Understanding Gmail and Yahoo DMARC Requirements

Posted by Spike MondayMotivator

dmarc - Understanding Gmail and Yahoo DMARC Requirements

On October 3, 2023, Google and Yahoo announced requirements that bulk senders must have DMARC in place beginning February 2024.

As part of our mission to make DMARC accessible for all, we’re here to help. This guide will provide you with guidance, regardless of the size or complexity of your email infrastructure.

Who is affected?

If you send 5,000 messages a day or more into either of the world’s largest mailbox providers, starting February 2024, your email domain must have a DMARC policy in your DNS. These messages must pass DMARC Alignment or they will not be delivered. This includes messages sent on behalf of your organization by third-party email service providers (ESPs) like Constant Contact and MailChimp that use your email domain.

Note: If you’re also hosting your domain on Google Workspace, your internal message volume will likely count towards this daily limit.

Why is this happening?

Google and Yahoo both recognize the importance of email and are taking steps towards making it more safe and secure. By focusing on email validation, they are helping prevent unwanted spam and potential bad actors from reaching their customers’ inboxes.

Sending from a domain that has DMARC in place has the additional benefit of improving inbox placement. A DMARC record helps ISPs identify you as a sender that is serious about following established email standards and reducing your spam liability.

Technical Requirements

For anyone sending more than 5,000/day into either of the the world’s largest mailbox providers, here’s what you need to do:

You must have a DMARC policy in your DNS. Though a monitor-mode policy of p=none will suffice for Google and Yahoo, this is only the first stage of taking full advantage of the security control.

  • First, check if you have a DMARC record with this free tool DMARC Inspector.
  • If you don’t have a DMARC record, then you will have to create one.
    • Nearly every DMARC project starts with a monitor-only mode of p=none.
    • The DMARC record then must be published in your DNS.
  • Enabling DMARC monitoring is the first step to gain insights into whether you have any email sources that are out of compliance.

Your messages must pass DMARC. Messages can pass DMARC alignment in one of two ways.

  • Your messages pass DKIM, using the same domain as your message From: header; this is the d= value within email headers.
  • Your messages pass SPF, using the same domain as your message From: header. This is the Return-Path value within email headers. This header value is sometimes referred to as the “bounce domain,” “envelope-from” or “MailFrom.”
DMARCPolicyOverview Table2 1 1024x293 - Understanding Gmail and Yahoo DMARC Requirements
  • Of these two options, DKIM tends to be an easier and more reliable method as it survives forwarding. Much like Google and Yahoo postmasters have promoted, dmarcian also recommends a DKIM-first approach. However, a valid SPF record must be present.

Sending IPs must have a PTR record. Also known as “forward and reverse DNS” or a “hostname.”

  • If you maintain any of your own mail servers, you should validate that each IP address has a corresponding PTR record in your DNS.
  • If you don’t maintain any of your own mail servers, this responsibility falls on the email vendors you leverage. Because DMARC is a means of observing who, what, and how your domain is being used to send email, basic DMARC monitoring (p=none) can help validate that your email vendors are in compliance.
  • It’s rare that legitimate mail servers don’t have a PTR record. The bad guys have learned to compromise other connected devices (smart devices, residential modems, etc.) to send mail. Absence of a PTR record is a clear signal to the receiver that this IP address is not properly configured to send email.

Don’t send spam:

  • Yahoo asks you to only send messages to recipients who have opted in. You honor the stated frequency established at the point of registration, and you don’t buy lists.
  • Gmail requires you to keep your Spam Complaint Rate below 0.3%. They even offer a free reputation service to help you keep track of your spam rates.

Properly Format Your Messages: Emails must meet the standards established by RFC 5322.

Don’t spoof gmail.com or yahoo.com: Google and Yahoo will begin to ramp their own DMARC policies. If you are using an email service that allows you to send “as your @gmail.com or @yahoo.com address,” you are likely to experience substantial delivery issues. Best bet is to open a support ticket with your provider to understand more appropriately what exactly is at stake for you.

Include one-click unsubscribe: You’ll need to institute a one-click unsubscribe by June 2024 in order for your emails to be delivered. Yahoo says the one-click unsubscribe should honor a user’s requests within two days. Google adds that a clearly visible unsubscribe link must be in the message body.

Sender Guideline Enforcement Dates

Yahoo reports that enforcement of sender guidelines will be gradually rolled out as they monitor compliance through the first half of the year:

  • Beginning in February 2024, Yahoo will be enforcing certain standards for all senders, including:
    • Properly authenticating your mail
    • Keeping complaint rates low
  • Beginning in February 2024, the requirements for bulk senders will be more strict, including:
    • Enabling easy, one-click unsubscribe starting June 2024
    • Authenticating with both SPF and DKIM
    • Publishing a DMARC policy

Google’s “gradual and progressive” sender enforcement dates are as follows:

  • In February 2024, bulk senders who don’t meet sender requirements will start getting temporary errors (with error codes) on a small percentage of their non-compliant email traffic. These temporary errors are meant to help senders identify email traffic that doesn’t meet our guidelines so that senders can resolve issues that result in non-compliance.
  • In April 2024, Google will start rejecting a percentage of non-compliant email traffic and gradually increase the rejection rate. For example, if 75% of a sender’s traffic meets our requirements, Google will start rejecting a percentage of the remaining 25% of traffic that isn’t compliant.
  • Bulk senders have until June 1, 2024 to implement one-click unsubscribe in all commercial, promotional messages.

 

How to start your email domain verification refer to the below list of instructions and guides

Mailchimp
https://mailchimp.com/help/set-up-email-domain-authentication

Klaviyo
https://academy.klaviyo.com/2024-new-sender-requirements-checklist/1817230

Kartra
https://www.youtube.com/watch?v=JmMT4_ZPO4Q

ActiveCampaign
https://help.activecampaign.com/hc/en-us/articles/206903370-SPF-DKIM-and-DMARC-Authentication

Hubspot
https://knowledge.hubspot.com/domains-and-urls/update-your-dns-records

 

How to add/edit/delete records to your hosting domain refer to the below list of references

Crazy Domains
https://www.crazydomains.com.au/help/manage-dns-records-in-account-manager

Hostgator
https://www.hostgator.com/help/article/changing-dns-records

1st Domains
https://support.1stdomains.co.nz/afmviewfaq.asp?faqid=47

Domain.com
https://www.domain.com/help/article/dns-management-how-to-update-dns-records

Cloudflare
https://developers.cloudflare.com/dns/manage-dns-records/how-to/create-dns-records

GoDaddy
https://ph.godaddy.com/help/add-an-a-record-19238

Bluehost
https://www.bluehost.com/help/article/dns-management-add-edit-or-delete-dns-entries

Google Domains
https://support.google.com/domains/answer/3290350

Duda
https://support.duda.co/hc/en-us/articles/4406614642199-Network-Solutions-CNAME-and-A-Records

eNom
https://help.enom.com/hc/en-us/articles/115000474012-Managing-DNS-host-records

Namecheap
https://www.namecheap.com/support/knowledgebase/article.aspx/434/2237/how-do-i-set-up-host-records-for-a-domain

iPage
https://www.ipage.com/help/article/dns-management-how-to-update-a-records