Tag Archives: email security

DMARC check, monitor and report

The Email spam rules for Google and Yahoo are being updated and considerably tightened in February for most businesses; this will mean getting your IT or Webhost to do an SPF, DKIM and DMARC check and review your DNS settings or for a free check, contact us.

According to the announcement from this February, Google and Yahoo will begin enforcing new requirements for bulk email senders. The guidelines primarily focus on the authentication of outgoing emails, reported spam rates, and the ability to unsubscribe from email lists easily.

Get your business ready for the changes.

Interestingly, we have noticed that other providers and organisations have tightened their criteria over the last six months, resulting in message failures even for organisations that don’t meet the bulk sender criteria.  Even if you don’t send bulk emails, getting SPF and DMARC checks is essential to ensure your message gets to your intended recipients.

It will also be worth being on top of your Spam quarantine as more mail will potentially be marked as spam.

Google defined bulk senders in an early-October announcement as “those who send more than 5,000 messages to Gmail addresses in one day,” which caught the attention of email marketers in both B2B and B2C circles.

For further reading, Google Sender Guidelines

what to do with dmarc check

DKIM, DMARC checks and correct implementation of SPF are the email authentication requirements for bulk senders.

The two companies will require bulk email senders to use what Google calls “well-established best practices” to authenticate the sender.

Under the present recommendations, three mechanisms work together to create a cohesive approach to email authentication:

  • Sender Policy Framework (SPF) is designed to prevent domain spoofing by allowing the sender to identify the email servers permitted to send emails from or on behalf of their domain.
  • DomainKeys Identified Mail (DKIM) is potentially the most problematic as not all hosting providers support DKIM. DKIM requires a domain record to be put in place, effectively adding a digital signature to outgoing email, which verifies the message was sent by an authorised sender and wasn’t tampered with along the way.
  • Domain-based Message Authentication, Reporting and Conformance (DMARC): this DNS record allows domain owners to specify which actions to take when an email fails authentication. Such as quarantine, reject or even none; it also enables reporting on email authentication results and defines where the results will be sent.
  • DMARC’s reporting element for many businesses further complicates dealing with the resulting reports.

Google and Yahoo will require bulk senders to set up all three mechanisms by 1st February 2024. Still, as I mentioned earlier, we have already noticed a trend for messages to be treated as spam if the mechanisms aren’t present. Most suppliers will almost certainly follow Google and Yahoo, so it is probably as well to get on with it.

At Tamite Secure IT, we have been implementing the changes for all our business customers and offer monitoring of Domain records as a standard part of our service.