Changes coming into effect from 1st February 2024 by Google and Yahoo means you will need to have a verified, secure domain based email to send bulk emails to your audience. This means no more being able to use your @gmail, @hotmail, @yahoo etc email accounts, which a lot of small businesses often start out with. And why wouldn’t you, it’s free after all!
When you are first starting out and getting your business online, creating an email address such as email@example.com is better than having your old personal email which you’ve had for 20 years – no-one wants to get an email from a company that starts sarahiscool1985@hotmail do they! I digress….
But why are Google and Yahoo making these changes all of a sudden? Is it just another ploy to get more money out of us?
No. There are ways to get a free domain based email. Your hosting provider might be able to create an email account for you as part of your package. Some domain name registrars give you your first email account for free too. The other two big players, which aren’t free, but can start from just a few pounds a month are Microsoft 365 and Google Workspace. Those familiar with Gmail’s interface would likely find Google Workspace the easiest to transition to, as it uses the same platform, but instead of logging into firstname.lastname@example.org, you would login as email@example.com instead.
The actual change that Google and Yahoo are implementing, is that your domain based email needs to have 3 specific records added to the DNS (your Domain Name System) in order to prove who you are and show them that your email account is genuine and secure, and not just spam. These records are called SPF, DKIM and DMARC.
Wait, what the SPF is this all about? Does my email need sunscreen?!
Well obviously not, although you could think of this in the same way by adding a layer of protection to your business email account, just as you would put on sunscreen if you were going out in the hot sunshine for the day. I’ll break it down as plainly as possible.
Record 1 – SPF
This literally means “Sender Profile Framework”…. I know, what does that even mean you’re thinking?
Technical definition: “SPF is an email authentication method which ensures the sending mail server is authorised to originate mail from the email sender’s domain”
Think of this as getting your email address on the list at the door for a gig – if your name isn’t down, you’re not getting in. The SPF record in your domain tells the email server that only the specific places listed in this record are allowed to send email on your behalf – this could be Microsoft Outlook, your email service provider (ESP) like Mailerlite, Mailchimp, ConvertKit, etc. If your email was to get hacked and someone tried to pretend to be sending emails from you, if their ID isn’t in the record, it will get blocked.
This is also why it’s so important that you set up this record to prove that your details ARE legit, so that when you send your newsletters, it doesn’t get permanently blocked by the mail servers. Free emails from the likes of Gmail and Hotmail cannot have this verification code added to them, hence they will now be blocked from being used to send bulk emails.
Record 2 – DKIM
This is the “DomainKeys Identified Mail “ record.
Technical definition: “DKIM is a standard email authentication method that adds a digital signature to outgoing messages”
So the DKIM record is your own personal e-signature to assure the recipient that your email is legit. Like when we had to sign paper cheques for them to be valid, without the e-signature your email address could be pretending to be anyone else. Mail servers that get emails signed with a DKIM can verify that the message actually came from the genuine sender, and not someone impersonating the sender.
Record 3 – DMARC
Also known as ”Domain-based Message Authentication, Reporting, and Conformance”
Technical definition: “DMARC is an email authentication, policy, and reporting tool that is set up on your domain’s settings. It provides validation of the origin of the emails by inspecting the sender’s IP address, SPF and DKIM records.”
I know… that sounds like utter jargon! Think of this as your backup plan.
A DMARC policy allows your domain to show that your messages are protected by SPF and DKIM, and it tells the email server what to do if it doesn’t pass the ID checks – i.e. send an email report to whoever you specify.
Originally it was said that you only needed to have this record set up if you send more than 5000 emails a month, and some Email Service Providers still warn you of this, but now Google and Yahoo are saying that it is best practice to set it up no matter what size your list is.
The purpose of setting up the DMARC record is to protect your domain from being used in business email compromise attacks, phishing emails, email scams and other cyber threat activities.
OK, but what does this all actually mean for me?
Simply put, if you add the SPF, DKIM and DMARC records to your domain, if the email message you are sending out passes all the ID checks, it will be delivered to the recipient and shows you can be trusted.
So How do I add these records to my domain?
The easiest answer if you’re not comfortable with tech or editing your domain settings yourself, is to ask your web developer to handle it for you. As long as they have access to where your domains are registered, and your email service provider account (i.e. Mailerlite), so they can login and administer it on your behalf, they will be able to add the correct settings to the right place (the DNS).
If you manage your domain and website yourself, you need to manage your domains’ DNS settings and add the right codes. Email Service Providers (ESPs) like Mailterlite, Mailchimp etc have guides on how to do this. I have linked several help pages and walk-through guides below for you.
Examples of these records:
It’s only possible to have one SPF record on your DNS settings at a time, but you can add more than one provider’s details into one SPF record. This is an SPF record which allows sending from Outlook as well as Mailerlite:
v=spf1 a mx include:_spf.mlsend.com include:spf.protection.outlook.com -all
Each email service provider will have a different e-signature. Add them as CNAME records to your DNS. This is an example of the Mailerlite DKIM signature. For the full guide on how to set this u, follow the help guide link further down this blog.
A basic DMARC record could look like this:
v=DMARC1; p=none; fo=1; rua=mailto:firstname.lastname@example.org;
This tells the mail server what to do with the email (i.e. do nothing and let it through, reject it or quarantine it), and where to send the report. Where you send the reports is up to you. If you want to keep your main inbox clear of these daily email reports you could send them to a secondary inbox that is used just for reports – such as email@example.com or your web developer’s email address (check with them first!).
It is a good idea to send them to an email address you will actually be checking, to get a clear understanding of where your email address is being used. Even if you don’t understand the reports yourself, they can be forwarded to your web developer for help if an issue were to arise at some point in the future. So you could send them to your normal email address but set up a rule to automatically filter them into a dedicated folder.
Google has a good guide for how to implement a DMARC policy gradually – read it here
So what’s next?
In summary – you need to make sure the SPF, DKIM and DMARC records are set up on your domain as soon as possible in order to continue to securely send marketing emails out to your audience. I hope this blog has been useful for you, if you have any queries, you can also drop me a message and I’ll be happy to help. The links to help guides for the most common email providers are below
DMARC Checker Tool
dmarcian.com/domain-checker/ – enter your domain here to check its status
WIX Help Guides
Squarespace Help Guides
Shopify Help Guides
Mailerlite Help Guides
Authentication Guide – https://www.mailerlite.com/help/how-to-verify-and-authenticate-your-domain
Mailchimp Help Guides
ConvertKit Help Guides
HubSpot Help Guides
Flodesk Help Guides
ActiveCampaign Help Guide
Aweber Help Guides
(although this article hasn’t been updated since October 2023 and says it’s not a requirement to do, the changes coming into force mean you do need to do this)
Brevo (formerly SendinBlue) Help Guides
Microsoft 365 Help Guides
DKIM – https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/email-authentication-dkim-configure?view=o365-worldwide#steps-to-create-enable-and-disable-dkim-from-microsoft-365-defender-portal