Gmail and Yahoo 2024 Email Authentication: Your “To-Do” Checklist

If you send marketing or promotional emails, you might have already heard about the big changes coming to the email authentication and delivery landscape in February 2024. Headed by Google and Yahoo, the industry is moving toward best practices that make it harder for spam and phishing to thrive.

To help you prepare, we put together a checklist that addresses the major areas where you may need to take action. This article covers requirements that everyone can follow, but Kartra customers will have specific action items mapped out below.

KartraMail vs Third-party SMTP: Understanding the Difference

If you are a Kartra customer, it’s important to understand the difference between handling DKIM records if you use KartraMail as your email gateway or a third-party SMTP integration.

For KartraMail users, DKIM records will be generated in your Kartra account, so you can update your domain DNS (more on this later).

For those using an integrated SMTP like SendGrid, the DKIM records will be generated through the SMTP account console. To put it simply – your DKIM records are provided by whichever service delivers your mail.

Actionable Checklist for Email Authentication Updates

Follow these steps to understand how to comply with the new sender requirements and set up authentication for your domains.

1. Use a Custom Domain Email Address

A custom email domain is the name of your brand or website that you use to create email addresses for your company (eg. @abccompany.com). Using a custom domain email address as the sender for all outgoing emails lends credibility and is more recognizable to your recipients.

Action Items

• If you don’t already have one, register a domain name and set up a custom email address with your hosting provider. You can do this through Namecheap, Siteground, Bluehost, Google Workspace, GoDaddy, or other domain registries.
• If you are a Kartra customer and are using a default kartra.com placeholder email address in your KartraMail configuration, we recommend that you switch to a custom domain address instead.

Bonus Tip: If you send emails from more than one domain name, each domain will need to be set up with full authentication records individually. Add DKIM, SPF, and DMARC for all your domains.

2. Generate DKIM Records and Add Them to Your DNS Settings

DKIM (DomainKeys Identified Mail) signing ensures that a message is not modified during transit using a man-in-the-middle attack. This prevents attackers from altering communications between you and another party.

The details for your DKIM records are generated by the service you use to send mail on your behalf. After generating them, you must add the records to your domain’s DNS settings. Having these records in both places allows a mail server to confirm that your email messages are not modified.

Action Items

• Generate your DKIM records.
  
  • If you send mail with Kartra, DKIM record tools are coming to your account in January 2024. You will be notified when the configuration is available to use.
    
  • If you send mail with another SMTP service, check with your provider to understand how to generate and use DKIM records from their system.
• When you have DKIM records from your mail sender, add them to your domain’s DNS settings.

3. Add SPF Records to Your DNS Settings

SPF records (Sender Policy Framework records) are a type of DNS record that helps prevent email spoofing. This stops spammers from pretending to be you.

SPF looks at where the email is coming from and says, “Is this server on my list of approved senders?” If it is, the email passes the check. Setting up SPF records for your website is a key step to ensure that your emails are safe and trusted. 

If you already have an SPF record, either skip this step or modify your existing SPF record! Having more than one SPF record invalidates them all.

If you don’t already have an SPF record, here’s an easy way to set it up…

Action Items

• Log into your domain’s website and find the DNS settings.
• Then add a new record and insert your SPF details.
• Once that’s done, save your changes. Then head over to MXToolbox’s SPF Record Checker to check if it’s working properly.

4. Add DMARC Records to Your DNS Settings

DMARC (Domain-based Message Authentication, Reporting, and Conformance) policies inform email servers how to handle emails that fail SPF or DKIM checks. This is a vital step in the fight against spoofing and phishing. 

DMARC reports can help you monitor how your sender domain is being used and whether your legitimate messages are being authenticated correctly.

Action Items

• Decide what DMARC policy you want to implement for mail that fails authentication checks.
• Add a DMARC TXT record to your DNS to specify the policy and email addresses to receive reports on DMARC failures (MxToolbox, WP Mail SMTP, eSecurityPlanet).

