DMARC Compliance Changes for 2024

DMARC Compliance Changes for 2024

 

If you’re an online entrepreneur, you’ve probably seen other marketers chattering online about the authentication rules taking place beginning in February 2024. Many people have been using Gmail or Yahoo to send emails to their customers, and if you have been doing that, too – these rule changes are going to affect you.

 

This was announced back in October of 2023 when both Google and Yahoo made changes to their bulk sender guidelines. Those who aren’t in compliance are going to struggle with deliverability in getting their emails to inboxes.

 

Below, we’re going to talk about why this is happening and what you can do about it. Don’t panic, but don’t procrastinate, either. Email marketing is one of the most effective ways to reach your target audience, and it’s an aspect of your business you have to maintain in a pristine manner.

 

Why Is This Happening Now?

 

Spam has always been a problem, and at every turn, major companies have worked hard to ensure spammers are prohibited from cluttering your inbox. One main reason they do this is because if the user is annoyed, they may switch to an option that prevents spam better.

 

Google and Yahoo made a decision that anyone sending bulk email (which means 5,000 or more emails per day) as well as other volumes to Gmail accounts would need to be authenticated.

 

They’re doing this to prevent unwanted emails as well as malicious mailings such as spoofing or phishing emails that are fraudulent and aim to scam people, not just spam them.

 

Everyone should welcome these changes because it means your brand is also going to receive a level of protection against anyone impersonating you. This happens from time to time, and it’s a way to sabotage your reputation or trick customers without your knowledge.

 

What Are the New Sender Guidelines for Email Marketers?

 

Google and Yahoo want you to have an authenticated outgoing email account. This is the technical part that is overwhelming many people, but it doesn’t have to be difficult. There are other guidelines as well.

 

They don’t want you to send out unwanted or unsolicited emails to individuals. Cold emailing (which is typically B2B not B2C) is going to be largely unaffected by these changes, but they still have their own spam guidelines to adhere to.

 

They also require you to make it easy for people to unsubscribe from your emails. This is something that’s very annoying to consumers, when you’re not only receiving spam, but there’s no way to get off the person’s list.

 

If you don’t work to follow these guidelines, Gmail is going to block your messages and mark them as spam, or limit your send rate. Starting February 1st, 2024, you’ll want to follow the guidelines for the under 5,000 and over 5,000 email messages from your business.

 

You have to set up SPF or DKIM to authenticate your domain. Many marketers have simply been sending from a Gmail account, and now you’re going to want to register a domain and authenticate it so that the email comes from something like: yourname@yourdomain.com.

 

To set up SPF, which is going to prevent people from impersonating your domain, you’ll publish an SPF record on your domain. This will list any and all email senders for your domain.

 

Whenever an email is sent, the receiving email server checks the record to see if the incoming email is verified to send emails on your behalf. You can follow the SPF Set Up Instructions with example records here.

 

Each domain provider may have different steps on how to set up the field names for the DNS TXT record. But Google has some guidelines and instructions on how to add your SPF record at your domain provider.

 

The domain has to have valid forward and reverse DNS records (PTR records). This simply verifies that the sending host is associated with the IP address attached to it. You’ll need to set up valid reverse DNS records and if you want to check for a PTR record, you can do that in the Google Admin Toolbox Dig tool.

 

If you’re using a shared IP address, then anyone sharing that IP address is going to impact your mailer reputation. If they have engaged in shady behavior (or do so in the future), your emails will get blocked along with them.

 

You can use Postmaster Tools to monitor the reputation of anyone sharing your IP if you happen to be using an email service provider for the shared IP. You also have to send emails that support one-click unsubscribe.

 

That means they aren’t taken to a page where they have to then go through additional unsubscribe steps, but instead they can click one link in your email and it’s done – they’re unsubscribed from that point on.

 

The formatting of your emails is also going to matter. They have standards such as the Internet Format Standard and HTML Standards.  If you include links in the email, they have to be clear and visible and not anything that’s going to trick people into going to a link they weren’t aware they were going to.

 

If you’re new to email marketing, you should know that you need to gradually increase the volume of emails you’re sending out. It’s a red flag If you go from 15 emails to 60,000 overnight – it means you likely bought a list of unsuspecting subscribers.

 

Consistency also matters. You don’t want to go cold from your list and then suddenly spam them with a huge burst of emails in a short period of time. Monitoring your results will help you see if your list is responding positively to your schedule.

 

DMARC and DKIM Options

 

It’s important to give this its own section because it’s where most marketers are worrying. DKIM (DomainKeys Identified Mail) is not identical to SPF (Sender Policy Framework), which we discussed previously.

 

With DKIM, the recipient is verifying that the message hasn’t been altered in transit, which SPF is verifying that the incoming email is attached to the authorized domain. DMARC, on the other hand, adds another layer of protection to the process.

 

It stands for Domain-based Message Authentication Reporting and Conformance. It’s going to verify senders by using DKIM or SPF to more deeply analyze the verification status on incoming emails.

 

Consider it similar to a tailored approach that gives senders more control over your own process of authentication. You can give instructions to servers receiving the emails on what they should do with emails that don’t pass the DMARC test.

 

This helps you prevent your brand from being spoofed. The DMARC test is going to check to see if there are any hidden pathways in the return email and ensure it matches the domain it claims to be from.

 

If, for any reason, there’s a glitch and it doesn’t pass DKIM or SPF, then DMARC can be set up by you to tell the receiving server what to do with it. You can choose “none,” which means the email can still be delivered, put in the spam box or filtered out.

 

Or, you can choose to “quarantine” the emails, which means it goes to spam. Or, you can have it outright “reject” the email, which means it never gets delivered at all. You can even tailor it so that the serve does a partial “none” and partial “reject” with a certain percentage if you want to.

 

You’re going to get reports from receiving servers for every failed DMARC that comes through, helping you put more preventative measures in place. With DMARC you can add a variety of additional tags, like pct (the percentage we mentioned just now), sp (allowing you to instruct it to ignore failures from the main domain, but quarantine subdomains), and more.

 

In order to set up DMARC, you have to generate a record first and then add it to your domain’s DNS files. There are DMARC Record Creation tools you can use. Each provider is going to have their own method of adding the record to your DNS, so you’ll need to look that up depending on your domain and hosting.

 

After setting it up, you’ll start getting reports within a day so you can begin monitoring the health of your email compliance efforts. You can also add a BIMI brand logo to your DMARC, which will be verified with Verified Mark Certifications (giving your subscribers proof that it’s from you).

 

Instead of seeing this as a pain, look at it as a welcomed layer of protection that’s going to not only give your subscribers a decluttered inbox so your emails stand out, but give you more protection for your brand reputation!