Here’s How to Navigate Yahoo
and Gmail Authentication
In a bid to enhance user experience and security, tech giants Google and Yahoo are shaking things up a bit to make our email experience even better (and safer). It’s more than just a fancy inbox makeover, this change is all about authenticity, control, and a spam-free life.
Are you compliant?
1. Are you sending emails from a Yahoo or Gmail address?
2. Are you sending on average over 5,000 emails a day?
If so, you NEED to keep reading.
Starting February 2024, if you’re part of an organisation that sends more than 5,000 emails a day you’ve got to play by some new rules. It’s not just about crafting those killer subject lines or engaging content anymore.
Tailored Steps for Mailchimp users
1: Confirm Mailchimp’s DMARC Authentication
2: DKIM and SPF Setup
3: Use Mailchimp’s Delivery Insights
4: Update Email Lists
5: Subscriber Education
6: Test Email Campaigns
What You Need to Know
If you’re one of those bulk email senders, blasting out over 5,000 emails daily to Google and Yahoo addresses, here’s what you need to do:
(and even if you’re not, we suggest you do this anyway)
1. Use security protocols like DKIM, SPF, and DMARC to verify your emails. It’s like a digital ID for your messages.
2. Make it easy for people to unsubscribe with a one-click list-unsubscribe option. And when they say goodbye, acknowledge it within two days.
3. Use your organisation’s custom domain for sending emails. Ditch the free email domains like @gmail.com in your sender address. It’s all about looking professional!
4. Keep your spam complaint rate under 0.3%. That means having no more than three spam reports for every 1,000 messages you send out.
Understanding the Big Changes in Email Security
Both Yahoo and Gmail are putting their foot down on email security to keep you safe from those annoying phishing attacks. They’re setting a new gold standard for making sure your emails get to where they need to go.
You see, email authentication is a big deal.
It’s like a bouncer at a club, checking IDs to make sure the email really is from who it says it’s from. It’s a solid defence against spam, phishing, and other nasty stuff that could mess with your brand or make people distrust you.
Picture getting an email from your bank or a trusted online service. Without this bouncer, bad guys could pretend to be these entities and trick you into giving up your sensitive info.
Email service providers like Gmail and Yahoo are all about user safety and security. They’re taking action to protect you from harm and build trust in the emails you receive.
Yahoo is beefing up its email security with some changes to its DMARC policies, all in the name of better protection against phishing and unauthorised access. Starting next month, Yahoo is going to get stricter with its DMARC policy, making sure senders really authenticate their emails. This means only legit emails will reach you, providing a key defence against the bad guys.
Gmail, with its massive user base, is also fighting against email impersonation and phishing. They’re introducing tougher DMARC policies to make sure you’re in a safer space.
Starting from the next month, Gmail will show the door to emails that don’t pass DMARC authentication, cutting down the risk of phishing attacks.
What is Email authentication?
There are several different types of email authentication, each focusing on different parts of the email process.
DKIM (DomainKeys Identified Mail):
Think of DKIM as a secret handshake for your emails. It uses a pair of keys (public and private) to sign and check your emails. The private key signs the emails you send, and the public key is like a bouncer at the club door, checking the signature of your email to make sure it’s legit and hasn’t been messed with in transit.
SPF (Sender Policy Framework)
SPF is like the VIP list for your email party. It tells email servers who’s cool to send emails from your domain. You create an SPF record that lists the IP addresses and servers allowed to send emails on your behalf. The recipient’s email server checks your SPF record to see if the sender is on the list, improving the chances of your email making it to the inbox.
DMARC (Domain-based Message Authentication, Reporting, and Conformance):
DMARC is like the security guard enforcing the rules based on DKIM and SPF. It lets you set the rules for how email servers should deal with emails that haven’t passed the secret handshake test. With DMARC, you can choose to have these emails bounced or quarantined (sent to the spam folder).
Plus, DMARC gives you reports on authentication fails, helping you spot any issues and improve email delivery.
BIMI (Brand Indicators for Message Identification):
BIMI is like a business card for your emails, letting you show off your brand’s logo next to your emails in the recipient’s inbox.
