DMARC Email Validation: Cracking Down On Fraud

Uploaded on 2024-02-28 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Google and Yahoo are introducing changes starting from this month that will make your l inbox a safer place for legitimate senders & recipients. Everything from transactional emails to newsletters to personal messaging will be affected, making this impact even more detrimental, with the potential to hit revenue. 

Are you ready for a new era of email authentication? According to the recommendation from the identity protection experts at Valimail, here’s what you need to know:

Marketing Emails

For email marketers, the landscape is about to shift. Under the Google and Yahoo spotlight, marketing emails will face increased scrutiny through stricter authentication protocols like SPF, DKIM and DMARC. The email industry, have been advocating for these protocols for years, but now they’re becoming a necessity.

Proper authentication verifies your identity as a legitimate sender, protecting recipients from impersonation scams and safeguarding your brand reputation. Beyond authentication, permission management is also taking a central  role.

  • Purchased lists and forced subscriptions have always been no-nos, but now they’re getting more heavily regulated. 
  • One-click unsubscribe buttons will become mandatory, allowing users to opt out of your outreach with a single, effortless click.

According to Valimail, you should always give your recipients an easy way to unsubscribe from your messages. Letting people opt out of your messages can improve open rates, click-through rates, and sending efficiency. One-click unsubscribe makes it easy for people to opt out. If you send more than 5,000 messages per day, your marketing and subscribed messages must support one-click unsubscribe.

Spam reports:   To comply with the new  sender guidelines, you will keep your spam rate below 0.1% and prevent spam rates from ever reaching 0.3% or higher. Spam rate impact is graduated, and spam rates of 0.3% or higher have an even greater negative impact on email inbox delivery. 

Non-compliance will lead to trouble. Ultimately, your messages may not be delivered to your Gmail and Yahoo inbox recipients, and those subscribers likely make up most of your email list. 

Embrace Authentication

Implement and monitor your Domain-based Message Authentication, Reporting & Conformance (DMARC) to become a verified sender the inbox welcomes.

Maintain Your List:   Treat your subscribers like gold. Clean your lists regularly, remove inactive users, and prioritize opt-in methods.

Make Unsubscribing Easy:    One-click unsubscribe buttons are your friends, not foes. Offer a seamless exit, and you might even win back hearts later.

Send Wanted Mail:    Deliver content that resonates, personalise your outreach, and prioritise value over sales pitches. You’ll likely face deliverability penalties if your spam rate exceeds 0.1%.
Remember, these new rules aren’t meant to stifle marketing, they’re intended to elevate it. Senders who follow these rules will get their legitimate emails delivered and face less competition from spammers and bad actors in the inbox.

Transactional Emails

Urgent invoices, order confirmations, password resets, and critical account updates, transactional emails are the lifeblood of any online business. However, while these might seem like must-deliver messages, under the new Google and Yahoo rules, even these trusty messengers need to earn their spot in the inbox.

Here’s your guide to ensure your transactional emails bypass the spam filters:

Start with Authentication:    Implement and monitor SPF, DKIM, and DMARC to establish your identity as a legitimate sender.

Optimise Your Sending Domain:    Separate transactional emails from marketing campaigns to maintain a clean reputation.

Keep Your Lists Clean:    Ensure all recipients have explicitly opted in and remove inactive users regularly.

Monitor and Adapt:    Track your sender reputation and delivery metrics, making adjustments as needed.
However, unlike with marketing messages, Google doesn’t require you to add a one-click unsubscribe to the header of your transactional emails: “One-click unsubscribe is required only for commercial, promotional messages.

Transactional messages are excluded from this requirement. Some examples of transactional messages are password reset messages, reservation confirmations, and form submission confirmations.” Valimail advise.

Newsletters & Regular Broadcasts

Sometimes, newsletters and regular messaging are lumped together marketing content, but its helpful here to distinguish the difference. Even when you’re not actively selling something, inbox providers still regulate your sending. While you’ll want to comply with all the marketing message guidelines, you’ll want an added focus on engagement and relevance.

Newsletters and regular broadcasts face a crucial test under the new Google and Yahoo sender requirements. Their ability to land in inboxes hinges on three key elements:


1.    Wanted:    Recipients must have opted in to receive your messages, and it shouldn’t be through an automatically checked box at checkout.

2.    Relevance:    Your messaging should be segmented and personalised to be relevant to your audience.

3.    Engagement:    Your emails should be valuable, and open rates, click-through rates, and unsubscribe metrics often represent that value (or lack thereof).

To ensure your newsletters keep getting delivered, follow these Guidelines:

Focus on Value:    Prioritise content that informs, entertains, or educates your target audience. Offer insights, expert opinions, or unique perspectives that resonate with their interests.

