In an ongoing effort to secure inboxes, both Gmail and Yahoo have recently said that they will be enforcing new protection standards for bulk email senders. Authentication is the biggest email deliverability rule Google and Yahoo seem to emphasize, and for good reason. Email authentication helps ensure that an email sent from your domain is legitimate and not a spoofing attack.
Both Gmail and Yahoo have outlined specific email authentication requirements that all email senders must have in place otherwise emails will potentially get junked. Gmail have only outlined 2 whereas Yahoo are requiring a 3rd.
What are the actual requirements?
Here are the authentication protocols you need to implement by February 2024:
- Sender Policy Framework (SPF) allows you to specify the IP addresses or domains that can send emails on your behalf.
- DomainKeys Identified Email (DKIM) is a standard that lets you add a digital signature to the emails you send. Thus, email providers like Yahoo and Gmail can verify that an email came from you and not an impersonator.
- Domain-Based Messaging Authentication, Reporting and Conformance (DMARC) is a security protocol that aligns your SPF and DKIM policies and defines how mailbox providers should handle an email that fails an authentication check.
SPF and DKIM
The good news is that all Funraisin sites already support SPF and DKIM records for sending emails, those are the DNS records we ask you to set before going live with your site. DMARC however is an additional DNS record that you will want to add in order to cater for Yahoo email addresses and adding a DMARC is very easy to do.
DMARC
DMARC is a policy framework intended to prevent phishers, spammers, and other illegitimate actors from forging a sending domain and posing as someone else. This kind of impersonation is known as spoofing.
So long as a receiving email server supports it, DMARC gives the owner of a sending domain some control over what happens when that server receives a spoofed email — either do nothing (none), block it (reject), or send it to spam/junk (quarantine).
An email passes DMARC if:
- It passes DKIM or SPF.
- The domain used in the FROM address matches the domain used in the DKIM or SPF records.
Adding a DMARC record is quite straight forward to do and like SPF and DKIM it is simply an entry that is added via your DNS provider. A good article on how to add a DMARC record can be found at https://wpmailsmtp.com/how-to-create-dmarc-record/ but essentially all you need to do is follow the steps below.
1. Login to wherever you manage your domain name's DNS (e.g. godaddy) and add a new TXT record for your sending domain. To find out your sending domain simplly login to Funraisin and navigate to Platform Setup > General Setup > Email and SMS Settings and take note of the field labelled "Email from address".
Your From address will most likely be from the same domain as your platform uses but not always and it will generally use the format of someone@mg.yourdomain.com so it's the yourdomain.com that you want to login and add a DNS entry to.
2. Add a new TXT record with a name of _dmarc.mg.yourdomain.com
or whatever the domain is after the @ in your FROM email address.
For the Value field you will want to choose an option for your DMARC policy but at a minimum you can just paste in v=DMARC1; p=none;
3. Publish the change and you are done.