DMARC Email Validation: Cracking Down On Fraud

Uploaded on 2024-02-28 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Google and Yahoo are introducing changes starting from this month that will make your l inbox a safer place for legitimate senders & recipients. Everything from transactional emails to newsletters to personal messaging will be affected, making this impact even more detrimental, with the potential to hit revenue. 

Are you ready for a new era of email authentication? According to the recommendation from the identity protection experts at Valimail, here’s what you need to know:

Marketing Emails

For email marketers, the landscape is about to shift. Under the Google and Yahoo spotlight, marketing emails will face increased scrutiny through stricter authentication protocols like SPF, DKIM and DMARC. The email industry, have been advocating for these protocols for years, but now they’re becoming a necessity.

Proper authentication verifies your identity as a legitimate sender, protecting recipients from impersonation scams and safeguarding your brand reputation. Beyond authentication, permission management is also taking a central  role.

  • Purchased lists and forced subscriptions have always been no-nos, but now they’re getting more heavily regulated. 
  • One-click unsubscribe buttons will become mandatory, allowing users to opt out of your outreach with a single, effortless click.

According to Valimail, you should always give your recipients an easy way to unsubscribe from your messages. Letting people opt out of your messages can improve open rates, click-through rates, and sending efficiency. One-click unsubscribe makes it easy for people to opt out. If you send more than 5,000 messages per day, your marketing and subscribed messages must support one-click unsubscribe.

Spam reports:   To comply with the new  sender guidelines, you will keep your spam rate below 0.1% and prevent spam rates from ever reaching 0.3% or higher. Spam rate impact is graduated, and spam rates of 0.3% or higher have an even greater negative impact on email inbox delivery. 

Non-compliance will lead to trouble. Ultimately, your messages may not be delivered to your Gmail and Yahoo inbox recipients, and those subscribers likely make up most of your email list. 

Embrace Authentication

Implement and monitor your Domain-based Message Authentication, Reporting & Conformance (DMARC) to become a verified sender the inbox welcomes.

Maintain Your List:   Treat your subscribers like gold. Clean your lists regularly, remove inactive users, and prioritize opt-in methods.

Make Unsubscribing Easy:    One-click unsubscribe buttons are your friends, not foes. Offer a seamless exit, and you might even win back hearts later.

Send Wanted Mail:    Deliver content that resonates, personalise your outreach, and prioritise value over sales pitches. You’ll likely face deliverability penalties if your spam rate exceeds 0.1%.
Remember, these new rules aren’t meant to stifle marketing, they’re intended to elevate it. Senders who follow these rules will get their legitimate emails delivered and face less competition from spammers and bad actors in the inbox.

Transactional Emails

Urgent invoices, order confirmations, password resets, and critical account updates, transactional emails are the lifeblood of any online business. However, while these might seem like must-deliver messages, under the new Google and Yahoo rules, even these trusty messengers need to earn their spot in the inbox.

Here’s your guide to ensure your transactional emails bypass the spam filters:

Start with Authentication:    Implement and monitor SPF, DKIM, and DMARC to establish your identity as a legitimate sender.

Optimise Your Sending Domain:    Separate transactional emails from marketing campaigns to maintain a clean reputation.

Keep Your Lists Clean:    Ensure all recipients have explicitly opted in and remove inactive users regularly.

Monitor and Adapt:    Track your sender reputation and delivery metrics, making adjustments as needed.
However, unlike with marketing messages, Google doesn’t require you to add a one-click unsubscribe to the header of your transactional emails: “One-click unsubscribe is required only for commercial, promotional messages.

Transactional messages are excluded from this requirement. Some examples of transactional messages are password reset messages, reservation confirmations, and form submission confirmations.” Valimail advise.

Newsletters & Regular Broadcasts

Sometimes, newsletters and regular messaging are lumped together marketing content, but its helpful here to distinguish the difference. Even when you’re not actively selling something, inbox providers still regulate your sending. While you’ll want to comply with all the marketing message guidelines, you’ll want an added focus on engagement and relevance.

Newsletters and regular broadcasts face a crucial test under the new Google and Yahoo sender requirements. Their ability to land in inboxes hinges on three key elements:


1.    Wanted:    Recipients must have opted in to receive your messages, and it shouldn’t be through an automatically checked box at checkout.

2.    Relevance:    Your messaging should be segmented and personalised to be relevant to your audience.

3.    Engagement:    Your emails should be valuable, and open rates, click-through rates, and unsubscribe metrics often represent that value (or lack thereof).

To ensure your newsletters keep getting delivered, follow these Guidelines:

Focus on Value:    Prioritise content that informs, entertains, or educates your target audience. Offer insights, expert opinions, or unique perspectives that resonate with their interests.

