I recently read a statistic saying that 85% of emails sent in 2023 were spam. That seems like a lot, but I know I get a lot of spam in my email.
Google and Yahoo know that, too. You may have received messages from your Email Service Provider (ESP) - like Mailchimp, MailerLite, GetResponse, or whatever you use to send your newsletters and marketing emails, letting you know there are new authentication requirements and telling you to take action.
TLDR: If you want people with Gmail or Yahoo email addresses (and probably Microsoft and others) to receive your emails, you must send from a domain you own and have properly authenticated.
So what is this email authentication fuss all about?
Google and Yahoo (and Microsoft will probably officially follow suit, although I think they have quietly done some of this already) are adopting some stricter measures on what emails will be allowed in the inbox. Any emails that don't meet the requirements will likely go to spam, or possibly be rejected completely.
Emails will have to be fully authenticated, meaning you must have SPF, DKIM, and DMARC records set up in your domain. That's a lot of alphabet soup, but basically these are DNS records that need to be set up.
What do you mean by SPF, DKIM, and DMARC?
- SPF (Sender Policy Framework) is the servers that are allowed to send email using your domain name - such as your website, ESP, maybe your invoicing system.
- DKIM (Domain Keys Identified Mail) is like a signature for your emails, saying they really came from you and haven't been tampered with.
- DMARC (Domain-based Message Authentication Reporting & Conformance) is like a policy that tells an email provider (e.g. Gmail) that if an email arrives saying it's from you, but doesn't match the SPF and DKIM information, here's what to do with that email.
AND, an important thing to know - if you are using a Gmail or another "free" email address to send emails through your ESP, you won't be able to do that any longer. You can't authenticate gmail.com or yahoo.com or yourISP.com, since you don't own those domains. You'll need to set up your ESP to use an email from a domain YOU OWN and authenticate that domain.
There are a number of other rules that will be put in place as well. Some items you can't do anything about, such as implementing one-click unsubscribe in email headers (this is different than the unsubscribe link IN the email) and ensuring emails are formatted in Internet Message Format Standard; we all have to depend on our ESPs to do that (and I'm sure it'll start to be noticed which ones don't).
But using your own domain, having it properly authenticated, and keeping the spam rate below 0.3% - that's all on us.
Some of the stricter requirements are only for those who send 5,000+ messages to Gmail addresses, but the authentication requirements have been best practices for years. Using your own domain and having at least SPF or DKIM set up is going to be required for anyone who sends to Gmail addresses (yeah, just about everyone!)
When will this happen?
Enforcing these email best practices will be good for us all, but I know it can be a little painful to get there. If you don't want to figure this out yourself, I'm offering a service to do the techie part for you. I'll work with you to figure out your authorized senders, and then I'll take care of setting up all the records - I'll even monitor DMARC reports for you for the first 30 days.
This is important for anyone who uses email to communicate with customers, but it's crucial for those who use email marketing. If you have colleagues who need this information or would be interested in this service, please feel free to forward this email.
With Google starting implementation as early as 1 Feb, I can't wait until Valentine's Day to sweeten the deal, so I'm offering a coupon code for $50 off the setup service. When booking the Email Authentication Setup service, put mp42emailauth when asked if you have a promotional code, and you'll get $50 off until 31 Jan 2024.