Track Your Performance:    Monitor key metrics like open rates, click-through rates, and unsubscribes. Use this data to understand what resonates and where adjustments are needed.

Embrace Segmentation & Personalisation:    Treat your readers as individuals, not a homogenous mass. Segment your list based on interests and tailor your content accordingly.

Encourage Two-Way Interaction:    Invite feedback, spark conversations, and create opportunities for reader participation. Polls, questions, and user-generated content can boost engagement and keep your audience hooked.

Personal Emails & Individual Accounts

The Google and Yahoo changes might seem to primarily target businesses, but these guidelines are intended for every email sender. If you send emails to Google or Yahoo accounts, these new changes apply to you. There are even some updates that small business owners need to know about if they’re sending from a Gmail.com domain.

Right  now, the stricter requirements will only be enforced for bulk senders, those who’ve sent 5,000 emails in a 24-hour period before, but eventually, these rules could apply to everyone, so it’s best practice to do your due diligence and comply with the requirements sooner rather than later.

1.    Authenticate: Implement authentication with SPF, DKIM, and DMARC.

2.    DNS:    Verify that your sending IP address aligns with the one listed in your domain’s PTR record.

3.    Spam Rate:    Keep your spam complaint rate below 0.1%. This rate is calculated daily.

Reach Compliance With Valimail

While these new guidelines require a lot of changes, one of the most prominent and pressing is the need for proper authentication, and that’s often easier said than done. Valimail takes the complexity out of DMARC authentication.

Valimail offer to guide email users through each step of the way and to help automate the process, so that you can be compliant with these requirements. Taking care of compliance withthe news rules now will result in reliable, delivered communications.

Your customers can’t afford to miss these messages, and neither can you. If you aren’t compliant with these new email sender requirements, your email is at risk of being blocked. 

For more Information from Valimail  click HERE

Image: Torsten Dettlaff

You Might Also Read: 

BEC Attacks: Trends & Predictions For 2024:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

« Data Leak Exposes China’s Hackers For Hire 
Harnessing Predictive Analytics In Cybersecurity »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Intruder

Intruder

Intruder is a cloud-based vulnerability scanner that finds cyber security weaknesses in your digital infrastructure, to avoid costly data breaches.

PhishLabs

PhishLabs

PhishLabs provides 24/7 services that help organizations protect against the cyberattacks targeting their employees, their customers and their brands.

BGD E-GOV CIRT

BGD E-GOV CIRT

BGD e-GOV CIRT's mission is to support government efforts to develop ICT programs by establishing incident management capabilities within Bangladesh.

Cyxtera Technologies

Cyxtera Technologies

Cyxtera offers powerful, secure IT infrastructure capabilities paired with agile, dynamic software-defined security.

iONLINE

iONLINE

iONLINE delivers high quality IT services and solutions to businesses in Azerbaijan.

Luxembourg Office of Accreditation & Surveillance (OLAS)

Luxembourg Office of Accreditation & Surveillance (OLAS)

OLAS is the national accreditation body for Luxembourg. The directory of members provides details of organisations offering certification services for ISO 27001.

Accel

Accel

Accel is a leading venture capital firm that invests in people and their companies from the earliest days through all phases of private company growth. Areas of focus include cybersecurity.

Integrity

Integrity

Integrity is a PCI QSA and ISO 27001 certified company specialized in Information Security and IT Consulting.

Risk Strategies

Risk Strategies

Risk Strategies is a leading specialty risk management consultancy and insurance broker offering smarter, practical approaches to risk mitigation including Cyber Liability insurance.

HolistiCyber

HolistiCyber

HolistiCyber provide state-of-the art consulting, services, and solutions to help proactively and holistically defend against a new era of constantly evolving cyber threats.

Security Risk Management (SRM)

Security Risk Management (SRM)

SRM provide a comprehensive security risk management service encompassing people, processes, technology, governance, compliance and risk management.

Concorde Technology Group

Concorde Technology Group

Concorde Technology Group is one of the UK’s leading IT support and services providers, delivering cost-effective and innovative IT solutions to businesses across the country.

Proximus Ada

Proximus Ada

Proximus Ada is the first Belgian center of excellence combining artificial intelligence and cybersecurity.

Tenchi Security

Tenchi Security

Tenchi Security are specialized in Third-Party Cyber Risk Management (TPCRM) and aim to reduce information asymmetry when it comes to third and Nth-Party security and compliance risk management.

5S Technologies

5S Technologies

5S Technologies is a regional IT solutions and services provider based in Cary, NC and serving the Carolinas.

CloudBees

CloudBees

CloudBees is building the world’s first end-to-end automated software delivery system, enabling companies to balance governance and developer freedom.