This not only boosts recognition but also adds a touch of flair. To use BIMI, you need to have DKIM and DMARC set up, and create a BIMI record in your domain’s DNS that contains a link to your logo.
This makes sure your logo is fetched and displayed next to your email. While it’s optional, BIMI can seriously up the look of your emails as well as ensure you appear as a trusted sender.
How you should adapt to these changes
Adapting to the new email world: it’s easier than you think, here’s how:
- Firstly, you need to vouch for your emails. How? By using the security protocols DKIM, SPF, and DMARC. These techy tools are your best buddies in proving your emails are legit. Plus, they help your recipients by shielding them from those pesky phishing and spoofing attempts.
- Next, make sure you’ve got a super simple unsubscribe option. It’s not just a nice-to-have anymore – it’s a must! A one-click list-unsubscribe option is quick, easy, and hassle-free. Mailchimp provides this as standard.
- It’s time to ditch that old @gmail.com address. Using your organisation’s custom domain is like putting on a tailored suit – it boosts your brand image and helps your emails land safely in the inbox.
- Last but not least, keep your spam complaint rate on the down-low. Aim for under 0.3% – that’s about three spam reports for every 1,000 messages. This tells everyone that your content is on point and people actually want to read it.
Sure, these changes might seem a bit intimidating at first, but they’re all about making the email world a better place. By upping your email game, you’re helping Google and Yahoo create a safer and more enjoyable experience for all email users.
Why These Changes Matter
According to a study by Valimail, a leading email authentication company, only 15.5% of global email domains have implemented DMARC, leaving the majority vulnerable to phishing attacks. Yahoo’s new authentication rules are a call to action for businesses to bolster their email security.
A report by Google states that phishing attacks have become more sophisticated, with attackers constantly evolving their tactics. Gmail’s enhanced DMARC policies are a strategic move to stay one step ahead of these threats.
High spam complaint rates not only damage your sender reputation but also contribute to the overall problem of inbox clutter.
Tailored Steps for Mailchimp users
For Mailchimp users gearing up for the Yahoo and Gmail authentication changes, here’s a tailored set of steps to ensure compliance:
1:Confirm Mailchimp’s DMARC Authentication:
Confirm and configure Mailchimp’s DMARC authentication settings. Utilise Mailchimp’s provided documentation and support for DMARC implementation to align with the authentication requisites of Yahoo and Gmail.
Recommended Steps for DMARC Implementation
Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a progressive rollout designed to fortify email security.
Initiate the process with a ‘none’ policy that monitors email flow, gradually advancing to a policy that rejects unauthenticated messages.
Start with a Relaxed DMARC Policy:
Commence with a DMARC record enforcing ‘none’ and configure an email address for daily DMARC reports. This allows you to receive reports without risking message rejection or spam marking. Use this record for at least a week, reviewing daily reports to ensure messages from your domain are authenticated and legitimate.
Review DMARC Reports:
Examine daily reports to identify authorised servers, authenticate messages, and pinpoint any failures. Look for trends, such as valid messages ending up in spam or bounce messages from recipients.
Quarantine a Small Percentage of Messages:
After a week of monitoring with no issues, update your policy to ‘quarantine,’ applying it to a small percentage of your mail. For example, apply the policy to 5% of messages, with enforcement set to quarantine.
Gradual Increase for Larger Organisations:
Larger organisations should cautiously increase the percentage of messages affected to stop the risk of rejection or spam marking.
Start with a small percentage, and slowly adjust based on monitoring.
Reject All Unauthenticated Messages:
Once confident that most or all messages from your domain are authenticated, update the DMARC record to a stricter policy. Set the policy to ‘reject’ for 100% of messages sent from your organisation.
By following these steps, you can implement DMARC gradually, ensuring a secure email environment and minimising the risk of legitimate messages being marked as spam or rejected.
2: DKIM and SPF Setup:
Validate that DKIM and SPF are appropriately configured for your Mailchimp account. While Mailchimp automatically generates and signs emails with DKIM, it is still essential to verify that the authentication aligns with the specifications outlined by Yahoo and Gmail.
