DMARC Email Validation: Cracking Down On Fraud

Uploaded on 2024-02-28 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Google and Yahoo are introducing changes starting from this month that will make your l inbox a safer place for legitimate senders & recipients. Everything from transactional emails to newsletters to personal messaging will be affected, making this impact even more detrimental, with the potential to hit revenue. 

Are you ready for a new era of email authentication? According to the recommendation from the identity protection experts at Valimail, here’s what you need to know:

Marketing Emails

For email marketers, the landscape is about to shift. Under the Google and Yahoo spotlight, marketing emails will face increased scrutiny through stricter authentication protocols like SPF, DKIM and DMARC. The email industry, have been advocating for these protocols for years, but now they’re becoming a necessity.

Proper authentication verifies your identity as a legitimate sender, protecting recipients from impersonation scams and safeguarding your brand reputation. Beyond authentication, permission management is also taking a central  role.

  • Purchased lists and forced subscriptions have always been no-nos, but now they’re getting more heavily regulated. 
  • One-click unsubscribe buttons will become mandatory, allowing users to opt out of your outreach with a single, effortless click.

According to Valimail, you should always give your recipients an easy way to unsubscribe from your messages. Letting people opt out of your messages can improve open rates, click-through rates, and sending efficiency. One-click unsubscribe makes it easy for people to opt out. If you send more than 5,000 messages per day, your marketing and subscribed messages must support one-click unsubscribe.

Spam reports:   To comply with the new  sender guidelines, you will keep your spam rate below 0.1% and prevent spam rates from ever reaching 0.3% or higher. Spam rate impact is graduated, and spam rates of 0.3% or higher have an even greater negative impact on email inbox delivery. 

Non-compliance will lead to trouble. Ultimately, your messages may not be delivered to your Gmail and Yahoo inbox recipients, and those subscribers likely make up most of your email list. 

Embrace Authentication

Implement and monitor your Domain-based Message Authentication, Reporting & Conformance (DMARC) to become a verified sender the inbox welcomes.

Maintain Your List:   Treat your subscribers like gold. Clean your lists regularly, remove inactive users, and prioritize opt-in methods.

Make Unsubscribing Easy:    One-click unsubscribe buttons are your friends, not foes. Offer a seamless exit, and you might even win back hearts later.

Send Wanted Mail:    Deliver content that resonates, personalise your outreach, and prioritise value over sales pitches. You’ll likely face deliverability penalties if your spam rate exceeds 0.1%.
Remember, these new rules aren’t meant to stifle marketing, they’re intended to elevate it. Senders who follow these rules will get their legitimate emails delivered and face less competition from spammers and bad actors in the inbox.

Transactional Emails

Urgent invoices, order confirmations, password resets, and critical account updates, transactional emails are the lifeblood of any online business. However, while these might seem like must-deliver messages, under the new Google and Yahoo rules, even these trusty messengers need to earn their spot in the inbox.

Here’s your guide to ensure your transactional emails bypass the spam filters:

Start with Authentication:    Implement and monitor SPF, DKIM, and DMARC to establish your identity as a legitimate sender.

Optimise Your Sending Domain:    Separate transactional emails from marketing campaigns to maintain a clean reputation.

Keep Your Lists Clean:    Ensure all recipients have explicitly opted in and remove inactive users regularly.

Monitor and Adapt:    Track your sender reputation and delivery metrics, making adjustments as needed.
However, unlike with marketing messages, Google doesn’t require you to add a one-click unsubscribe to the header of your transactional emails: “One-click unsubscribe is required only for commercial, promotional messages.

Transactional messages are excluded from this requirement. Some examples of transactional messages are password reset messages, reservation confirmations, and form submission confirmations.” Valimail advise.

Newsletters & Regular Broadcasts

Sometimes, newsletters and regular messaging are lumped together marketing content, but its helpful here to distinguish the difference. Even when you’re not actively selling something, inbox providers still regulate your sending. While you’ll want to comply with all the marketing message guidelines, you’ll want an added focus on engagement and relevance.

Newsletters and regular broadcasts face a crucial test under the new Google and Yahoo sender requirements. Their ability to land in inboxes hinges on three key elements:


1.    Wanted:    Recipients must have opted in to receive your messages, and it shouldn’t be through an automatically checked box at checkout.

2.    Relevance:    Your messaging should be segmented and personalised to be relevant to your audience.

3.    Engagement:    Your emails should be valuable, and open rates, click-through rates, and unsubscribe metrics often represent that value (or lack thereof).

To ensure your newsletters keep getting delivered, follow these Guidelines:

Focus on Value:    Prioritise content that informs, entertains, or educates your target audience. Offer insights, expert opinions, or unique perspectives that resonate with their interests.

