How will Google and Yahoo's new email authentication policies affect senders using shared domains and ESP authentication?

Key findings

• Aligned Authentication: Google and Yahoo strongly prefer senders to use their own organizational domain, or a subdomain of it, for DKIM signing and SPF alignment. This ensures that the From: header domain aligns with the authenticated domains.
• Shared DKIM and via tags: While sending with a shared DKIM signature (where the ESP's domain is used) is still allowed, it's increasingly discouraged, especially for bulk senders. The presence of a via tag indicates unaligned authentication, which will be penalized.
• High-volume senders: Senders exceeding 5,000 emails per day to Gmail/Yahoo addresses face stricter enforcement, including mandatory DMARC with a policy of p=none or stronger. This impacts deliverability for universities using multiple email platforms and other bulk senders.
• From: header addresses: Using freemail domains (like @gmail.com) in the From: header when sending through an ESP will lead to significant deliverability issues.
• ESP adaptation: Most major ESPs are aware of these changes and are implementing or enhancing features to help customers achieve proper authentication alignment.

Key considerations

• Proactive authentication: Senders should proactively set up their own dedicated DKIM records and ensure their SPF records are correctly configured and aligned. This is crucial for their sender reputation.
• DMARC implementation: Implementing DMARC (even with a p=none policy) is no longer optional for bulk senders. It's a fundamental step towards compliance and gaining visibility into email authentication issues. Learn more about Yahoo and Gmail's DMARC requirements.
• Long-term strategy: While smaller senders might not face immediate rejection, the industry trend points towards stricter authentication for all. Relying on shared ESP authentication without aligning your own domain is not a sustainable long-term strategy for reliable email delivery.
• Understanding impact: Senders should understand how their current email setup aligns with the new requirements. This includes evaluating how using an ESP's shared domain affects their deliverability.

Key opinions

• Discouraged shared domains: Many marketers recognize that Google and Yahoo are discouraging the use of shared, unaligned DKIM domains for sender authentication.
• ESPs' roles: ESPs are expected to heavily promote and, in some cases, enforce proper authentication for their users, especially those using shared infrastructure. They must facilitate aligned DKIM options.
• Impact on small senders: Small senders (under 5,000 emails/day) might not face immediate rejection, but relying solely on ESP authentication without their own domain alignment is seen as a risky long-term strategy.
• From: address restrictions: The inability to use freemail domains (e.g., @gmail.com) in the From: header when sending through an ESP is a significant and potentially painful change for many.

Key considerations

• Adopting dedicated DKIM: Marketers using ESPs should ensure they set up dedicated DKIM for their own domains, even if their ESP provides a default shared DKIM. This enhances domain reputation.
• Updating sending practices: Revisit sending practices to ensure compliance with the new authentication standards and avoid relying on past methods that may no longer be effective. Consider DMARC, DKIM, and SPF updates.
• Educating stakeholders: It is important to communicate the necessity of these changes to internal teams and clients who might be accustomed to older, less stringent sending methods.
• Monitoring deliverability: Continuously monitor inbox placement and email deliverability metrics to quickly identify and address any issues arising from the new policies. This can help with troubleshooting where temporary errors may manifest.

Key opinions

• Authentication is mandatory: Experts confirm that Google's "recommendations" regarding authentication are, in practice, mandatory for deliverability.
• Sender domain ownership: Senders should own and use their domain to DKIM sign messages, ideally from the From: header, or a subdomain of it.
• Multiple DKIM signatures: While multiple DKIM signatures are allowed (e.g., one from the ESP, one from the sender), an aligned DKIM signature from the sender's domain is should have one of them.
• From: header rewriting: There's a debate about whether From: header rewriting by ESPs (to ensure alignment) is a net positive or a symptom of systemic failure.
• No sympathy for non-compliance: Senders not adhering to basic authentication standards will find little sympathy for deliverability problems.

Key considerations

• Invest in authentication: Businesses must invest in proper domain authentication to ensure long-term inbox delivery, rather than relying on workarounds or shared ESP domains without their own alignment. This includes understanding the DKIM domain alignment requirements.
• Prepare for enforcement: Mailbox providers are not implementing changes instantly, but the trend is towards increased enforcement over time. Senders need to adapt now to avoid future issues.
• Aligning SPF and DKIM: Senders should aim for both aligned SPF (return-path a subdomain of organizational domain) and aligned DKIM (organizational domain in the d= tag). This is a foundational aspect of email authentication.
• Industry evolution: The email industry is evolving, and those who resist adopting stronger authentication will eventually be ground underfoot by the changes.

Key findings

• SPF and DKIM mandatory: All senders are required to use SPF and DKIM. This is a foundational element for verifying sender identity and message integrity.
• DMARC for bulk senders: Bulk senders (over 5,000 emails/day to Gmail/Yahoo) must implement DMARC with an enforcement policy.
• Domain alignment: The domain in the From: header must align with either the SPF domain or the DKIM domain. This prevents spoofing and enhances trust.
• No freemail From: addresses: Senders using ESPs cannot use personal freemail addresses (e.g., @gmail.com) as their From: address.

Key considerations

• Spam rate monitoring: Maintain a spam complaint rate below 0.3% to avoid deliverability penalties. This is a crucial metric for sender reputation, influencing how well emails land in the inbox for your branded domain.
• DNS records: Ensure all necessary DNS records for SPF, DKIM, and DMARC are properly configured and published for your sending domains.
• TLS encryption: Use TLS encryption for all email transmissions to ensure secure delivery.
• One-click unsubscribe: Implement a one-click unsubscribe mechanism in your email headers to provide an easy opt-out for recipients. This is a direct requirement from Google and Yahoo.