February 13, 2024

Get Ahead of Email Inbox Authentication Changes

You’ve probably already seen the alert in your marketing automation platform: email authentication changes are coming.

In this blog, we help explain the changes you need to make to keep your program aligned with inbound provider policies now and in the future.

If it feels like a full-time job keeping up with all the changes in SEO, social algorithms, and planning for a cookie-less future, we can relate. We’re here to help explain the upcoming email deliverability changes, what they mean for you, and help you prepare to ensure you’re ahead of the curve.

In short: major email providers like Gmail and Yahoo are enacting stricter email authentication requirements starting this month (February 2024). The good news: these changes are aimed primarily at high-volume emailers – we’re talking about companies that are sending over 5,000 emails per day. You likely don’t fall into that category – but that doesn’t mean you can ignore the new email protocols. These changes are likely to impact all senders eventually, so it’s time to educate yourself on the changes you’ll need to make before that happens.

By taking proactive steps now to implement authentication best practices, email senders can get ahead of the changes, understand expectations, and avoid deliverability pitfalls down the line. Let’s get your inbox delivery prepared for the future!

What do the new email authentication changes mean?

Any emails that don’t comply with stricter DomainKeys Identified Mail (DKIM), Sender Policy Framework (SPF), and Domain-based Message Authentication, Reporting and Conformance (DMARC) records run the risk of deliverability issues. We’re talking quarantines, spam folders, and even outright bounces.

The major email marketing platforms are aligning with these policies as well for their customers. As a marketing agency, we work with a number of clients using HubSpot for email sending. HubSpot has provided guidance to ensure emails sent through their servers are properly authenticated in line with major inbox providers – you can find their knowledge base article here.

Understanding the Key Authentication Protocols

To understand the incoming requirements, let’s quickly cover the purpose of the main email authentication systems:

DKIM (DomainKeys Identified Mail)

DKIM verifies that an email is really coming from the domain specified in the sender address. It works by adding a digital signature to the message header using a key. The receiving server validates the key to confirm the email’s origin.

SPF (Sender Policy Framework)

SPF confirms that the email server sending a message is authorized to send on behalf of the domain specified. It works by cross-checking the sending server IP address against a DNS record that lists designated servers approved to send for that domain.

DMARC (Domain-based Message Authentication, Reporting and Conformance)

DMARC builds on SPF and DKIM by specifying a policy for handling emails failing those authentication checks. For example, setting DMARC policies to quarantine or reject non-compliant messages.

DMARC also provides aggregate and per-message reporting about non-authenticated emails to improve deliverability over time by pinpointing issues.

So in summary, implementing some combination of DKIM, SPF, and DMARC confirms your legitimate right to send from a domain. Email services will increasingly expect and require these records going forward.

Actionable Steps to Comply

Follow these key action steps to tackle the configurations:

Reference your email service provider (ESP)’s updated guidelines to see specifically what records are now required and format/syntax guidance.
Engage your IT team or domain host. Share the specifications of your email platform and have them add the necessary DNS entries like:
1. DKIM TXT entry
2. SPF TXT entry
3. DMARC TXT entry

This does entail tackling some technical configurations at the domain level. But by using your ESP/platform’s guidance and engaging the right internal teams, marketers can spearhead getting their domains onboarded and compliant with minimal delivery disruption.

If you need additional help, you can also engage your marketing agency partner, or search services like Upwork or Fiverr for email deliverability assistance.

Beyond Technical Compliance

While getting the proper DNS records added addresses the compliance aspect, marketers should view proper authentication as an opportunity.

Having confirming DKIM, SPF, and DMARC records inherently builds your domain’s reputation as a legitimate sender over time. Receivers recognize your right to send mail, facilitating better deliverability and inbox placements thanks to that credibility.

Prioritize Authentication

If you haven’t already, review your ESP’s updated guidance and engage internal teams to implement the DNS records and configurations needed. Staying ahead of these authentication shifts safeguards your domain’s sending reputation, and taking a proactive stance ensures your email program has a healthy future delivering to the inbox for years to come.