In case you've not yet heard, starting Feburary 2024, Gmail and Yahoo are turning several recommended email authentication practices into must-have requirements.

If you send a lot of email to customers, there are few things you'll need to make sure you've set up correcty or your emails might soon stop making it to your customers.

In this post, we'll give a quick overview of what's changing and why, and then we'll go into more detail on how to make sure your emails don't get blocked.

Why is this happening?

Gmail and Yahoo are working hard to keep spam and junk mail away from their users—just like a good old neighborhood watch! But if senders don't lock their systems properly, it's like leaving the front door open for trouble.

Email senders that do not have proper authentication protocols in place make it easy for bad actors to impersonate them and send SPAM, phishing attempts, and other malicious email — all that would get attributed to your domain and hurt your sending reputation.

How do I know if this applies to me?

If you have ever sent an email from your custom domain to 5000 or more Gmail addresses within a 24-hr period, this applies to you. 

If you're sending much less email than that, you're probably safe from negative repercussions for now... 

but making the following changes could still positively improve your deliverability so they're worth taking action on.

What are the new requirements?

Most ESPs (Email Service Providers) take care of the main ones, which leaves these 3 requirements as the ones you'll want to check:

1. Senders must have authentication set correctly for the email domain they're sending from
2. Senders must include a one-click unsubscribe link in every email
3. Senders' spam rate must be under 0.3%

Again, these have long been considered best practices, but now they will be firm requirements to continue delivering email to Gmail and Yahoo addresses.

Here are the full guidelines from Google for Gmail:

https://support.google.com/mail/answer/81126

So, what exactly do I need to do?

The main action will be to confirm that you have the correct SPF, DKIM, and DMARC reccords set up in the DNS records for any domain you send bulk email from.

Imagine DMARC as your trusted name tag in the world of emails. Its job is to tell everyone that the emails coming from your domain are the real deal. Plus, it instructs those receiving your emails what to do when they spot a phony (illegitimate email). This helps to keep everyone safe from the pesky digital pranks like phishing, spamming, and identity theft (spoofing).

DMARC pairs with DKIM (DomainKeys Identified Mail) to help confirm that the emails you send are genuinely from you and not from some impersonator.

So, when you get DMARC and DKIM working together just right, you can happily send an email through your favorite email service provider . And the good news? Gmail and Yahoo will recognize that you have given your email provider the thumbs up to send emails on behalf of your domain.

How you set these up will depend on your email service provider and where your domain is hosted.

Using MailChimp? Here's their setup guide:

https://mailchimp.com/help/set-up-email-domain-authentication/

Here are a couple generic guides for reference:

https://www.cloudflare.com/learning/email-security/dmarc-dkim-spf/

https://dmarcly.com/blog/how-to-implement-dmarc-dkim-spf-to-stop-email-spoofing-phishing-the-definitive-guide

Note that setting up these records can be highly technical and setting them incorrectly can result in mail being lost, so it is recommended you check with your email service provider for their unique steps and settings.

Does this affect emails like order confirmations from my Eat•Fresh site?

Probably not, as we send on unique subdomains for each site and any individual site is not doing 5000+ orders in a 24-hr period. 

However, we will still take care of ensuring all the DNS records are set correctly for each email domain that we send from.

Note that if we are currently sending order emails for your site from a domain that we do not control, these will soon be changed to send from your custom Eat•Fresh subdomain instead. 

This will ensure that all emails we send on your behalf are fully compliant.

If you would like to keep sending order emails from your custom domain that is not already hosted with us, this can be transferred and updated on your request. Domain renewal costs are covered 100% on Standard & Growth plans (1 free domain per plan).

Questions?

I hope you found this review of changes helpful. If you have questions that were not addressed here, please reach out anytime.