Track Your Performance:    Monitor key metrics like open rates, click-through rates, and unsubscribes. Use this data to understand what resonates and where adjustments are needed.

Embrace Segmentation & Personalisation:    Treat your readers as individuals, not a homogenous mass. Segment your list based on interests and tailor your content accordingly.

Encourage Two-Way Interaction:    Invite feedback, spark conversations, and create opportunities for reader participation. Polls, questions, and user-generated content can boost engagement and keep your audience hooked.

Personal Emails & Individual Accounts

The Google and Yahoo changes might seem to primarily target businesses, but these guidelines are intended for every email sender. If you send emails to Google or Yahoo accounts, these new changes apply to you. There are even some updates that small business owners need to know about if they’re sending from a Gmail.com domain.

Right  now, the stricter requirements will only be enforced for bulk senders, those who’ve sent 5,000 emails in a 24-hour period before, but eventually, these rules could apply to everyone, so it’s best practice to do your due diligence and comply with the requirements sooner rather than later.

1.    Authenticate: Implement authentication with SPF, DKIM, and DMARC.

2.    DNS:    Verify that your sending IP address aligns with the one listed in your domain’s PTR record.

3.    Spam Rate:    Keep your spam complaint rate below 0.1%. This rate is calculated daily.

Reach Compliance With Valimail

While these new guidelines require a lot of changes, one of the most prominent and pressing is the need for proper authentication, and that’s often easier said than done. Valimail takes the complexity out of DMARC authentication.

Valimail offer to guide email users through each step of the way and to help automate the process, so that you can be compliant with these requirements. Taking care of compliance withthe news rules now will result in reliable, delivered communications.

Your customers can’t afford to miss these messages, and neither can you. If you aren’t compliant with these new email sender requirements, your email is at risk of being blocked. 

For more Information from Valimail  click HERE

Image: Torsten Dettlaff

You Might Also Read: 

BEC Attacks: Trends & Predictions For 2024:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

« Data Leak Exposes China’s Hackers For Hire 
Harnessing Predictive Analytics In Cybersecurity »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Prosperon Networks

Prosperon Networks

Prosperon Networks support SMB to Enterprise networks through the provisioning of network monitoring software, customisation, consultancy and installation.

Akheros

Akheros

Akheros develops cybersecurity learning algorithms which anticipate, detect and prevent offensive and incongruous behaviors of M2M interactions.

Avatier

Avatier

Avatier identity management software products automate identity access management, user provisioning and IT governance to ensure information security and compliance.

Namogoo

Namogoo

Namogoo’s disruptive technology identifies and blocks unauthorized product ads that are injected into customer web sessions by client-side Digital Malware.

GreyCastle Security

GreyCastle Security

GreyCastle Security is a leading cybersecurity services provider dedicated exclusively to cybersecurity and the practical management of cybersecurity risks.

Netrix

Netrix

Netrix is a Mexican company specialized in IT Security, with more than 18 years of experience in Managed Services, Professional Services and Turnkey Solutions related to Security.

Spanish Network of Excellence on Cybersecurity Research (RENIC)

Spanish Network of Excellence on Cybersecurity Research (RENIC)

RENIC is a membership based sectoral association that includes research centers and other agents of the research cybersecurity ecosystem in Spain.

DivvyCloud

DivvyCloud

DivvyCloud protects your cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges.

Aurora Systems Consulting

Aurora Systems Consulting

Aurora is a Cybersecurity solutions provider with a portfolio consisting of security consulting, products and services that proactively prevent, secure and manage advanced threats and malware.

Stratia Cyber

Stratia Cyber

Stratia Cyber is an independent, technology agnostic company providing high quality, pragmatic cyber security consultancy and expertise.

PhishFirewall

PhishFirewall

PhishFirewall is an advanced AI-driven CyberSecurity Awareness Education, Threat Emulation, and Human Security Analytics Platform.

Ping Identity

Ping Identity

At Ping Identity, we believe in making digital experiences both secure and seamless for all users, without compromise. That’s digital freedom.

VENZA

VENZA

VENZA is a data protection company that can help organisations mitigate their vulnerabilities and ensure compliance, keeping guests and their data safe from breaches.

DeepTempo

DeepTempo

At DeepTempo, we build AI models and related software that protect enterprises and service providers from sophisticated cyber threats.

Adaptive Security

Adaptive Security

Adaptive is a next-generation cybersecurity platform. We're working with pioneering security teams to protect critical systems from AI-powered cyber attacks.

Keystrike

Keystrike

Keystrike secures remote connections. Our technology ensures that commands made by an employee were physically made on their computer, rather than by a remote attacker.