New Paragraph
What Small Business Owners Need to Know About Email Authentication Requirements
March 8, 2024
Have you been having trouble sending out bulk emails and email blasts recently?
Are you suddenly having deliverability issues with clients and vendors you've been emailing for years?
If so, you're not alone — Google and Yahoo rolled out new DMARC requirements in February, creating headaches. We have heard that many of our small business owner clients and their IT departments are having such headaches.
To investigate this issue, we have leaned on IT expert and long-time TAG peer board member Fred Moore of Moore Computing. Fred has walked us through changes to DMARC and offers advice on how small business owners can get their emails back into the inbox. While DMARC changes have thrown many into a temporary tailspin, the changes represent a move to safer and more secure email communication for all parties.
Let's discuss what small business owners need to know about DMARC, how they can ensure their emails reach customers' inboxes, and how to keep their business digitally secure.
What is DMARC?
Cybersecurity measures are similar to cars: most of us drive one daily, but most are unable to lift the hood and understand exactly how it runs. Most of us rely on cybersecurity measures to keep our businesses safe online, but we may need help understanding the technical elements that keep us safe. That said, all small business owners should have a general background in cybersecurity, and DMARC is a great place to start.
DMARC stands for "Domain-based Message Authentication, Reporting & Conformance." The idea behind DMARC is to limit the volume of scams and phishing on the internet. DMARC works with SPF and DKIM.
SPF (Sender Policy Framework) is a list of services and servers that are authorized to send emails on behalf of your domain, and DKIM (DomainKeys Identified Mail) is a digital seal that verifies the content of your email hasn't been altered or tampered with. DKIM is also able to withstand email forwarding, whereas SPF can not.
Senders and Recipients
At its core, DMARC validates the authentication of the sender of an email message. When there are deliverability issues with a message, it usually falls back on the sender. Small business owners know the importance of getting marketing campaign emails and other communications into their customers/clients' inboxes; to accomplish this, it is crucial to follow all protocols to ensure you have the best chances to reach customers' inboxes at an optimal place (i.e., not the spam folder), and avoid spam complaints.
How does your email make its way to recipients? It follows a basic flow:
● The email is composed and sent
● The sending mail server will add DKIM
● The email is sent to the recipient's server
● Validation tests begin, checking DKIM, SPF, and DMARC policies
● The email either passes, is quarantined, or is blocked/deleted
● If the email passes, it goes through the recipient's user filters and inbox rules
Who Is Affected by These Changes?
Anyone who sends 5,000+ external messages daily to Google or Yahoo inboxes will be affected (and the list will probably grow). If you use Google Workspace to host your domain, internal messages may also count toward the 5,000 daily threshold. As many small business owners are finding, this also includes messages sent on behalf of your business by third-party email service providers such as MailChimp, Constant Contact, and Active Campaign.
Although the initial DMARC setup takes time, it will ultimately help your inbox placement. Internet service providers favor messages from senders with up-to-date DMARC records and follow established email standards.
What Changes Do I Need to Make?
The most crucial changes to focus on are ensuring you have DMARC configured in your DNS records. DMARC data should be published in DNS as TXT records. Check out some examples here.
Beyond DMARC, you should also check that you use best practices when sending bulk emails. A significant component of this is who you are sending emails to. You risk getting spam complaints if you send messages to users who have not opted in. The new requirements are to crack down on spam, and services such as GMAIL require senders to have a "Spam Complaint Rate" below 0.3%.
You should also be sure you have a "one-click" unsubscribe option in your email blasts (usually at the end of the email). Many third-party email service providers may already have this function, but ensuring recipients can unsubscribe from messages is essential. Yahoo will begin enforcing this requirement starting in June 2024.
Looking Ahead
This change should remind small business owners to look closely at all their cybersecurity measures, with email and beyond. We have been recommending that our clients invest in a cyber insurance policy; small businesses are often the victims of spoofing, phishing, and more severe cyberattacks. While we aim to help our clients to the best of our ability, having cyber insurance adds another layer of safety and peace of mind.
We also recommend that our clients consider using Dmarcian, a third-party DMARC service. They have many resources on their website and solutions for businesses of all sizes.
Connect With The Alexander Group
A group of individuals with similar goals is vital to a small business owner. Our group of Greater St. Louis area business owners collaborates, discusses everyday issues, and develops dynamic solutions. When business owners pair this with our one-on-one coaching, they set themselves up for success.
Contact us today if you're a business owner ready to commit to improvement!
Are You Ready?
Are you ready to dissolve your barriers & commit to executing and achieving your vision?
Request to qualify for a one-on-one business diagnostic.
We'll take an assessment of your current circumstances, and take you to meet our advisory boards.
What are you waiting for? Contact us today!
