messages where the sender has also implemented DMARC. The only way to infer that a message has passed DMARC is to check that both the sender and receiver have implemented DMARC.”
This blog is not meant to be a technical guide for you to follow to make needed changes. That is for us to handle for you. These blogs are meant to explain to you what is coming, why it is coming, and what will happen to your emails if you decide to not implement the changes.
Beginning February 1, 2024, high-volume email senders must have DMARC in place for emails going to Gmail and Yahoo email addresses. If you do not have this in place, you will find many of your emails are bounced, rejected, and/or flagged as spam or fraud. This will apply even to email addresses you have been sending to for days or years.
If you send at least 5,000 messages per day to either Gmail or Yahoo email addresses, your email domain must have a DMARC policy in your DNS (I know this is geek talk, to be explained). These messages must pass a DMARC Alignment with your SPF and DKIM settings (yeah, more geek talk). This includes messages sent by 3rd party email providers like Constant Contacts or HubSpot as well as email providers like Microsoft M365.
On top of that, you also must:
Don’t think you are exempt from this if you don’t send 5,000 emails per day or have very few Gmail and Yahoo recipients. Many good email filtering services are already looking for DMARC, SPF, and DKIM settings. That is why you get reports on emails held as spam or fraud. We have witnessed this firsthand from clients and incurred client wrath when email filtering holds back emails from people who have sent them emails before.
If an email fails the authentication process, it will be blocked, considered spam or fraud and not make it into your mailbox. This failure happens on the receiver’s side, but it is based on the email security settings of the sender. That is what makes this so frustrating – the issue is on the sender’s side, so it is out of the control of the receiver, the one not getting the email. This will invariably lead to finger-pointing when emails are not received. You can see how this can start to spiral out of control and affect your business. Your email satisfaction and brand reputation could be greatly impacted if you fail to meet the new requirements.
Our next blog will describe what items in your email setup need to be updated and why they matter. They are meant to protect you but sometimes they can over filter your email. How tight you want your filtering to be is a conversation you need to have with your IT person.