Mon – Fri: 08:00am – 04:00pm, Sat/Sun: Closed

We Open over Xmas and New Year Break

And so it Begins: Gmail Authentication Errors are Here

Gmail has officially started to temporarily reject messages that fail their new authentication requirements.

The long-awaited day is upon us. Gmail has officially started to temporarily reject messages that fail their new authentication requirements. Gmail and Yahoo Mail have been preparing the email world for this day, and right on cue, it’s begun:

It has never been a more important time to authenticate your email. According to the new rules, today you will start to see temporary errors for unauthenticated mail. And starting in April, unauthenticated mail that does not pass DMARC will start to be rejected. 

There is no need to get caught off guard by these rejections!

Our CTO, Seth Blank, has a long history of playing a critical and active role across the email ecosystem to drive new technology and change that raises the bar for everyone. He is Co-Chair of the IETF DMARC Working Group, Chair of the AuthIndicators (BIMI) Working Group, and has developed ARC, BIMI, DMARC 2.0, amongst others. With these new requirements, he has already been providing ecosystem and customer feedback directly to Google and Yahoo, helping to clarify guidance and ensure all senders are set up for success with the new rules. 

Authentication matters, now more than ever, or the errors will flow. There are still many questions to be answered as these new requirements continue to roll out, but Valimail is committed to providing timely, accurate clarification to senders of all types.

In the meantime, if you want to protect your domain, sign up for our brand new product, Align, specifically created to help you meet the new email authentication requirements. It’s automated, simple, built for marketers, and priced to make it easy for companies of all sizes to meet the requirements. 

Since its founding in 2015, Valimail has worked hard to provide automated email authentication solutions ranging from free to enterprise and FedRAMP, and we now have more than 38,000 customers protecting themselves with our industry-leading DMARC software. We’ve always believed that it’s in everyone’s interest to make sure your email domain isn’t spoofed and to thereby help to stamp out criminal abuse of your email and brand. 

This isn’t just about protecting yourself – done right, email authentication protects partners, consumers, and anyone receiving email. If we can get to herd immunity (approximately 70% adoption of the largest senders), exact domain spoofing (the most pernicious) becomes economically uninteresting and criminals move on to other forms of phishing, spoofing, etc. 

Valimail is here to help you. Ultimately, all mail sent to Gmail and Yahoo Mail must pass DMARC to be delivered. As the world’s leader in DMARC, we’ve got you covered.

by Valimail

New Email Sender Requirements for DMARC, SPF, AND DKIM at Google and Yahoo

Google and Yahoo announced in October 2023 that starting early in 2024, bulk senders will be subject to more stringent requirements for authentication of the mail sent to these two mailbox providers.

Yahoo and Google timeline

Specifically, they’re requiring that bulk senders use domains that have DMARC policies in place, and while that requirement is straightforward, some other requirements around this are causing quite a bit of confusion, so we thought we’d clear them up here.

Google’s requirements for bulk senders include these bullet points:

  • Set up DMARC email authentication for your sending domain. Your DMARC enforcement policy can be set to none. Learn more
  • Set up SPF and DKIM email authentication for your domain.
  • For direct mail, the domain in the sender’s From: header must be aligned with either the SPF domain or the DKIM domain. This is required to pass DMARC alignment.

Google Requirements

So, which is it? Do you need SPF and DKIM or just SPF or DKIM?

The answer, believe it or not, is both.

Set Up SPF and DKIM Email Authentication For Your Domain

For the purposes of our discussion (and for the purposes of the new Google and Yahoo requirements), “your domain” is the domain you’ll be using in the visible From: header of your emails. The directive is to set up SPF and DKIM email authentication for your domain, which means that:

  • Your mail must be sent with a Return-Path (or bounce) domain for which an SPF record exists
  • Your mail must be DKIM signed

So that covers SPF and DKIM, but what about SPF or DKIM?

From: Header Must Be Aligned With Either the SPF Domain or the DKIM Domain

DMARC is built on the two email authentication protocols, SPF and DKIM, and DMARC is designed to authenticate the use of the domain in the visible From: header of an email message. Since its release in 2014, DMARC has always required that either SPF pass and the SPF domain align with the From domain or that DKIM pass and the DKIM signing domain align with the From domain. 

With these new policies, Google and Yahoo aren’t changing DMARC’s requirement for a pass verdict; either the SPF domain or the DKIM domain must align, just as it’s always been for DMARC.

LEARN MORE ABOUT DMARC

DMARC Best Practices

Even though DMARC only requires an aligned pass for SPF or DKIM, it’s long been a best practice that messages sent with From domains with published DMARC policy to do so with both SPF and DKIM aligned if possible. 

This “belt and suspenders” approach is meant to mitigate the risk of failures due to DNS hiccups, breakage due to forwarding, and other blips that might cause one authentication method to fail, but not the other. Implementing the best practice here and having both align is a way, and arguably the best way, to meet the Google requirements discussed above.

Unsure of whether or not your SPF and/or DKIM are aligned? Use Valimail Align to view and update your sending domain.

CHECK YOUR COMPLIANCE

By Valimail

Special Offer

December and January Special

Save 20% off your Service!

Coupon Code below: