Google and Yahoo! DMARC Requirements
Starting February 2024, Google and Yahoo! will enforce new requirements for senders with over 5,000 daily emails directed to their accounts. These senders must implement an active DMARC policy.
To continue reaching over 5,000 Google and Yahoo! email inboxes daily, senders must set SPF and DKIM records per domain and use ARC authentication for forwarded messages.
Emails failing authentication will be rejected or marked as spam, affecting the delivery of customer communications from organizations not meeting the new rules set by Google and Yahoo!.
Why the Change?
Google and Yahoo! aim to reduce the ability of attackers to exploit bulk senders who do not secure their email systems. By focusing on email validation, they hope to minimize the reach of bad actors to customers’ inboxes and reduce spam.
Additional benefits include improved inbox placement for domains with DMARC in place, making emails less likely to be flagged as spam or rejected outright.
Enforcement Dates
Yahoo! began enforcing these guidelines gradually in February 2024.
Google started a gradual enforcement process in February 2024 with temporary errors and will begin rejecting non-compliant email traffic starting in April 2024. By June 1, 2024, bulk senders must implement one-click unsubscribe in all commercial, promotional messages.
Technical Information About DMARC and DMARC Policies
What Is a DMARC Record?
A Domain-based Message Authentication, Reporting and Conformance (DMARC) record instructs a receiving email server on how to handle a message from your domain if it fails authentication. DMARC works with two authentication methods: SPF and DKIM. SPF specifies which IP addresses can send emails from your domain, while DKIM adds a digital signature to outgoing messages, ensuring they have not been altered en route.
DMARC Policies
A DMARC record specifies a policy for actions if an incoming email fails SPF or DKIM authentication. There are three policy options:
- None: Deliver the message normally.
- Quarantine: Send the message to the recipient’s spam folder or quarantine.
- Reject: Do not deliver the message.
Google Workspace recommends starting with the “none” setting, reviewing reports, and then moving to “quarantine” and finally “reject.” Regardless of the action, you can set the DMARC record to request reports on email server performance and authentication success rates.
Steps to Set Up a Google Workspace DMARC Record
- Configure SPF and DKIM, then wait 48 hours before publishing the DMARC record.
- Create the DMARC record as a text line with tag-value pairs separated by semicolons. Required tags include v (version, must be DMARC1) and p (policy). Optional tags can specify subdomain policies, the percentage of invalid messages to act on, alignment policies for SPF and DKIM, and email addresses for DMARC reports.
- Update the DNS record in your domain host’s management console. Enter the DMARC TXT record name as “dmarc” followed by a period and your domain name. Save the changes and repeat for each domain.
Simplify Your DMARC Setup with RealBytes
Setting up DMARC through Google Workspace can be daunting. Let RealBytes streamline the process for you! Our cloud-based tools make it easy to create and validate DMARC records while providing detailed reports on authentication failures and forensic analyses.