DMARC Email Validation: Cracking Down On Fraud

Uploaded on 2024-02-28 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Google and Yahoo are introducing changes starting from this month that will make your l inbox a safer place for legitimate senders & recipients. Everything from transactional emails to newsletters to personal messaging will be affected, making this impact even more detrimental, with the potential to hit revenue. 

Are you ready for a new era of email authentication? According to the recommendation from the identity protection experts at Valimail, here’s what you need to know:

Marketing Emails

For email marketers, the landscape is about to shift. Under the Google and Yahoo spotlight, marketing emails will face increased scrutiny through stricter authentication protocols like SPF, DKIM and DMARC. The email industry, have been advocating for these protocols for years, but now they’re becoming a necessity.

Proper authentication verifies your identity as a legitimate sender, protecting recipients from impersonation scams and safeguarding your brand reputation. Beyond authentication, permission management is also taking a central  role.

  • Purchased lists and forced subscriptions have always been no-nos, but now they’re getting more heavily regulated. 
  • One-click unsubscribe buttons will become mandatory, allowing users to opt out of your outreach with a single, effortless click.

According to Valimail, you should always give your recipients an easy way to unsubscribe from your messages. Letting people opt out of your messages can improve open rates, click-through rates, and sending efficiency. One-click unsubscribe makes it easy for people to opt out. If you send more than 5,000 messages per day, your marketing and subscribed messages must support one-click unsubscribe.

Spam reports:   To comply with the new  sender guidelines, you will keep your spam rate below 0.1% and prevent spam rates from ever reaching 0.3% or higher. Spam rate impact is graduated, and spam rates of 0.3% or higher have an even greater negative impact on email inbox delivery. 

Non-compliance will lead to trouble. Ultimately, your messages may not be delivered to your Gmail and Yahoo inbox recipients, and those subscribers likely make up most of your email list. 

Embrace Authentication

Implement and monitor your Domain-based Message Authentication, Reporting & Conformance (DMARC) to become a verified sender the inbox welcomes.

Maintain Your List:   Treat your subscribers like gold. Clean your lists regularly, remove inactive users, and prioritize opt-in methods.

Make Unsubscribing Easy:    One-click unsubscribe buttons are your friends, not foes. Offer a seamless exit, and you might even win back hearts later.

Send Wanted Mail:    Deliver content that resonates, personalise your outreach, and prioritise value over sales pitches. You’ll likely face deliverability penalties if your spam rate exceeds 0.1%.
Remember, these new rules aren’t meant to stifle marketing, they’re intended to elevate it. Senders who follow these rules will get their legitimate emails delivered and face less competition from spammers and bad actors in the inbox.

Transactional Emails

Urgent invoices, order confirmations, password resets, and critical account updates, transactional emails are the lifeblood of any online business. However, while these might seem like must-deliver messages, under the new Google and Yahoo rules, even these trusty messengers need to earn their spot in the inbox.

Here’s your guide to ensure your transactional emails bypass the spam filters:

Start with Authentication:    Implement and monitor SPF, DKIM, and DMARC to establish your identity as a legitimate sender.

Optimise Your Sending Domain:    Separate transactional emails from marketing campaigns to maintain a clean reputation.

Keep Your Lists Clean:    Ensure all recipients have explicitly opted in and remove inactive users regularly.

Monitor and Adapt:    Track your sender reputation and delivery metrics, making adjustments as needed.
However, unlike with marketing messages, Google doesn’t require you to add a one-click unsubscribe to the header of your transactional emails: “One-click unsubscribe is required only for commercial, promotional messages.

Transactional messages are excluded from this requirement. Some examples of transactional messages are password reset messages, reservation confirmations, and form submission confirmations.” Valimail advise.

Newsletters & Regular Broadcasts

Sometimes, newsletters and regular messaging are lumped together marketing content, but its helpful here to distinguish the difference. Even when you’re not actively selling something, inbox providers still regulate your sending. While you’ll want to comply with all the marketing message guidelines, you’ll want an added focus on engagement and relevance.

Newsletters and regular broadcasts face a crucial test under the new Google and Yahoo sender requirements. Their ability to land in inboxes hinges on three key elements:


1.    Wanted:    Recipients must have opted in to receive your messages, and it shouldn’t be through an automatically checked box at checkout.

2.    Relevance:    Your messaging should be segmented and personalised to be relevant to your audience.

3.    Engagement:    Your emails should be valuable, and open rates, click-through rates, and unsubscribe metrics often represent that value (or lack thereof).

To ensure your newsletters keep getting delivered, follow these Guidelines:

Focus on Value:    Prioritise content that informs, entertains, or educates your target audience. Offer insights, expert opinions, or unique perspectives that resonate with their interests.

