DMARC Email Validation: Cracking Down On Fraud

Uploaded on 2024-02-28 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Google and Yahoo are introducing changes starting from this month that will make your l inbox a safer place for legitimate senders & recipients. Everything from transactional emails to newsletters to personal messaging will be affected, making this impact even more detrimental, with the potential to hit revenue. 

Are you ready for a new era of email authentication? According to the recommendation from the identity protection experts at Valimail, here’s what you need to know:

Marketing Emails

For email marketers, the landscape is about to shift. Under the Google and Yahoo spotlight, marketing emails will face increased scrutiny through stricter authentication protocols like SPF, DKIM and DMARC. The email industry, have been advocating for these protocols for years, but now they’re becoming a necessity.

Proper authentication verifies your identity as a legitimate sender, protecting recipients from impersonation scams and safeguarding your brand reputation. Beyond authentication, permission management is also taking a central  role.

  • Purchased lists and forced subscriptions have always been no-nos, but now they’re getting more heavily regulated. 
  • One-click unsubscribe buttons will become mandatory, allowing users to opt out of your outreach with a single, effortless click.

According to Valimail, you should always give your recipients an easy way to unsubscribe from your messages. Letting people opt out of your messages can improve open rates, click-through rates, and sending efficiency. One-click unsubscribe makes it easy for people to opt out. If you send more than 5,000 messages per day, your marketing and subscribed messages must support one-click unsubscribe.

Spam reports:   To comply with the new  sender guidelines, you will keep your spam rate below 0.1% and prevent spam rates from ever reaching 0.3% or higher. Spam rate impact is graduated, and spam rates of 0.3% or higher have an even greater negative impact on email inbox delivery. 

Non-compliance will lead to trouble. Ultimately, your messages may not be delivered to your Gmail and Yahoo inbox recipients, and those subscribers likely make up most of your email list. 

Embrace Authentication

Implement and monitor your Domain-based Message Authentication, Reporting & Conformance (DMARC) to become a verified sender the inbox welcomes.

Maintain Your List:   Treat your subscribers like gold. Clean your lists regularly, remove inactive users, and prioritize opt-in methods.

Make Unsubscribing Easy:    One-click unsubscribe buttons are your friends, not foes. Offer a seamless exit, and you might even win back hearts later.

Send Wanted Mail:    Deliver content that resonates, personalise your outreach, and prioritise value over sales pitches. You’ll likely face deliverability penalties if your spam rate exceeds 0.1%.
Remember, these new rules aren’t meant to stifle marketing, they’re intended to elevate it. Senders who follow these rules will get their legitimate emails delivered and face less competition from spammers and bad actors in the inbox.

Transactional Emails

Urgent invoices, order confirmations, password resets, and critical account updates, transactional emails are the lifeblood of any online business. However, while these might seem like must-deliver messages, under the new Google and Yahoo rules, even these trusty messengers need to earn their spot in the inbox.

Here’s your guide to ensure your transactional emails bypass the spam filters:

Start with Authentication:    Implement and monitor SPF, DKIM, and DMARC to establish your identity as a legitimate sender.

Optimise Your Sending Domain:    Separate transactional emails from marketing campaigns to maintain a clean reputation.

Keep Your Lists Clean:    Ensure all recipients have explicitly opted in and remove inactive users regularly.

Monitor and Adapt:    Track your sender reputation and delivery metrics, making adjustments as needed.
However, unlike with marketing messages, Google doesn’t require you to add a one-click unsubscribe to the header of your transactional emails: “One-click unsubscribe is required only for commercial, promotional messages.

Transactional messages are excluded from this requirement. Some examples of transactional messages are password reset messages, reservation confirmations, and form submission confirmations.” Valimail advise.

Newsletters & Regular Broadcasts

Sometimes, newsletters and regular messaging are lumped together marketing content, but its helpful here to distinguish the difference. Even when you’re not actively selling something, inbox providers still regulate your sending. While you’ll want to comply with all the marketing message guidelines, you’ll want an added focus on engagement and relevance.

Newsletters and regular broadcasts face a crucial test under the new Google and Yahoo sender requirements. Their ability to land in inboxes hinges on three key elements:


1.    Wanted:    Recipients must have opted in to receive your messages, and it shouldn’t be through an automatically checked box at checkout.

2.    Relevance:    Your messaging should be segmented and personalised to be relevant to your audience.

3.    Engagement:    Your emails should be valuable, and open rates, click-through rates, and unsubscribe metrics often represent that value (or lack thereof).

To ensure your newsletters keep getting delivered, follow these Guidelines:

Focus on Value:    Prioritise content that informs, entertains, or educates your target audience. Offer insights, expert opinions, or unique perspectives that resonate with their interests.

