Email Deliverability: New Rules and Steps to Take

Google and Yahoo introduced significant changes to email authentication practices by enforcing new guidelines for senders who deliver mail to their users. Their goal is to reduce the risk of phishing and spam by creating a safer, more enjoyable email experience. These new sender guidelines went into effect on February 1, 2024.

All Kartra customers will be able to successfully meet the guidelines. As a matter of best practice, we always recommend that you aim for the highest level of compliance.

Kartra has developed new tools, so its customers can successfully meet Google and Yahoo authentication requirements. Kartra customers received an email and an in-app notification when these tools became available on January 15, 2024, providing enough time to take the required steps before February 1, 2024.

To read Google’s detailed email sender guidelines, click here.

Use Kartra to improve deliverability

Let’s get into how Kartra addresses each item.

1. Add DKIM email authentication for your domain.
   On January 15, Kartra released a new feature that lets you add a custom sender domain and generate DKIM (DomainKeys Identified Mail) records. You will add those records to your domain’s DNS settings to complete the authentication loop between Kartra and your domain.If you are a Kartra customer, you will need to add your sender domain to Kartra and create CNAME records in your domain’s DNS (CNAME record details are generated by Kartra in the account).
   
2. Add SPF authentication for your domain.
   If you use KartraMail, SPF authentication is automatically provided with the DKIM records generated in your account. This is done for you, so there’s no need to add a separate SPF record!
   
   However, if you use an integrated SMTP and don’t already have an SPF (Sender Policy Framework) record, you will need to set one up. This requires you to add a record in the domain account. You can use a free tool like EasyDMARC to generate a record in the correct format if you need help.
   
   If you already have an SPF record, do not add another one! Having more than one SPF record invalidates them all.
   
   Check with your SMTP service to find out how to create the contents of the SPF record and add it to your DNS settings.
3. Ensure that sending domains or IPs have valid forward and reverse DNS records, also referred to as PTR records.
   If you are using KartraMail, you can skip this step. We have already taken care of this for you.
   
4. Use a TLS connection for transmitting email.
   Transport Layer Security (TLS) is a security protocol that encrypts email for privacy. If you are using KartraMail, this is already done! Your messages are transmitted using the required connection.
   
5. Keep spam rates reported in Google Postmaster Tools below 0.10% and avoid ever reaching a spam rate of 0.30% or higher.
   Kartra already enforces a spam complaint standard of 0.03% across our entire platform, which will keep you well within the new requirements. Emails sent with KartraMail are monitored by our team using Postmaster Tools and other processes. Our team maintains the baseline, but it’s always a good idea to be aware of your own delivery performance. You can monitor your own delivery performance in Google Postmaster Tools (GPT) once your custom DKIM is properly configured. 
   
6. Format messages according to the Internet Message Format standard (RFC 5322).
   Don’t sweat this one (I know, it sounds complicated). The Kartra email builder produces emails in the required format, so you don’t have to worry about it.
   
7. Don’t impersonate Gmail From: headers. 
   Gmail will begin using DMARC (Domain-based Message Authentication, Reporting, & Conformance) quarantine enforcement policy, and impersonating Gmail From: headers might impact your email delivery.
   
   Impersonation is the practice of sending a message from an origin that does not match the send-from address specified for the email. With this change, if a Gmail address is used as the sender on a message that is not sent by the Gmail mail server, their new quarantine policy means that those messages will end up in the recipient’s junk folder.
   
   The good news is that Kartra already prevents the use of free email addresses as a sender, because it’s never been a good practice for sending marketing mail. If you are using Kartra, you should already have a custom domain sender address in place.
   
8. If you regularly forward email, including using mailing lists or inbound gateways, add ARC headers to outgoing email. 
   Authenticated Received Chain (ARC) headers allow each intermediary mail server to sign the header they add to an email, which helps improve how DKIM and SPF results are passed from one mail server to the next during forwarding. 
   
   ARC headers are automatically provided with KartraMail, so no action is required by Kartra customers. If you are using an integrated SMTP, check with the SMTP service to find out how to set this up.
   
9. Set up DMARC email authentication for your sending domain. Your DMARC enforcement policy can be set to none.
   DMARC policies tell recipient mail servers what to do with emails sent from your domain that fail the DKIM or SPF authentication, so it’s an important part of keeping your domain safe from scammers.
   
