Beginning February 1st 2024, Google and Yahoo are requiring higher standards for companies sending emails. This is part of their effort to reduce spam and mitigate email phishing attempts and spoofing (someone pretending to be someone else.) Click here to read more about why Google and Yahoo are making these changes to their email policies.
In order to ensure your website maintains a strong reputation and your customers with gmail and Yahoo mail email addresses are able to continue receiving your emails, you’ll want to adopt these changes before January 31, 2024. Failure to update these settings could result in undelivered emails to your customers. Please see the instructions below for details.
What you will need to do:
In your Domain Registrar / DNS provider you’ll want to add a DMARC record, and check that you have set up SPF and DKIM email authentication for your domain.
See here for a full list of Google’s email sender guidelines.
Descriptions:
SPF: Allows you to designate trusted third parties ( ie Gmail, Amazon SES, Campaign Monitor, etc) as being authorized to send emails on behalf of your organization.
DKIM: Receiving servers use DKIM to verify that the domain owner actually authorized the email and that the sender is not simply impersonating your organization as is often the case with spam or phishing attacks. In most cases, this has already been set up for you for emails sent via the Offset platform.
DMARC: Provides a framework for your organization to indicate how you would like receiving email servers to handle emails that fail authorization via SPF and DKIM. For instance you can indicate that you would like the emails to be rejected, quarantined in something like a spam folder, or you could indicate that you would like emails to be delivered as normal even if authenticity cannot be determined. Additionally DMARC can facilitate reporting back to your organization about emails received from domains your organization controls.
Records to add to your domain registrar:
If you'd to update / add these three records directly yourself, here are some instructions.
SPF
According to the new guidelines, any entities that send email for your domain (Campaign Monitor, Gmail, Outlook, Amazon) need to be included in the SPF record.
Please note that Offset's transactional emails come from Amazon Web Services, so you'll want to ensure that include:amazonses.com
is part of your SPF record.
Since we don't know all the external services your business is leveraging for your domain, we can't provide blanket instructions. You may want to seek outside support to determine all the items that should be included in the SPF record.
If you are using Campaign Monitor and have an SPF record already:
Add
include:_spf.createsend.com include:amazonses.com
immediately after the "v=spf1" and before the "~all" in the existing record. Make sure you include a space.Save the record and recheck (you may need to wait until the time indicated by the TTL passes).
If you are using Campaign Monitor and do not have an SPF record yet (note: only 1 SPF can exist):
Create a new DNS record, and set the type to TXT.
Type
@
into the name field, or leave it blank, depending on the requirements of your DNS provider.Copy this code exactly into the value field:
v=spf1 include:_spf.createsend.com include:amazonses.com ~all
Set a TTL value of at least 300 seconds (some hosts may require a higher value like 30 minutes).
Save the new SPF record.
You can wait a few minutes and check your new record in a validator like EmailStuff.
If you're not on Campaign Monitor
Same as the above two option, but you won't need the include:_spf.createsend.com, just the include:amazonses.com so that Offset's transactional emails can be validated.
DKIM
This should already be in place for all clients on our platform
DMARC
Choosing a DMARC policy
While setting up DKIM and SPF records is pretty straightforward, you can choose what kind of DMARC policy you'd like to implement.
Starting with a policy of "None"
Google recommends starting with a policy of "None" which means that you would like emails from your domain to be delivered as normal even if authenticity cannot be determined.
"We recommend using this option when you first set up DMARC, with an email address configured to get daily DMARC reports. This lets you start getting reports without risking messages from your domain being rejected or marked as spam by receiving servers. We recommend using this record for at least one week. One week is usually long enough for the daily reports to contain data that is representative of all your mail streams."
Note that while Google recommends an iterative approach to implementing a DMARC policy to protect your domain while cleaning up any legitimate un-authenticated emails, you can simply set your policy to "None" and basically opt out of doing anything further.
In your DNS provider:
Select TXT as the type
Enter _dmarc
for the name
Copy and paste this code exactly as is:
v=DMARC1; p=none;
Select the TTL value (300 seconds - 30 minutes)
Decide if you'd like to receive and monitor reporting
DMARC also provides an option for you to receive reports from receiving email servers.
The following details are available in reports:
What servers or third-party senders are sending mail for your domain
What percent of messages from your domain pass DMARC
Which servers or services are sending messages that fail DMARC
These reports can help you identify any problem trends such as:
If recipients get valid messages from you, but they’re in the spam folder.
If you’re getting bounce or error messages from recipients.
We recognize this may be complicated, if you have an IT or email marketing specialist who is supporting your business, please connect with them to get this sorted.
If you don’t currently have a team member or consultant who can help you navigate these changes, our team can provide one-time assistance for a $250 fee to help you with these three items as it relates to Offset services. Please reply to this article or email us at [email protected] if you’d like support with this.