Email authentication changes coming on 1st February 2024 mean that we need to take action to secure emails from our domain name so that those providers know that the emails are definitely from us, and not someone impersonating us.
In a nutshell, the likes of Google and Yahoo want to ensure their users’ experience remains positive and safe, and so they are implementing rules and requirements for senders. These requirements include specific sender authentications, easy-to-access unsubscribe links and spam-complaint measures.
I know, I know…
Online marketing seems hard enough without the big players throwing another hoop for us to jump through.
But honestly, as entrepreneurs with already-overflowing inboxes, these changes are a positive move to keep our own inboxes safe.
What you're about to read
What are the changes?
There are plenty of resources already out there from people who are far more qualified to talk about these changes than I am, so this article isn’t intended to go into any depth about the technicality of the changes.
But briefly, starting in February 2024, Google and Yahoo will pay more attention to authentication measures such as:
- DKIM (DomainKeys Identified Mail),
- SPF (Sender Policy Framework) and
- DMARC (Domain-based Message Authentication, Reporting & Conformance).
Don’t worry too much about the techy names.
What it means is that properly authenticated emails will be prioritised for delivery, while those lacking authentication may face challenges reaching recipients or might be blocked completely.
That’s a scary thought, right?
So we need to take some action.
And even though all those acronyms look terrifying, the steps you need to take are really just copying and pasting some text into your domain records.
And that’s what I want to cover today.
Why are these changes happening?
Properly authenticating your emails has always been a best practice, but not all senders are using the tools available to protect their emails.
If we, as email marketers, don’t properly authenticate our emails, we’re making it easy for people to impersonate domains and to send phishing emails —and that will damage our sending reputation.
Gmail and Yahoo want to protect their users from spam and unwanted emails, but if we’re failing to properly secure our systems and leave the door for exploitation wide open, their job is a whole lot harder.
That’s why Gmail and Yahoo decided that proper email authentication and following deliverability best practices are no longer a nice-to-have.
From 1st February we HAVE to have them. Otherwise, our emails may never be delivered.
What action do you need to take?
It’s impossible to cover every scenario, because the abundance of email marketing platforms, domain name registrars and hosting providers, means that the potential configurations of your tech setup are endless.
However, I know that a lot of people in my community have a similar setup to me, so I wanted to outline the steps that I have taken in case it’s a useful guide for you.
My tech set up
To start with, you’ll need to know where to find your DNS settings, and which email marketing platform you’re using.
This is my tech stack for my domain name, hosting and emails:
- My domain name is registered with Namecheap
- My WordPress website is hosted with Siteground
- My email marketing platform is with ActiveCampaign
- When I built my website, I changed the named servers settings for my Namecheap domain name to point to Siteground (which hosts my website). This means that any changes that I need to make to my DNS settings, should happen in the Siteground interface, not Namecheap.
The final point is important, because you will need to know where to find your DNS settings for the steps you are going to take.
If you’re not sure, you can use this free tool to find out who your DNS provider is.
The steps I followed
My first port of call was to go to ActiveCampaign, my email marketing platform, and look for information about the changes I needed to make.
Simply go to Google and search for ‘[platform]+email authentication’
eg. Mailchimp email authentication
Here are some that I found for some of the more commonly used platforms:
I went to the ActiveCampaign link which outlined the steps I should take.
Setting up DKIM
The first thing I tackled was DKIM, and it was surprisingly straightforward.
Using the steps outlined in the ActiveCampaign article, I did the following:
- Log in to your ActiveCampaign account as the Primary Admin user.
- Click Settings, located on the left menu.
- Click the Advanced tab.
- Click the “I will manage my own email authentication” option.
- ActiveCampaign will generate two CNAME records. You then need to set up both CNAME records in the DNS provider for your domain (in my case, this was Siteground).
If you are using another email marketing platform, have a look in their knowledgebase for a similar article which gives you the steps to take.
Once I had the CNAME records from ActiveCampaign, I headed over to log into my Siteground account.
I clicked on Websites > Site Tools > Domain > DNS Zone Editor. I selected my domain name and then clicked on the CNAME tab.
