Google and Yahoo are introducing new email authentication requirements, which are set to take effect beginning February 2024. These changes apply to all senders, with a more pronounced impact on deliverability for bulk senders.
ActiveCampaign is committed to supporting you through these changes, providing the tools and support needed to maintain compliance with evolving email deliverability standards.
We sat down with ActiveCampaign’s head of deliverability to dive into the intricacies of email deliverability and discuss the upcoming changes from Google and Yahoo.
Let's start with the basics. Why is email deliverability crucial, especially for businesses relying on email marketing?
JT: Email deliverability is the art and science of helping senders understand and implement industry best practices. The goal is to increase the likelihood of getting their emails delivered to their customers' inbox, resulting in their messages being more likely to be seen, engaged with, and positively impacting their business.
What can you tell us about the upcoming email authentication requirements?
JT:Google and Yahoo are introducing new email authentication requirements. They are set to take effect in February 2024. These changes will affect everyone sending email communications, whether Campaigns, Automations, Transactional, or Marketing. It's a proactive move to protect the mailbox providers' customers by enhancing email security and reducing the likelihood of phishing and spam.
Changes include
- Enable email authentication: One key aspect of Google’s requirements is the necessity for senders to set up DKIM email authentication. In addition to DKIM, a basic DMARC record will now also be required. These changes do not impact customers who already have DKIM and DMARC set up.
- Transition from @gmail to your own domain: It’s vital to discontinue using @gmail.com addresses in the sender’s email to align with upcoming email authentication and spam prevention changes. Transitioning to a domain you own is strongly advised for seamlessly setting up authentication and complying with evolving standards.
- Keep spam complaints lower than 0.1%: To prevent recipients from being spammed with unwanted or irrelevant messages, Google is enforcing a spam rate threshold requirement. Starting in February, keeping spam complaints below 0.1% will be a mandatory requirement for senders.
To ensure your emails continue to reach your audience seamlessly, we recommend taking the following actions within the platform today:
- Set up DKIM and DMARC for all sending domains
- Purchase your "from address" domain, as sending through @gmail.com addresses will no longer be supported.
How do these changes align with best practices for email deliverability?
JT: The changes align with best practices by emphasizing the importance of authentication and proving who you are as a sender. Authenticating your emails through methods like DKIM and DMARC is critical. It helps establish and maintain your sender reputation, which, in turn, influences inbox placement. Adhering to these practices safeguards your emails from potential filtering, blocking, and otherwise negative placement due to the lack of proper authentication.
Who’s affected by this change?
These new requirements impact all senders, regardless of size, with a more noticeable impact on deliverability for bulk senders. Note that this does not impact 1:1 email sending via ActiveCampaign’s direct or automated 1:1 sales emails.
What happens if you don’t meet the new requirements?
JT: Google and Yahoo will begin blocking messages that don't meet their requirements, likely in the form of a specific bounce response for those messages that could lead to more permanent blocks on specific IPs or domains.
This can damage your reputation and have long-term consequences on your deliverability, impacting customer engagement and email marketing-generated revenue.
Is sending volume a criterion for these requirements?
While Google has mentioned 5K daily sending as a criterion for defining a "bulk sender," Gmail/Yahoo have clarified that the 5k limit on volume is not a "safe zone."
Yahoo explicitly stated that there is no minimum volume threshold applicable to these requirements. Gmail is clear that even senders below the 5k limit can expect to be impacted. Therefore, we strongly encourage all customers to set up authentication, regardless of size.
What is DKIM?
JT: DKIM (DomainKeys Identified Mail) is an email authentication method that employs public-key cryptography to digitally sign emails, ensuring the message body and attachments remain unaltered during transmission. The aim is to safeguard your email security and maintain the integrity of your domain.
Malicious actors, such as spammers and hackers, may attempt to intercept your emails and send deceptive messages under your domain's guise, ultimately harming your domain's reputation. When recipients receive a high volume of fraudulent messages impersonating your domain, their patience wanes, and such emails often end up in their spam folders. As a result, your domain's sender reputation may suffer, potentially placing you on a list of undesirable senders, a predicament you want to avoid.
DKIM is like a special seal or signature for emails.
When someone sends an email, DKIM adds this unique signature, proving that the email is from a real and trustworthy sender. It's a bit like when you receive a letter with an official seal. You know it's a genuine letter, not a fake one.
This helps make sure that emails you get are safe and really from the people or companies they claim to be from, keeping you protected from potentially harmful or fake messages.
Why should you set up DKIM?
JT: By implementing DKIM (DomainKeys Identified Mail), you establish and maintain a solid, long-term reputation with internet service providers (ISPs) and mailbox providers (MBPs). This, in turn, assures your emails appear trustworthy to recipients.
Emails bearing a DKIM signature serve as a clear indicator of your legitimacy and reliability as a sender. As a result, your messages are more likely to land in a recipient's inbox rather than being relegated to their junk or spam folders. Over time, DKIM's consistent use can have a notably positive impact on your domain's overall reputation, significantly enhancing your email deliverability.
What is a DKIM record?