3: Use Mailchimp’s Delivery Insights:
Use Mailchimp’s Delivery Insights feature within the campaign reports section to check the deliverability of your emails. Keep a vigilant eye on any authentication-related issues or warnings and promptly address them.
4: Update Email Lists:
Consistently update your email lists within Mailchimp to ensure precision and engagement among subscribers. You can do this by conducting a review of inactive Gmail addresses which will significantly reduce hard bounces, contributing to overall deliverability.
To do this, filter your database to exclude all Gmail addresses and include individuals who have not engaged with any campaigns in the past three months.
Finally, carry out an opt-in/opt-out campaign for this segment to refresh your audience.
5: Subscriber Education:
Let your subscribers know of the imminent changes. Educate them on actions such as whitelisting your emails, adding you to their contacts, or marking your emails as safe, ensuring sustained delivery to their inboxes.
6: Test Email Campaigns:
Conduct preliminary email campaign tests to Yahoo and Gmail addresses before the deadline. This means that your emails are accurately authenticated and reaching the intended inbox. Swiftly address any deliverability issues that may arise.N.B. Do this AFTER you have carried out your opt in / out campaign (see step no 4)
7: Monitor Mailchimp Updates:
Stay ahead of updates from Mailchimp regarding authentication modifications. Mailchimp may introduce features or updates designed to facilitate compliance with evolving email authentication standards.
Who is affected by these changes?
Organisations sending more than 5,000 emails a day to Google and Yahoo addresses will be directly impacted. However, the recommended security practices are beneficial for all email senders, promoting a safer and more reliable email environment
What is email authentication, and why is it essential?
Email authentication, involving DKIM, SPF, and DMARC, acts like a bouncer at the club door, ensuring emails are legitimate. It defends against spam, phishing, and unauthorized access, fostering trust in email communications.
What is DMARC, and how does it work?
Domain-based Message Authentication, Reporting, and Conformance (DMARC) is like a security guard enforcing rules based on DKIM and SPF. It allows you to set rules for handling unauthenticated emails, providing options to bounce or quarantine them, and offers reports for improving email delivery.
How can I adapt to these changes?
To adapt to the new email security standards:Implement security protocols (DKIM, SPF, DMARC).Provide a simple one-click list-unsubscribe option.Use a custom domain for sending emails.Keep spam complaint rates under 0.3%.
How can I get expert help in preparing my email for these changes?
Feel free to reach out to us for expert assistance in getting your email ready for the upcoming changes. We’re here to help you navigate through the process successfully.
By following these specific steps you can enhance your email deliverability and navigate the upcoming Yahoo and Gmail authentication changes with confidence. Remember, timely preparation is key to maintaining a strong sender reputation and ensuring that your emails continue to reach your audience effectively.
Give us a shout if you’d like some expert help in getting your email ready for the upcoming changes. Or you can read more about Email deliverability here.
If you want someone to help you with your Mailchimp account, whether it's setting it up, reviving it or just keeping it ticking over, don't be shy.
Queen Chimp Of Marketing
Cheesy as it sounds, Liz is the biz when it comes to Mailchimp & Email Marketing.
She's worked in Marketing for around 20 years when she went to uni and studied Multimedia Technology…That's where her love affair with all things Marketing began.
Since then she has worked for household names such as Wickes, The Rank Group, Nuffield Health, Snappy Snaps and Marriot. Not to mention a great variety of businesses and agencies.
Here at Chimp Answers she deals with all things Marketing focusing on the Content and Copywriting side of things such as Blog posts, Emails and landing pages. Liz is Certified in Direct-Response Copywriting, Google Digital Marketing Fundamentals,Hubspot Inbound Marketing,Hubspot Social Media and Mailchimp Foundations.
Join Our Troop
Like this article? Subscribe now to receive free tips and resources on Mailchimp and marketing.
The Mailchimp Fundamentals
There are some things that are 'Fundamental' to doing Mailchimp the right way.
We call them 'The Fundies'
Join the World's Biggest Mailchimp Community
The Mailchimp Answers Facebook group is the world's biggest Mailchimp community
Everyone has Questions
Understand the 10 most asked questions about Mailchimp... and get the answers to each of them.
A short video course with screen captures of the 10 most popular questions about Mailchimp.