Jennifer ZemanPrincipal Product Manager, Email Security.cloud
Posted: 2 Min ReadFeature Stories

How to Prepare for New Email Authentication Requirements

Non-compliant email could be rejected as soon as 31 March 2024

Gmail and Yahoo are introducing new sender authentication requirements to provide end users a safer email experience.  At a high level, this means that organizations that send significant amounts of email to Gmail or Yahoo inboxes need to adopt a sender authentication standard.  This will allow Google and Yahoo to verify the sender’s identity.  So, even if you don’t use Gmail or Yahoo, you need to pay attention as the requirements apply to organizations that send to Gmail or Yahoo.

Any business that’s a high volume sender of email - sending more than 5,000 daily emails to Gmail or Yahoo email accounts - this change will affect you. Even businesses that don’t meet the threshold should adopt the sender authentication standard. It prevents email domains being fraudulently abused, and that ultimately impacts the trust anyone can place on your brand.

High volume email senders are required to use SPF, DKIM and DMARC (various industry recognized sender authentication standards), with the goal of ensuring Gmail and Yahoo end users can place more trust in the email they receive.  Any email that doesn’t comply risks being rejected or marked as spam.  Google and Yahoo have stated that they will put this into effect in the first quarter of 2024.

 The key requirements for organizations are:

  • Ensure sent email is authenticated using SPF, DKIM, and DMARC and, at a minimum, sent from a domain with a DMARC policy of at least p=none

  • Have a valid forward and reverse DNS record for your sending IP addresses

  • Comply with RFC 5321 "Simple Mail Transfer Protocol" and RFC 5322 "Internet Message Format"

  • Provide one-click unsubscribe links

  • Refrain from sending unsolicited email

Implementing DMARC enforcement is hard.  Most organizations fail because they take a one-time project approach which underestimates the complexity and maintenance required.  The Symantec Email Fraud Protection solution provides a fully automated sender authentication solution that makes DMARC enforcement easy and accessible. It enables you to easily comply with these new requirements and manage emails coming from your domain.  We provide the Email Fraud Protection monitoring portion of the service complementary to all our Email Security.cloud customers so you can gain 100% visibility into all email traffic using your domains.  For complete details on the Email Fraud Protection solution please visit the following link.  

References:

https://senders.yahooinc.com/best-practices/

https://blog.google/products/gmail/gmail-security-authentication-spam-protection/

Symantec Enterprise Blogs
You might also enjoy
4 Min Read

No One is Immune

Microsoft, HPE, and the need for data-centric security

Symantec Enterprise Blogs
You might also enjoy
4 Min Read

Four Tools For Better DLP Hygiene

Are you using these four DLP system tools to optimize incident data?

About the Author

Jennifer Zeman

Principal Product Manager, Email Security.cloud

Jen is currently the Head of Email Security Product Management, with a strong background in networking and cloud security

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.