New email standards: what you need to know

A person on a laptop sending emails.
(Image credit: Sendinblue)

In a significant move towards enhancing email security, Google and Yahoo will implement new email authentication protocols for high-volume email providers starting in February 2024. This initiative aims to bolster cybersecurity by mandating bulk senders who distribute over 5,000 messages daily to adhere to strict validation standards. The protocols, including Domain-based Message Authentication, Reporting and Conformance (DMARC), Sender Policy Framework (SPF), and DomainKeys Identified Mail (DKIM), focus on preventing list abuse, enhancing sender verification, and reducing phishing risks.

DMARC is particularly crucial in the fight against cyberattacks, as it authenticates sender addresses to block phishing and domain impersonation. In an era where AI-driven phishing attempts are increasingly sophisticated, tools like DMARC, SPF, and DKIM are essential for protecting email recipients. SPF safeguards domain names by verifying the sender's IP address, while DKIM adds a layer of cryptographic authentication to validate message ownership.

High-volume email senders should prepare now to comply with these new standards to maintain customer trust and messaging reach. Non-compliance could result in emails being blocked, affecting key business functions like customer acquisition and promotions. To meet these requirements, senders should audit their current email authentication measures, review spam complaint rates, and standardize email practices.

Gerasim Hovhannisyan

CEO/Co-Founder of EasyDMARC.

Simple steps high-volume senders should take to ensure future email deliverability

To avoid deliverability issues, high-volume senders should take proactive steps to ensure emails:

Audit current email authentication protocols: Review existing measures against the new standards. Ensure that all necessary authentication protocols are in place and functioning correctly. 

Configure SPF: Set up Sender Policy Framework to protect email domains. SPF works by authenticating an email's source IP address against an authorized list, thus combating domain spoofing and impersonation. 

Implement DKIM: Utilize DomainKeys Identified Mail to demonstrate email ownership. DKIM signs messages in a verifiable way, using cryptographic authentication to distinguish legitimate senders from malicious ones. 

Implement DMARC: Deploy Domain-based Message Authentication, Reporting, and Conformance to authenticate sender addresses. DMARC cross-references the sender’s address with domain name records, blocking emails that don't match, thereby preventing phishing and domain impersonation. 

Evaluate email practices: Standardize email formatting, content style, linking, and sending practices to align with conventional sender guidelines and maintain consistency. 

Review and adjust email lists: Monitor spam complaint rates, striving to maintain rates below 0.3%, with an ideal target under 0.1%. Enhance list transparency by reviewing subscription flows and opt-out processes in email preference centers.

The broader effort to reduce cybersecurity attacks

These measures are not just about adhering to new protocols; they are part of a broader effort by major email providers to distinguish legitimate emails from potentially harmful ones. Email is a common avenue for various cyber threats. Phishing attacks, the most prevalent form of cybercrime, exploit the trust of users to extract sensitive information. With the sophistication of AI, these phishing attempts are becoming more convincing, making it challenging for individuals to identify malicious emails. Business Email Compromise (BEC) scams, where attackers impersonate company executives or partners, are another significant threat, exploiting the perceived legitimacy of email communications.

The implementation of email authentication protocols like DMARC, SPF, and DKIM by Google and Yahoo plays a vital role in combating these threats. These protocols enhance the integrity of email communications by ensuring that emails originate from verified sources, significantly reducing the risk of phishing and BEC attacks. This verification process is instrumental in building recipient trust, a crucial factor in the effectiveness of email as a communication tool. Furthermore, authenticated emails are less likely to carry malware, protecting users from inadvertently downloading harmful content. By securing email channels, these protocols also contribute to the protection of sensitive data from being intercepted or misused by cybercriminals.

The introduction of these requirements highlights the need for an industry-wide evolution towards better email security practices. While implementing these protocols might be complex and require some investment, the repercussions of non-compliance — including potential data breaches and loss of user trust — are far more severe.

Looking ahead: The future of email security

As we move forward, the continued evolution of AI and its use in cyberattacks will only make robust email security practices more essential. Organizations of all sizes must recognize the critical nature of email in cybersecurity and take proactive steps to secure their email communications. The efforts of Google and Yahoo are just the beginning of what needs to be a unified approach towards securing digital communications against ever-evolving cyber threats.

The broader effort to reduce cybersecurity attacks via email is not just a technical necessity but a fundamental aspect of maintaining trust in the digital age. The commitment shown by industry leaders in implementing these email authentication protocols is a positive step towards a more secure and reliable digital future.

We've listed the best customer database software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here:

Gerasim Hovhannisyan is the CEO/Co-Founder of EasyDMARC, an early disruptor in email security.