Track Your Performance:    Monitor key metrics like open rates, click-through rates, and unsubscribes. Use this data to understand what resonates and where adjustments are needed.

Embrace Segmentation & Personalisation:    Treat your readers as individuals, not a homogenous mass. Segment your list based on interests and tailor your content accordingly.

Encourage Two-Way Interaction:    Invite feedback, spark conversations, and create opportunities for reader participation. Polls, questions, and user-generated content can boost engagement and keep your audience hooked.

Personal Emails & Individual Accounts

The Google and Yahoo changes might seem to primarily target businesses, but these guidelines are intended for every email sender. If you send emails to Google or Yahoo accounts, these new changes apply to you. There are even some updates that small business owners need to know about if they’re sending from a Gmail.com domain.

Right  now, the stricter requirements will only be enforced for bulk senders, those who’ve sent 5,000 emails in a 24-hour period before, but eventually, these rules could apply to everyone, so it’s best practice to do your due diligence and comply with the requirements sooner rather than later.

1.    Authenticate: Implement authentication with SPF, DKIM, and DMARC.

2.    DNS:    Verify that your sending IP address aligns with the one listed in your domain’s PTR record.

3.    Spam Rate:    Keep your spam complaint rate below 0.1%. This rate is calculated daily.

Reach Compliance With Valimail

While these new guidelines require a lot of changes, one of the most prominent and pressing is the need for proper authentication, and that’s often easier said than done. Valimail takes the complexity out of DMARC authentication.

Valimail offer to guide email users through each step of the way and to help automate the process, so that you can be compliant with these requirements. Taking care of compliance withthe news rules now will result in reliable, delivered communications.

Your customers can’t afford to miss these messages, and neither can you. If you aren’t compliant with these new email sender requirements, your email is at risk of being blocked. 

For more Information from Valimail  click HERE

Image: Torsten Dettlaff

You Might Also Read: 

BEC Attacks: Trends & Predictions For 2024:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

« Data Leak Exposes China’s Hackers For Hire 
Harnessing Predictive Analytics In Cybersecurity »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Adeptis Group

Adeptis Group

Adeptis are experts in cyber security recruitment, providing bespoke staffing solutions to safeguard your organisation against ever-changing cyber threats.

TSUNAMI

TSUNAMI

The TSUNAMi center focuses on software and system security and how trustworthy software can be built from COTS software components.

Trust in Digital Life (TDL)

Trust in Digital Life (TDL)

TDL is a membership association comprising companies, SMEs, universities and research institutes who exchange experience and insights to make digital services in Europe trustworthy and safe.

Wireless Logic

Wireless Logic

Wireless Logic delivers a range of secure and resilient value-added M2M/IoT managed services that empower remote devices to communicate cost-effectively, two ways.

e-Crime Bureau

e-Crime Bureau

e-Crime Bureau is a specialized company offering cyber/computer forensics, cyber security consulting services, forensic audit and investigations services and training to clients across Africa.

AVORD

AVORD

AVORD is a cloud-based security testing platform that allows clients to manage security testing requirements in a far more productive and efficient way.

Portuguese Institute for Accreditation (IPAC)

Portuguese Institute for Accreditation (IPAC)

IPAC is the national accreditation body for Portugal. The directory of members provides details of organisations offering certification services for ISO 27001.

Vigilant Software

Vigilant Software

Vigilant Software develops industry-leading tools for intelligent, simplified compliance, including ISO27001-risk management and EU GDPR.

Augusta HiTech

Augusta HiTech

Augusta Hitech is a focused product development, software services and technology consulting company. Our Vision is to become the most socially impactful and innovative technology company in the world

Amadeus Capital Partners

Amadeus Capital Partners

Amadeus Capital Partners offers over 20 years’ experience in technology investment. Our areas of focus include AI & machine learning and cyber security.

Training.com.au

Training.com.au

Training.com.au is a comparison website through which those looking to learn about different aspects of cyber security can compare learning courses from training providers from across Australia.

Assured Clarity

Assured Clarity

Assured Clarity are a global consultancy, specialising in Risk Management and Data Privacy, through Education, Awareness and Training, throughout an organisation.

Endor Labs

Endor Labs

Endor Labs gives developers and security teams the context they need to prioritize open source risk.

CNF Technologies

CNF Technologies

CNF Technologies is an award-winning cyber company providing technology-focused research and development to commercial, federal, and Department of Defense clients.

AccessIT Group

AccessIT Group

AccessIT Group is a specialized cybersecurity solutions provider offering a full range of advanced security services.

InQuest

InQuest

InQuest specialize in providing comprehensive network-based security solutions that empower organizations to protect their most critical assets: their people.