Updated Sender Requirements
Starting February 2024, Gmail and Yahoo began enforcing more stringent requirements for senders to authenticate outgoing email. This includes publishing well formatted and maintained SPF, DKIM, and DMARC records, among other requirements. Failure to comply with these updated requirements may impact email delivery.
According to Yahoo, “Enforcement will be gradually rolled out”, as they are taking the first half of the year to monitor compliance. This provides organizations with a last opportunity to review current configurations and make necessary updates to comply with the new sender guidelines before seeing significant impacts to their email delivery.
What does this mean?
This is a major milestone in email security across the internet at large. Not only will these updated requirements force organizations to improve their email configurations for greater control against email spoofing and associated risks, but underlying we see this as an announcement to the world that SPF, DKIM, and DMARC standards are valuable, achievable, and working!
Moving past that positive message, spfXio.com research shows that organizations have much work ahead of them to achieve compliance.
Why are SPF and DMARC a challenge?
Of the nearly 40,000 domains spfXio.com actively monitors, 30% of domains do not have a well-formatted SPF record and nearly 60% do not publish a DMARC record. These numbers are telling, and naturally begs the question, “Why?”.
Many organizations do not publish a SPF record at all and of records published, many do not comply with published SPF standards. The reality on the ground is that the expertise required to construct well-formatted SPF records is largely lacking across industries. Read more about the Top 5 SPF Configuration Errors we’ve observed in our research.
DMARC is not set it and forget it. Publishing a valid DMARC record is only the first step. DMARC reporting requires periodic review to monitor email authentication performance, tune sender configurations, and maintain targeted DMARC pass rates. Failure to provide this level of oversight results in unmanaged configurations that may lead to email delivery impacts. Again, many organizations lack the expertise and bandwidth to manage these aspects of DMARC.
What should I do?
Every improvement begins with understanding your current state. Now would be a good time to take advantage of our free Domain Inspector for a personalized analysis of your domain’s SPF and DMARC records. Book a free consultation with one of our experts and let us walk you through your results, explain identified issues, and provide guidance for improvement.