Are your emails not getting through? Changes to Google and Yahoo DMARC Policy might be to blame

Are your emails not getting through? Changes to Google and Yahoo DMARC Policy might be to blame

Email deliverability can be tricky to guarantee, and now with recent changes to Google and Yahoo’s DMARC policies getting your emails delivered to your customers and prospects may be even more difficult.

First, we should start out by explaining what DMARC is, DMARC or Domain Based Message Authentication is the process that checks to make sure the email that’s being sent is being sent from the domain it’s proclaiming to be. Its main purpose is to protect against email spoofing, which is when you have an email that says it’s from @yourdomain.com but is really from @notyourdomain.com.

Why is that important? Ideally you do not want potentially bad actors being able to masquerade as you on the web and contact your customers or potential customers. The hiccup is that setting up DMARC and the provisions that go into it (SPF or Sender Policy Framework and DKIM or DomainKeys Identified Mail) are not for the faint of heart.

SPF and DKIM are the groundwork that is then checked by DMARC, and we apologize for throwing all of these acronyms at you, but we promise they’re important if you are a business who relies on email (and who in the current day and age doesn’t?). Especially if most of your customers have Gmail or Yahoo emails.

Gmail and Yahoo have both updated their policies to take a tougher stance on emails being sent without these policies set in place. To put it simply, if you don’t have these setup your emails are going to be sent to the spam box or not reach your target at all.

So how do you begin setting up, SPF, DKIM, and DMARC for your business?

SPF (Sender Policy Framework):

  1. Access your DNS records: Log in to your domain registrar or DNS hosting provider where your domain's DNS records are managed.
  2. Create or edit your SPF record: Locate your domain's DNS settings and add a TXT record. If you already have an SPF record, you'll need to edit it. If not, create a new one.
  3. Define your SPF policy: In the TXT record, specify which servers are authorized to send emails on behalf of your domain. This is done by listing the IP addresses or domain names of your authorized email servers. For example, if you use Google Workspace for your email, your SPF record might include something like: "v=spf1 include:_spf.google.com ~all". This indicates that Google's servers are allowed to send emails for your domain.
  4. Test your SPF record and Publish your SPF Record: Use SPF testing tools to verify that your SPF record is correctly configured. There are various online tools available for this purpose. Once you're confident that your SPF record is set up correctly, save the changes in your DNS settings. It may take some time for the changes to propagate across the internet.
  5. Monitor and maintain: Periodically review your SPF record to ensure it remains accurate. If you change your email infrastructure, update your SPF record accordingly.

DKIM (DomainKeys Identified Mail)

  1. Generate DKIM keys: You'll need to generate a pair of DKIM keys - a private key and a public key. The private key will be used to sign outgoing emails, and the public key will be published in your domain's DNS records for email receivers to verify the authenticity of your emails. This tool can be used to generate DKIM keys for you.
  2. Add DKIM DNS record: Log in to your domain registrar or DNS hosting provider where your domain's DNS records are managed. Add a new TXT record to your DNS settings. This record should contain your DKIM public key along with some DKIM-related tags that specify the version, the domain, and the selector for your DKIM keys.
  3. Configure your email server: Set up your email server to sign outgoing emails using the private key you generated earlier. Most email servers have built-in support for DKIM signing, and you'll usually need to specify the location of the private key and the DKIM selector.
  4. Test DKIM: Send a test email from your domain and verify that it's properly DKIM-signed. You can use various online DKIM validation tools to check if your DKIM setup is correct.
  5. Monitor and maintain: Regularly monitor your DKIM setup to ensure that it's functioning correctly. If you change your email infrastructure or rotate your DKIM keys, remember to update your DKIM DNS record accordingly.

DMARC (Domain-based Message Authentication)

  1. Create a DMARC policy: Determine what action you want email receivers to take when they receive emails that fail DMARC authentication. Options include monitoring (no action), quarantining (sending suspicious emails to spam folders), or rejecting (blocking suspicious emails).
  2. Publish your DMARC record: Log in to your domain registrar or DNS hosting provider and add a TXT record to your domain's DNS settings. This record contains your DMARC policy along with additional information such as the email address where DMARC reports should be sent.
  3. Monitor and maintain based on DMARC reports: Configure your email system to generate DMARC reports and send them to the specified email address. These reports provide valuable information about how your domain is being used for email, including details about SPF and DKIM alignment.

We hope the breakdown of how to setup these policies was helpful, but if you’re looking at this list and thinking there’s no way I can implement this on my own then that is where Valley Techlogic can help.

We have helped our clients navigate domain challenges and answer technical questions such as how to improve email deliverability on top of providing IT solutions that help navigate other day to day technological challenges. Get started with us today.

Looking for more to read? We suggest these other articles from our site.

This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.