Understanding DMARC Email Sending Requirements

Overview

As the landscape for email security and regulations keeps changing, we here at ONE have your back!

Google and Yahoo announced requirements that email marketers must have in place by February 2024. Previously, these requirements were considered as best practices, but not mandatory. Going forward, Google and Yahoo are going to ensure that bulk email senders comply, or see their emails go to spam.

What are the requirements from Google and Yahoo?

Here's a quick summary of the new requirements:
Setting up a strong domain authentication by adding a DMARC policy ( Action Required, we'll show you how! )
Email recipients must be able to unsubscribe from emails with one click (No action required, we already ensure that all emails include an unsubscribe link)
Low Spam Threshold (We already ensure that your spam complaint rate should be lower than 0.05%, which meets Google/Yahoo's criteria)
The sender email cannot be from a gmail.com/yahoo.com etc. domain (No action required, we already do not allow this)

In short, there's not much you need to do except setup a strong domain authentication by setting up a DMARC policy! We'll show you how to do that below.

Why are Google and Yahoo imposing these changes?

Email has become an increasingly central communication point in everyone's lives and because of it's importance and ubiquity, Google and Yahoo are taking actions to make it safer and secure. These requirements add an additional layer of email validation, which will help prevent unwanted spam and potential abusers from taking advantage of unsuspecting victims.

Adding a DMARC policy was always considered an email sending "best practice", but now it will be a requirement. This policy will have the added benefit of improving deliverability of your emails to avoid the spam box, particularly with Google and Yahoo. A DMARC record helps ISPs identify you as someone who is serious about following established email standards, and therefore improving your credibility right out of the gate!

What is a DMARC Policy?

Think of DMARC as a bouncer for your email domain. It tells everyone who is authorized to send emails on your behalf and what to do with messages that don't have your permission. Basically, it lets inboxes know that the email is coming from an authenticated source.

How do I set up a DMARC policy?

Login to your domain registrar (wherever you have purchased your domain, e.g. GoDaddy, Shopify Domains etc.)
Create a new DNS record specific for DMARC (in most cases this should be a TXT record, please check your registrar's help page for specific troubleshooting)
For the Hostname please enter _dmarc (please note that the underscore is required)
For the Value field, please ensure that the root domain has the following:
v=DMARC1
p=none
rua=mailto:dmarc-reports@mydomain.com (this one is optional, but good to set up if you'd like to receive notifications to this email address)

Please note that the "p=none" value is good enough to meet Google and Yahoo's requirements. If in the future you would like to take another step in email security, you can also change the value from "none" to "quarantine" or "reject"

When you have added the record, it should look similar to the record below:



Lastly, please note that ONE cannot setup a DMARC policy for you, but our support team will be happy to help you through the process!

Updated on: 14/02/2024