Track Your Performance:    Monitor key metrics like open rates, click-through rates, and unsubscribes. Use this data to understand what resonates and where adjustments are needed.

Embrace Segmentation & Personalisation:    Treat your readers as individuals, not a homogenous mass. Segment your list based on interests and tailor your content accordingly.

Encourage Two-Way Interaction:    Invite feedback, spark conversations, and create opportunities for reader participation. Polls, questions, and user-generated content can boost engagement and keep your audience hooked.

Personal Emails & Individual Accounts

The Google and Yahoo changes might seem to primarily target businesses, but these guidelines are intended for every email sender. If you send emails to Google or Yahoo accounts, these new changes apply to you. There are even some updates that small business owners need to know about if they’re sending from a Gmail.com domain.

Right  now, the stricter requirements will only be enforced for bulk senders, those who’ve sent 5,000 emails in a 24-hour period before, but eventually, these rules could apply to everyone, so it’s best practice to do your due diligence and comply with the requirements sooner rather than later.

1.    Authenticate: Implement authentication with SPF, DKIM, and DMARC.

2.    DNS:    Verify that your sending IP address aligns with the one listed in your domain’s PTR record.

3.    Spam Rate:    Keep your spam complaint rate below 0.1%. This rate is calculated daily.

Reach Compliance With Valimail

While these new guidelines require a lot of changes, one of the most prominent and pressing is the need for proper authentication, and that’s often easier said than done. Valimail takes the complexity out of DMARC authentication.

Valimail offer to guide email users through each step of the way and to help automate the process, so that you can be compliant with these requirements. Taking care of compliance withthe news rules now will result in reliable, delivered communications.

Your customers can’t afford to miss these messages, and neither can you. If you aren’t compliant with these new email sender requirements, your email is at risk of being blocked. 

For more Information from Valimail  click HERE

Image: Torsten Dettlaff

You Might Also Read: 

BEC Attacks: Trends & Predictions For 2024:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

« Data Leak Exposes China’s Hackers For Hire 
Harnessing Predictive Analytics In Cybersecurity »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CIO

CIO

CIO provides technology and business leaders with insight and analysis on information technology trends

National Crime Agency (NCA)

National Crime Agency (NCA)

The NCA's Cyber Crime Unit focuses on critical cyber incidents in the UK as well as longer-term activity against the criminals and the services on which they depend.

SiteGuarding

SiteGuarding

SiteGuarding provide website security tools and services to protect your website against malware and hacker exploits.

Ammune.ai

Ammune.ai

Ammune.ai (formerly L7 Defense) helps organizations to protect their infrastructure, applications, customers, employees, and partners against the growing risk of API-borne attacks.

Compumatica

Compumatica

Compumatica is a leading European ICT security manufacturer for cybersecurity and encryption products. Solutions include network security, SCADA/ICS security, Mobile/BYOD and email encryption.

NEC

NEC

NEC offers a complete array of solutions to governments and enterprises to protect themselves from the threats of digital disruption.

Pindrop Security

Pindrop Security

Pindrop solutions are leading the way to the future of voice by establishing the standard for security, identity, and trust for every voice interaction.

DestructData

DestructData

DestructData is a leading independent provider of End of Life data destruction/security solutions.

Root9B (R9B)

Root9B (R9B)

R9B offers advanced cybersecurity products, services, and training to enhance the way organizations protect their networks.

WhiteHawk

WhiteHawk

WhiteHawk is the first online Cyber Security Exchange. We help you understand your cyber risk and match you to tailored and affordable solutions.

Revere Technologies

Revere Technologies

Revere Technologies is a pure-play cyber security solutions and services provider in Sub-Saharan Africa.

Cyber Security Services

Cyber Security Services

Cyber Security Services is a cyber security consulting firm and security operations center (SOC).

Armo

Armo

Armo technology enhances any Kubernetes deployment with security, visibility, and control from the CI/CD pipeline through production.

Josef Ressel Centre for Intelligent & Secure Industrial Automation

Josef Ressel Centre for Intelligent & Secure Industrial Automation

The Josef Ressel Centre for Intelligent and Secure Industrial Automation investigates the fundamentals of digital assistants for industrial machines that enable intelligent and secure operation.

Washington Technology Solutions (WaTech)

Washington Technology Solutions (WaTech)

WaTech operates the state’s core technology infrastructure – the central network and data center, provides strategic direction for cybersecurity and protects state networks from growing cyber threats.

Clarity

Clarity

Clarity is an AI cybersecurity startup that protects against deepfakes and new social engineering and phishing attack vectors accelerated by the rapid adoption of Generative AI.