Brace yourselves, email users! February 2024 marks a new era in inbox defence, courtesy of Google and Yahoo’s joint assault on spam and phishing. Get ready for cleaner inboxes, less hassle, and a much safer digital space. But what exactly is brewing in the email sphere?
Understanding that their users are getting overwhelmed by the number of communications people are exposed to daily, Google and Yahoo are making some changes to their email systems, starting 1 February 2024.
From spam to fraud, these changes are great news for consumers… but also do have an impact on marketers. Here’s what you need to know.
New privacy protection
Google and Yahoo both talk about “more secure, less spam” – it’s the dream! Enforcing email standards will give users a better experience and more control over what they want to see.
With a focus on email validation, here’s what they are going to be enforcing:
- Google and Yahoo will require all senders to authenticate their emails
- Recipients must be able to easily unsubscribe from bulk mailings, and senders must process those unsubscribe requests within two days
- Google is establishing a clear spam threshold of 0.3%
Mandatory authentication
Picture this: a digital bouncer scrutinising every email before it reaches your inbox. That’s essentially what’s happening. Google and Yahoo are mandating email authentication using a trio of protocols: SPF, DKIM, and DMARC. These act like ID checks, verifying the sender’s legitimacy before granting inbox access.
Explaining the jargon
The key to this digital spring cleaning lies in a trio of email security protocols: SPF, DKIM, and DMARC. Each tells email receivers (like Gmail and Yahoo) what to do with unauthenticated emails.
- SPF (Sender Policy Framework): This gatekeeper verifies if the email sender’s address is authorised to send emails for that domain. No more spoofing your boss’s email or pretending to be Netflix (unless you actually are, in which case, hi!).
- DKIM (DomainKeys Identified Mail): This digital signature ensures the email hasn’t been tampered with in transit. Imagine a wax seal on a royal decree – if it’s broken, you know someone’s been messing around.
- DMARC (Domain-based Message Authentication, Reporting & Conformance): This commander-in-chief tells email providers like Google and Yahoo what to do with emails that fail the SPF and DKIM tests. Think “quarantine” for suspicious emails and “reject” for the blatantly phishy ones.
What this means for you personally
Rejoice! Cleaner inboxes, reduced stress, and a safer digital environment are on the horizon. But remember, vigilance is still key. Phishing attempts may get more sophisticated, so keep an eye out for suspicious senders, unusual language, and shady attachments.
What this means for small businesses
This crackdown targets bulk senders exceeding 5,000 emails daily. So, small businesses and organisations sending bulk emails need to get authentication-savvy to ensure smooth delivery.
Don’t worry, you don’t need to be a cybersecurity expert to navigate this. Here are some simple steps you can take:
1. Contact your email provider or web hosting company. Ask them if they’re implementing the new protocols and what you need to do on your end. Most providers will handle the technical heavy lifting, but knowing what’s happening is always good.
2. Make sure your website and forms are compliant. Best practice includes:
- Clearly identify your domain name
- Use HTTPS on your website
- Double-check email address fields
- Limit data collection
- Obtain explicit consent
3. Make sure your email communications are compliant too. Best practice includes:
- Provide an unsubscribe mechanism – that makes it as easy to unsubscribe as it was to subscribe
- Respect data preferences
- Maintain accurate records of consent – invaluable if you face any compliance challenges
4. Review your privacy policy: Ensure your privacy policy clearly outlines how you collect, use, and store user data, including email addresses. Explain how you comply with relevant data protection regulations
5. Stay informed: Follow updates and best practices regarding email authentication protocols and data privacy regulations to ensure your website and email marketing practices remain compliant
Beyond the inbox: A ripple effect
This isn’t just about Gmail and Yahoo. This move sends a powerful message to the entire email ecosystem, paving the way for stricter authentication standards across the board. Expect smaller email providers and businesses to follow suit, creating a more secure email landscape for everyone.
Remember, even small businesses can have a big impact on email security. Let’s work together to create a cleaner, safer, and more reliable email ecosystem for everyone!
P.S. Want to stay ahead of the curve? Start by checking if your emails are authenticated – most email providers provide this information in your settings. It’s best practice to do this, even if you’re not sending 5,000 emails a day. Together, we can create a brighter (and spam-free) email future!