5 New Rules for Email Marketers

Effective February 1, 2024, Google is implementing new controls aimed at blocking spam and harmful emails. Email marketers need to understand rules regarding SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail), which are crucial for email authentication.

Implementation of SPF and DKIM

Ensure that your email sending infrastructure is set up with SPF and DKIM. These authentication mechanisms help verify that emails sent from your domain are legitimate.

SPF (Sender Policy Framework)

SPF allows a domain to specify which mail servers are authorized to send emails on its behalf. To check if an email has passed SPF, you can inspect the email headers. Look for a field named "Received-SPF" or "Authentication-Results," which may indicate whether SPF passed or failed.

DKIM (DomainKeys Identified Mail)

DKIM involves the use of cryptographic signatures to verify the authenticity of an email. To check if an email has passed DKIM, examine the email headers for a field named "DKIM-Signature" or "Authentication-Results." This field should provide information about whether DKIM verification succeeded or failed.

DMARC Adoption

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an additional layer of email authentication that builds upon SPF and DKIM. Implementing DMARC helps you specify how your emails should be handled if SPF or DKIM authentication fails.

DMARC builds upon SPF and DKIM to provide additional guidance on what to do when authentication checks fail. To check if an email has passed DMARC, you can again look at the email headers. The "Authentication-Results" field might include information about both SPF and DKIM, indicating whether they passed or failed. Additionally, the DMARC policy can be specified in the headers or retrieved from the sender's DNS records.

Most email clients provide an option labeled "Show details" or "Show original" that displays the full version of an email, including its header. The header — typically a long block of text above the body of the email — is where mail servers append the results of SPF, DKIM, and DMARC.

Reading through the dense header can be tricky. Users viewing it on a browser can click "Ctrl+F" or "Command+F" and type "spf," "dkim," or "dmarc" to find these results.

The relevant text might look like:

arc=pass (i=1 spf=pass spfdomain=example.com dkim=pass dkdomain=example.com dmarc=pass fromdomain=example.com);

The appearance of the word "pass" in the text above indicates that the email has passed an authentication check. "spf=pass," for example, means the email did not fail SPF; it came from an authorized server with an IP address that is listed in the domain's SPF record.

In this example, the email passed all three of SPF, DKIM, and DMARC, and the mail server was able to confirm it really came from example.com and not an impostor.

It is important to note that domain owners need to configure their SPF, DKIM, and DMARC records properly themselves — both in order to prevent spam from their domain, and to make sure that legitimate emails from their domain are not marked as spam. Web hosting services do not necessarily do this automatically. Even domains that do not send emails should at least have DMARC records so that spammers cannot pretend to send emails from that domain.

Email authentication is essential for ensuring that your emails are recognized as legitimate and not treated as spam.

Considerations for email marketers related to SPF and DKIM:

1.       Maintain and Update Records:

Regularly review and update your SPF and DKIM records in your DNS settings to reflect any changes in your email sending infrastructure. Ensure that the records accurately represent the authorized servers and domains for sending emails on behalf of your organization.

2.       Monitor Email Deliverability:

Keep a close eye on your email deliverability metrics. Monitoring bounce rates, spam complaints, and email engagement can provide insights into the effectiveness of your email authentication practices.

3.       Education and Training:

Educate your team on the importance of SPF and DKIM. Ensure that those responsible for managing email campaigns understand the authentication process and its impact on email deliverability.

4.       Stay Informed about Industry Changes:

Keep abreast of any updates or changes in email authentication standards or regulations set forth by email service providers like Google and Yahoo. These providers may introduce new guidelines to enhance email security and combat phishing.

5.       Testing and Validation:

Conduct regular testing to ensure that your SPF and DKIM records are configured correctly. This can involve using email authentication validation tools to check whether your emails pass these authentication checks.

It's important to note that the specifics of email regulations can evolve, and email marketers should stay informed about any updates or changes from the email service providers they rely on. Always refer to the latest documentation and guidelines provided by Google Workspace and Yahoo for the most accurate and up-to-date information.