JT: A DKIM record is like a digital lock that ensures the security and authenticity of emails. It's a special code stored in a DNS TXT record that includes an encrypted public key. This code looks something like this:
v=DKIM1;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBzXkunA132Pf3SwHF7UKTODjFW8JKXUFWCHcNLvRHPCFDzJDPuAuoZq0XAIoOStu+Qq+/ggm1zDYbgsaIkOmkBWV9m/NPQ3BbXNEnCqjsyVxWlrQs0R01W4ihsHM8BkbE7dGRot1DdDM1HBMxrMDEOPuEZaNjtpgcJVRqswz7YwIDAQAB
In simple terms, it's like a secret code that helps mail servers check if an email is real or fake. You add it to your email, and when someone receives it, their mail server uses this code to make sure your email is genuine. It's like sealing an envelope with a special sticker to prove it hasn't been tampered with.
How does DKIM work, and what is it used for?
JT: DKIM works a bit like having a secret handshake for emails. It uses two keys, one private and one public. Here's how it works:
- When you send an email, a special signature (like a secret handshake) is added using a private key.
- The recipient's email server then uses a public key, which is like the other half of the secret handshake, to check the signature.
- If the handshake is correct, it means the email is genuine and nothing changed along the way.
In simple terms, DKIM helps ensure that emails are from who they claim to be from and that they haven't been messed with during their journey. It keeps your emails safe and trustworthy.
What is DMARC?
JT: DMARC, short for "Domain-based Message Authentication, Reporting & Conformance," is like a guardian for your emails. It's an email security standard that helps those who own a domain (like a website) monitor who's sending emails on their behalf. Think of it as a watchful protector.
Here's how it works: DMARC tells email providers (like Gmail) what to do when they receive an email that claims to be from your domain. It can give one of three commands—none, quarantine, or reject.
- None: Authentication checks are logged, but no action is taken.
- Quarantine: If the email fails authentication, it should be moved into the spam folder, just like a package held at the customs office.
- Reject: If the email doesn't pass the security checks, DMARC tells the email provider to reject it, like a club bouncer turning someone away at the door.
DMARC is like the bodyguard of your emails, making sure that only the real ones get through and protecting you from fake or harmful ones. It's a way to keep your email domain safe from imposters and spammers.
Do I need DMARC?
JT: Under Google and Yahoo deliverability requirements going into effect in February 2024, all senders must have a basic DMARC record set up.
Here's the deal: DMARC acts like your email guardian, protecting your domain from impersonation and phishing attacks. When your domain is impersonated in spoofed emails, it can harm your reputation with your audience and email providers. Even worse, if these phony emails are marked as spam, they tarnish your domain's reputation, causing your legitimate emails to get stuck in the spam folder.
How does DMARC work?
JT: DMARC is a tag team of two email authentication champs: DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework).
- DKIM (DomainKeys Identified Mail) makes sure the email you sent is the same one they received. It's like a digital seal that guarantees your email wasn't tampered with in transit.
- SPF (Sender Policy Framework) checks that your email came from an authorized server. It's like a bouncer checking your ID at the door to make sure you're legit.
DMARC tells email providers this: "If either DKIM or SPF vouch for this email, let it in. If both fail or they're absent, treat it as suspicious, and follow the rules we've set in our DMARC policy." So, DMARC ensures that your emails are either welcomed with open arms or kept at arm's length based on their authenticity. It's your bodyguard against email fraudsters and a protector of your domain's reputation.
Can you share some insights into how businesses can prepare for these changes?
JT: First and foremost, businesses should focus on authenticating all domains they are, or desire to, use in their From Email Addresses for all email communications. This involves setting up DKIM and DMARC records and potentially purchasing and authenticating each "from address” domain. If a new domain is purchased, it is advised not to send any emails using the new domain for a minimum of 24 hrs; however, 30 days is preferred by many mailbox providers. If used too soon after purchase, there is a risk that the domain could be temporarily blocklisted for a short time by entities like SPAMHAUS as a warning. Also, planning and executing a proper warm-up for any newly purchased domain(s) is essential. These steps are crucial in building and maintaining a strong sender reputation and ensuring uninterrupted communication.
How does ActiveCampaign assist businesses in navigating these changes?
JT: At ActiveCampaign, we're committed to supporting our customers through these changes. Our platform provides the tools and support needed to seamlessly purchase and authenticate domains directly within the platform. We're also offering valuable insights, resources, and best practices to guide businesses through the process. We also have our fantastic Customer Experience team, which includes our Deliverability Specialist team, who are all here to help you along your journey of implementing and adapting to the ever-changing email landscape. When you have questions or need assistance, simply strike up a chat with our team, and we will be there to help.
Looking beyond authentication, are there additional strategies businesses can employ to optimize their email deliverability?
JT:Absolutely. Beyond authentication, practices like utilizing double opt-in, maintaining good list hygiene, implementing user-friendly unsubscribe options, enabling and tracking engagement metrics, implementing a custom mail server domain, and creating relevant content all contribute to improved deliverability. It's about sending the right message to the right audience at the right time.
What final advice would you give to businesses preparing for these changes?
JT:My advice would be to start early. Proactively authenticate your domains, stay informed about industry changes, and leverage the resources provided by your email service provider. Building a foundation of strong email best practices ensures compliance and sets the stage for successful and effective email communications going forward.