Track Your Performance:    Monitor key metrics like open rates, click-through rates, and unsubscribes. Use this data to understand what resonates and where adjustments are needed.

Embrace Segmentation & Personalisation:    Treat your readers as individuals, not a homogenous mass. Segment your list based on interests and tailor your content accordingly.

Encourage Two-Way Interaction:    Invite feedback, spark conversations, and create opportunities for reader participation. Polls, questions, and user-generated content can boost engagement and keep your audience hooked.

Personal Emails & Individual Accounts

The Google and Yahoo changes might seem to primarily target businesses, but these guidelines are intended for every email sender. If you send emails to Google or Yahoo accounts, these new changes apply to you. There are even some updates that small business owners need to know about if they’re sending from a Gmail.com domain.

Right  now, the stricter requirements will only be enforced for bulk senders, those who’ve sent 5,000 emails in a 24-hour period before, but eventually, these rules could apply to everyone, so it’s best practice to do your due diligence and comply with the requirements sooner rather than later.

1.    Authenticate: Implement authentication with SPF, DKIM, and DMARC.

2.    DNS:    Verify that your sending IP address aligns with the one listed in your domain’s PTR record.

3.    Spam Rate:    Keep your spam complaint rate below 0.1%. This rate is calculated daily.

Reach Compliance With Valimail

While these new guidelines require a lot of changes, one of the most prominent and pressing is the need for proper authentication, and that’s often easier said than done. Valimail takes the complexity out of DMARC authentication.

Valimail offer to guide email users through each step of the way and to help automate the process, so that you can be compliant with these requirements. Taking care of compliance withthe news rules now will result in reliable, delivered communications.

Your customers can’t afford to miss these messages, and neither can you. If you aren’t compliant with these new email sender requirements, your email is at risk of being blocked. 

For more Information from Valimail  click HERE

Image: Torsten Dettlaff

You Might Also Read: 

BEC Attacks: Trends & Predictions For 2024:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

« Data Leak Exposes China’s Hackers For Hire 
Harnessing Predictive Analytics In Cybersecurity »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CyTech Services

CyTech Services

CyTech provides unique services and solutions complemented with professional subject matter experts to both the Federal and Commercial sectors.

Secude

Secude

SECUDE is an established global security solutions provider offering innovative data protection for SAP users.

Cynterra

Cynterra

Cynterra is a next generation cloud cyber security and data analytical service provider offering cloud security compliance, data protection, visibility and threat protection services.

SwiftSafe

SwiftSafe

SwiftSafe is a cybersecurity consulting company providing auditing, pentesting, compliance and managed security services.

NanoLock Security

NanoLock Security

NanoLock delivers the industry’s only end-to-end platform for the IoT and connected devices ecosystem.

Maven Technologies

Maven Technologies

Maven Technologies specialize in secure data destruction, electronics recycling, asset management, and highly detailed reporting.

Neudomains

Neudomains

Neudomains is a Corporate Domain Name Management and Brand Protection Online Specialist. One of the world's top providers of online brand protection and enforcement.

Nu Quantum

Nu Quantum

Nu Quantum is developing quantum photonics hardware to power the quantum revolution in communications, sensing and computing.

Network Intelligence

Network Intelligence

Network Intelligence delivers a comprehensive suite of AI-powered cybersecurity solutions built on the ADVISE framework.

National Cryptologic Foundation (NCF) - USA

National Cryptologic Foundation (NCF) - USA

The National Cryptologic Foundation strives to influence the cryptologic future by sharing our educational resources, stimulating new knowledge, and commemorating our heritage.

Falconfeeds

Falconfeeds

Falconfeeds empowers businesses and security professionals with immediate access to the latest and historical threat intelligence data.

PDQ

PDQ

PDQ helps IT professionals to manage and organize hardware, software, and configuration data for Windows- and Apple-based devices.

Inroad Technologies

Inroad Technologies

Inroad Technologies provide IT services that help keep your business computers, servers and networks secure and trouble-free.

GAM Tech

GAM Tech

GAM Tech is a Managed IT Service Provider that serves small and medium sized businesses in Alberta, British Columbia, Ontario and Quebec.

Cythera

Cythera

Cythera is an Australian cyber security company with in-house cyber security professionals providing world-class cyber protection to medium to large companies all over Australia.

Luxembourg House of Cybersecurity (LHC)

Luxembourg House of Cybersecurity (LHC)

Luxembourg House of Cybersecurity (formerly SecurityMadeIn.lu) is the backbone of leading-edge cyber resilience in Luxembourg.