Bonus Tip: If you’re new to using DMARC, it may be best to start out with the least restrictive policy and work your way up as you learn more about how mail is being delivered from your domain. For now, Google allows a DMARC policy of “none,” but don’t expect it to stay that way. If you set your policy to none, we highly recommend that you create a plan to monitor your emails and move to a more restrictive policy.

5. Clean Your Subscriber List

An engaged and clean subscriber list ensures better deliverability and compliance with new email standards.

Action Items

• Create a plan to periodically review your email list, remove inactive subscribers, and confirm that your remaining subscribers are genuinely interested in your content.
• Check out our complete Guide to List Cleaning & Maintenance for more tips on how to keep your list clean in Kartra.

6. Monitor and Adjust as Needed

Continuous monitoring allows you to adjust your strategies and maintain compliance with evolving email standards.

Action Items

• Use tools like Google Postmaster Tools to monitor your domain’s reputation and deliverability metrics. Please note that this tool only monitors Gmail, and does not include Google Workspace emails.
  
• Use a DMARC reporting tool to read and understand the reports generated by your DMARC policy.
  
• Keep an eye on your engagement and spam complaint rates to make sure your audience is interested in what you’re sending.

You know what they say – knowledge is power! Adjust your email practices based on these insights.

7. Enable one-click unsubscribes

Make it easy for recipients to unsubscribe with just one click. Kartra has built-in tools that enable this feature, so Kartra customers do not need to take any action to ensure compliance.

8. Process unsubscribe requests within two days

Ensure that all unsubscribe requests are processed within two days. As a Kartra customer, there is no need for you to take any additional steps. Kartra already does this for you.

9. Stay Informed

Email authentication standards and technologies are constantly evolving. Responding to change promptly will help you protect your sender reputation and stay out of the junk folder.

Action Items

• Regularly check for updates from email service providers and technology blogs. Stay informed about the best practices in email security and deliverability.

To Review

Here is the recap of how to comply with Google and Yahoo’s new email guidelines:

1. Use a custom domain email address
   
2. Generate DKIM records and add them to your DNS settings
   
3. Add SPF records to your DNS settings
   
4. Add DMARC records to your DNS settings
   
5. Clean your subscriber list
   
6. Monitor and adjust as needed
   
7. Enable one-click unsubscribes
   
8. Process unsubscribe requests within 2 days
   
9. Stay informed

By implementing this checklist, you can ensure that your email marketing strategies will align with the upcoming 2024 email authentication standards.

Don’t Wait Until the Last Minute

If you are already sending emails for your business, start following these guidelines as soon as possible. A proactive approach will not only help your messages avoid spam filters but will enhance the overall security and effectiveness of your email communications. If you don’t meet these new rules in time, your emails might not reach their destination, or worse—get tagged as spam.

For Kartra customers , the tools and updates to implement DKIM, SPF, and DMARC are coming to your account soon, but you won’t be able to start on those just yet. In the meantime, now is a great time to make sure that your list is clean and engaged and that you have a solid strategy in place for monitoring and improving authentication over time.

Need Help?

If you need support, Kartra has got your back!

Join our team on January 16th, 2024, at 8 am PST for a webinar where we will provide guidance on upcoming email deliverability changes. Our goal is to ensure Kartra customers enjoy smooth, seamless email delivery. You can register for that by clicking here.

After the webinar on January 16, the Kartra Community will host Q&As the following two weeks. If you are not already part of the community, you can request to join it by clicking here.

In the meantime, you can also check out Gmail’s guide on Preventing spam, spoofing & phishing with Gmail authentication.

Wrapping Up

Follow this checklist to ensure your emails land in the inbox. Keeping up with these changes is like giving your email strategy a boost. Stay informed, start prepping, and you’ll be all set for a smooth email journey. We’re in this together. Let’s make sure our emails stay spam-free!

If you’re looking to comply with Google and Yahoo’s latest guidelines for sending emails and don’t have a Kartra account yet, get started with Kartra now by clicking the button below.