   Once the DKIM and SPF updates for Kartra are complete, you’ll be able to set up DMARC records for your domain in your DNS settings. 
10. For direct mail, the domain in the sender’s From: header must be aligned with either the SPF domain or the DKIM domain. This is required to pass DMARC alignment.
    Simply put, the email address you use as the sender for your messages must have the same domain that you authenticated with DKIM or SPF. For example:
    
    • Add DKIM and SPF authentication for yourdomain.com
    • Send email from joe@yourdomain.com
    • Because the email sender joe@yourdomain.com uses the same domain you authenticated, your messages will pass DMARC alignment.
    • Once the DKIM and SPF updates for Kartra are complete, you’ll be able to complete and validate your sender domain authentication and DMARC policy.
11. Marketing messages and subscribed messages must support one-click unsubscribe, and include a clearly visible unsubscribe link in the message body.
    Kartra will add the one-click header to our existing subscription management. No action will be needed from you to implement it! We’ll add the new function to every Kartra account.

Frequently Asked Questions

When can I complete these updates?

Kartra will be releasing updates in the account interface and backend to enable adherence to these guidelines by January 15, 2024. Our priority is to make sure you’re prepared for the actions you’ll need to take as soon as the updates are live in your account and will notify you as soon as they’re available. You will have time to finish this before February 1, 2024.

Do I need to do all this? I send less than 5,000 emails per day.

Google’s published requirements for the February changes differentiate between senders that send more or less than 5,000 emails per day to a Google email address. However, our recommendation is to position yourself at the top of the class whether you’re a bulk sender or not.

For best practice, we strongly recommend that all users follow all higher-level requirements, regardless of how many emails you send. Taking these steps now will put you ahead of any increases in the future and help you plan for your growth.

How do I prepare if I have more than one sender domain?

If you send emails from more than one domain, each domain will need to be set up with full authentication records individually. Add DKIM, SPF, and DMARC for all your domains.

Bonus tip: If you own domains that you don’t send email from, it can still benefit you to add authentication protection to them. This can stop spammers and spoofers from hijacking your domains.

How do I prepare if I use the default kartra.com placeholder with KartraMail?

If you currently use the KartraMail sender placeholder – username@kartra.com – you will still be able to send mail from your account. The Kartra domain will fully authenticate with no action from you.

However, we strongly recommend that you switch to using a custom business domain for your sender email address.

A custom business domain lends significant credibility to the communications you send to your customers and prospects and allows you to set up your own DKIM, SPF, and DMARC authentication.

What are DMARC policies and what kind should I create?

DMARC (Domain-based Message Authentication, Reporting & Conformance) policies determine what happens to emails from your domain if the recipient’s mail server can’t verify their authenticity. When you create a DMARC record, you specify the policy and provide an email address where you can receive a DMARC performance report.

You can add DMARC records directly in your DNS settings to specify the policy and reporting address.

What is the difference between DKIM and SPF records?

DKIM and SPF protocols are both used to authenticate the sender for an email message, but in different ways.

DKIM is like a digital signature for your domain. Authentication with DKIM is enabled by the creation of DKIM records by a sender service (like Kartra) that are added to the DNS settings for an email domain. The mail server that receives a message can verify the authenticity of the sender’s identity by matching the signature with the records entered in the domain DNS.

SPF is set up as a text record containing a list of IP addresses or domain includes that are authorized to send emails on your behalf. It’s like a safelist for approved senders that a mail server can check the details on an email against.

If you use KartraMail, you don’t need to add SPF separately — your auto-generated DKIM records include SPF details. If you use an integrated SMTP, contact your provider for help with setting up an SPF record that authorizes their server.

Where do I find my DNS settings?

DKIM, SPF, and DMARC all have a DNS configuration component to set up. The DNS settings for your sender domain are found in the account where your email domain is hosted. If you’re not sure where that is, check a recent payment invoice. Whatever company you pay to maintain your domain will have an account where you can login and manage it.

How do I know if my DKIM, SPF, or DMARC records are set up correctly?

There are thousands of tools that can be used. Here are some recommendations:

• DMARC Record Lookup and Checker | EasyDMARC 
• DKIM Checker and Lookup Tool tools | EasyDMARC
• SPF Record Checker and Lookup Tool | EasyDMARC

I still have questions, how can I learn more?

We are committed to making sure that you have every detail you need to meet these requirements and deliver email successfully in 2024. Coming up, look for:

• A live webinar with a Kartra email expert on January 16, 2024. Click here to view the replay recording.
• More blog content
• Updates via email and in-app Kartra notifications on when DKIM tools go live on January 15, 2024.

Fighting the Good Fight Against Spam

Remember, these authentication changes are about protecting both senders and recipients from spam. By implementing best practices for delivery, you can make sure that your emails reach your audience effectively and maintain a healthy sender reputation.

We hope these FAQs help you navigate the new Google and Yahoo requirements which will set the standard for all email providers! 

Need help or have questions? Feel free to reach out to Kartra’s support team.

If you’re looking to comply with Google and Yahoo’s latest guidelines for sending emails and don’t have a Kartra account yet, get started now by clicking the button below.