What DMARC/DKIM/SPF updates are needed for new Gmail/Yahoo requirements?
Summary
What email marketers say11Marketer opinions
Email marketer from MailerLite shares that Google and Yahoo are enforcing stricter email authentication policies for bulk senders, including requiring SPF, DKIM, and DMARC setup. These changes aim to improve email security and reduce spam.
Email marketer from Sendinblue explains that to comply with Gmail and Yahoo's new requirements, businesses need to authenticate their emails using SPF, DKIM, and DMARC. They also need to ensure a low spam rate and provide easy unsubscribe options.
Email marketer from ZeroBounce shares that bulk senders must authenticate their emails with SPF, DKIM, and DMARC. DMARC needs to be set to 'p=none' at a minimum, but a stricter policy is recommended for better protection. They also need to maintain a spam rate below 0.1% and implement one-click unsubscribe.
Email marketer from Litmus explains that by implementing SPF, DKIM and DMARC you are telling mailbox providers that you are who you say you are and are authorized to send email using your domain.
Email marketer from EasyDMARC shares that implementing DMARC reporting helps monitor who is sending emails on behalf of the domain, so that any unauthorized senders are identified and remediated. Aggregated reports are very useful in identifying problems.
Email marketer from Email Geeks shares that if you have DKIM and it’s passing and the DKIM domain matches the domain in the visible from address - no changes are needed. If the DKIM domain doesn’t match (at least on the parent level), you need to get DKIM with your domain. For DMARC, you need at least have “none” policy.
Email marketer from SparkPost highlights the importance of keeping SPF records under the DNS lookup limit (typically 10) to avoid authentication failures. Using include mechanisms efficiently is crucial.
Email marketer from Reddit explains that for DMARC, start with a 'p=none' policy to monitor your email streams. Once you're confident that all legitimate email is properly authenticated, you can move to 'p=quarantine' or 'p=reject'.
Email marketer from Email Geeks shares that you also need SPF if you are a bulk over 5K sender, but it only has to align if DKIM doesn’t and recommends aligning DKIM (aka match the domains to the visible from address).
Email marketer from Mailchimp highlights that setting up custom authentication, including DKIM and SPF, improves deliverability and protects your brand's reputation.
Email marketer from Email Marketing Forum suggests using a DKIM key size of at least 2048 bits for improved security and compliance with the latest standards.
What the experts say5Expert opinions
Expert from Email Geeks explains that setting up DMARC reporting is a very expensive thing to do properly, so unless you actually care about DMARC it’s a _long_ way down the list of things to do. Expert from Email Geeks adds to think of it as a step 2 or 3, not a step 1.
Expert from Word to the Wise explains that new requirements for bulk senders are being implemented by Google and Yahoo, requiring authentication (SPF, DKIM, DMARC) as well as low spam rates. Senders who don't authenticate will have messages blocked or sent to spam.
Expert from Email Geeks explains that for bulk mail where there’s a single mail stream about all you can do is make sure that one mail stream is authenticated and aligned when it’s sent, you can do that with much, much less effort than handling DMARC reports. Marketer from Email Geeks adds that as long as your solution to the “must publish DMARC for this stream” problem isn’t “publish p=none at the org domain and be done with it”.
Expert from Email Geeks explains that there is no need to do any monitoring for DMARC if you have no intention of moving to something other than p=none.
Expert from Email Geeks explains that if you can align both SPF and DKIM then do, but if you need to focus engineering in one place, pick DKIM.
What the documentation says4Technical articles
Documentation from RFC Editor explains that DKIM defines a domain-level authentication framework for email. It provides a mechanism for verifying that email was sent by the stated domain and hasn't been altered in transit.
Documentation from Google Workspace Admin Help explains that to ensure your messages are delivered as expected to Gmail accounts, you must set up email authentication for your domain. Meeting Google’s sender requirements helps ensure reliable delivery to Gmail, prevents spoofing, and helps keep Gmail users safe. Senders must authenticate their email using SPF or DKIM. They also advise to set up DMARC authentication for your domain.
Documentation from Microsoft explains that SPF is a DNS record that identifies which mail servers are permitted to send email on behalf of your domain. Configuring SPF prevents spammers from sending messages with forged From addresses at your domain.
Documentation from DMARC.org explains that DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. DMARC builds upon the widely deployed SPF and DKIM protocols, adding a reporting function that allows domain owners to monitor who is sending email on behalf of their domain.