I copied in the first CNAME settings from ActiveCampaign – ‘name’ went into the ‘name’ field. And ‘value’ went into the ‘resolves to’ field.
And hit create.
I repeated those steps with the second record that ActiveCampaign had generated.
I then went back to ActiveCampaign and checked the settings.
And that is DKIM done!
Setting up DMARC
I went round in circles a little bit with DMARC because although it seemed straightforward enough to set up a TXT record (in a very similar way as I set up the CNAME records) with the settings that ActiveCampaign gave me, I was concerned about receiving an overwhelming amount of DMARC reports to my email address.
So I started looking for other options.
One option is the Postmark App which is free. It’s a weekly email to help monitor DMARC.
The only reason that I didn’t go for that is because DMARC Report was on a lifetime offer on AppSumo (affiliate link). It was really easy to register and set up and once they had generated a TXT setting for me, I added it into my DNS settings in Siteground, and I was good to go.
I left it for a few hours, and came back and had a notification from DMARC Reports that my domain was verified.
Setting up SPF
SPF was the lowest on my list of priorities because ActiveCampaign takes care of this for account holders by default.
However, I still wanted to set mine up myself because I have heard that Microsoft will still need it in the future, and whilst I’m here, with my head in the game, I want to tick all the boxes.
This was straightforward because it’s another TXT record, just like DMARC. I found the settings for it in my ActiveCampaign account, along with the DKIM settings, and I simply copied and pasted them into a TXT record in my DNS Zone Editor in Siteground.
Testing the settings
To check that everything was set up correctly, I checked it on the ActiveCampaign DKIM SPF check tool. It all looked good there, but I wanted to double-check.
So I also ran a test on the Mail Tester platform by adding the email address it gave me to my contacts in ActiveCampaign and sending a test campaign to it.
I didn’t get a perfect score, and it highlighted some areas for me to work on, but it verified that the main authentications (DKIM, SPF and DMARC) were in place, and I can work on the other details that it outlined.
These steps are needed for any platforms that send emails from our domain. So we also need to think about which interfaces we have set up to do that eg.
- booking systems eg. acuity
- invoicing systems
- cart platforms
When you’re deciding which you need to take action on, have a look at who the notification emails are sent from. For example, I use Thrivecart, and when it sends an invoice to one of my clients, even though it looks as though it’s landing in an inbox from me, if you check the sender email, it’s actually coming from a Thrivecart email address.
So there’s no need for me to take any action with that.
Similarly with Calendly. Any notifications that I receive when I book calls through Calendly arrive from firstname.lastname@example.org. So if that was my booking system, I wouldn’t need to make any changes.
So if you’re not sure, do a test transaction/booking through your own account, and see what the email address is that sent the notification.
The other major shift from February 2024 is how the likes of Google and Yahoo will be deciding whether to treat you the email you sent as spam (undelivered, or straight to spam folder), or as a credible email (delivered to inbox).
Spam report rates will be monitored very closely, and if you go over the limit, your email delivery will get into trouble.
From Feb 2024 Google and Yahoo plan to monitor spam-report rates, and will be stopping your emails from reaching inboxes if you go over their limits.
For each 1000 emails you send that are engaged with, you can get away with a maximum of 3 spam reports.
So you need to be sure that you are sending engaging and useful emails that you audience want to receive. Setting up an engagement monitoring automation in your email marketing platform will help you out with this.
How to do that is definitely a topic for another blog post.
Your next steps
The main thing is not to sleep on this. You have a limited time to take action, and your next steps should be:
- Strengthen authentication: Review and update your email authentication settings, ensuring that DKIM, SPF and DMARC are properly configured for all outgoing emails.
- Decrease spam complaints: Make sure your content is both relevant and something your recipients want in an effort to stay below the 0.3% spam complaint threshold.
- Evaluate content relevance: Given the increased focus on user engagement, prioritise creating relevant and engaging content to improve overall email deliverability.
- Make it easy for readers to unsubscribe: Ensure your unsubscribe link is both easy to find and use.
- Set up an engagement campaign in your email marketing platform.
The authentication process may seem frightening, but set aside 30 minutes and you’ll be surprised at how straightforward it is. If you need help getting it sorted, you can book a 1:1 session to get it sorted for £65.