In a recent development, both Yahoo and Google have chosen to make DMARC a requirement for email delivery.
This move is a significant step toward enhancing email security and protecting users from falling victim to fraudulent emails. With the increasing prevalence of email fraud and phishing attacks, it has become crucial for email service providers to authenticate a sender's identity for security purposes. However, the enforcement of this authentication step comes with impacts to some business operations.
In this guide, we'll cover:
- DMARC - what it is & why it's needed for business domains
- Bulk Email Sending Necessities for Small & Mid-Sized Businesses
- How Five Nines Can Help
DMARC for Businesses
What is DMARC?
DMARC (Domain-based Message Authentication, Reporting, and Conformance) helps to prevent email fraud and phishing attacks by authenticating the sender's identity.
Spammers can spoof your email domain to send fake messages that impersonate your organization. With DMARC, receiving mail servers know what to do when they get a message that appears to be from your organization, but doesn't pass authentication checks to prove that it's actually from you. Messages that aren't authenticated might be impersonating your organization, or might be sent from unauthorized sources.
Why does my company need to set up DMARC?
As email fraud and phishing attacks continue to rise, it was already becoming increasingly important for businesses, including small businesses, to implement DMARC for their domain. Now, for organizations sending more than 5,000 emails per day, it is required for your emails to be deliverable to some recipients.
By setting up DMARC, businesses can protect themselves from spammers who may attempt to spoof their email domain and send fake messages impersonating their organization.
With DMARC in place, receiving mail servers can identify and authenticate incoming messages, ensuring that only legitimate emails reach their intended recipients. This not only enhances email security but also safeguards the reputation and trustworthiness of your business. With Yahoo and Google now requiring DMARC for email delivery, it is essential for businesses to embrace this authentication protocol.
What will happen if my domain does not have DMARC set up?
As a result of these changes, emails sent to a Yahoo or Gmail account by a domain that must adhere to the new requirements, DMARC authentication must be passed for the message to be delivered successfully. Messages from email domains that do not pass the required checks will not be delivered to recipients' inboxes.
This move toward authentication aims to increase email security and protect users from receiving fraudulent emails. So, if you want to ensure that your company's emails reach their recipients, DMARC is a non-negotiable next step.
Bulk Emails for Business
Bulk email is the action of sending one email message to a large group of recipients. Marketing messages, company newsletters, client updates, and other messages of this nature are the types of communications that fall into this category.
You may also know this as mass email or email blasts. Ultimately, bulk emails focus on sending a specific message to a large group of subscribers at one time.
What does my business need to have in place to send bulk emails?
As email platforms crack down on mass email messaging criteria, you may run into deliverability issues without the following in place:
A legitimate business domain to send email from.
As your business grows, managing your communications from a freemail account (think Gmail or Yahoo) will present additional, unavoidable restrictions to your ability to send large quantities of external email.
Gmail, for example, limits the amount of emails an account can send per day, as well as the number of people you can add as recipients to a message. For some accounts, this limit can be as low as 500 total sent emails.
If you're on track to have more than 500 client contacts, newsletter recipients, or marketing subscribers, it's likely time to consider setting up email for your business domain and moving away from freemail accounts.
A DMARC policy for your business Domain Name Service (DNS).
As explained further in the DMARC section above, this policy will not only ensure the deliverability of your company's emails to external recipients, but it will enhance the security and integrity of your domain.
As you communicate with more people outside of your company — whether that means your clients, potential clients, patients, or another type of person that interacts with your business or industry — the integrity of your business domain becomes increasingly important. It's not only about getting your emails into the inboxes of your external contacts, but also ensuring that those individuals can trust the emails they receive from your name. Having a secure, protected, and trusted email-sending domain is impactful to your company's online reputation.
A CAN-SPAM Compliant email-sending platform.
As more mail providers crack down on mass email regulations, your best approach will be to begin using an email service software or customer relationship management (CRM) platform, if you are not already. These programs allow you to create, send, and track emails to large lists of clients or subscribers, and they have built in many of the tools necessary to ensure your emails are CAN-SPAM compliant in the US.
CAN-SPAM, a law that went into effect in the United States in 2003, does not just apply to commercial messages but also includes all bulk email messaging, including business-to-business and business-to-consumer communications.
If possible, our experts also recommend you opt for a platform with a dedicated IP address and valid reverse DNS records, as these features help prevent others using the platform from impacting your sender reputation by association.
How do CAN-SPAM laws affect my business emails?
All businesses sending bulk emails to external recipients, regardless of whether those recipients are other business users or consumers (individuals), must comply with CAN-SPAM. Each separate email in violation of the law is subject to penalties of up to $50,120, and more than one person may be held responsible for violations if penalized.
Thankfully, staying in compliance with the CAN-SPAM Act is relatively simple. Here's what you need to know:
- Don’t use false or misleading header information. Your “From,” “To,” “Reply-To,” and routing information – including the originating domain name and email address – must be accurate and identify the person or business who initiated the message.
- Don’t use deceptive subject lines. The subject line must accurately reflect the content of the message.
- Identify the message as an ad. The law gives you a lot of leeway in how to do this, but you must disclose clearly and conspicuously if your message is an advertisement.
- Tell recipients where you’re located. Your message must include your valid physical postal address.
- Tell recipients how to opt out of receiving future marketing email from you. Your message must include a clear and conspicuous explanation of how the recipient can opt out of getting marketing email from you in the future. You may create a menu to allow a recipient to opt out of certain types of messages, but you must include the option to stop all marketing messages from you. Remember, subscribers and members have the right to opt out of marketing emails, too. These individuals don’t lose their ability to opt out of marketing emails from you simply because they have a subscription or membership in place.
- Honor opt-out requests promptly. Any opt-out mechanism you offer must be able to process opt-out requests and you must honor a recipient’s opt-out request within 10 business days. You can’t charge a fee, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a webpage as a condition for honoring an opt-out request.
- Monitor what others are doing on your behalf. The law makes clear that even if you hire another company to handle your email marketing, you can’t contract away your legal responsibility to comply with the law. Both the company whose product is promoted in the message and the company that actually sends the message may be held legally responsible.
Source: FTC.gov, "CAN-SPAM Act: A Compliance Guide for Business"
Bulk Email Sending Support
An email management platform can assist you in reaching compliance with the CAN-SPAM laws, and your IT resource — whether internal or outsourced — can be another resource for securing and authenticating your email-sending domain.
How Five Nines Can Help
As a result of recent DMARC enforcement changes, Five Nines offers DMARC setup & configuration services to clients who need it. For many small and mid-sized organizations, correct DMARC implementation on an existing domain can be tricky, thus we strongly recommend using a third-party management tool or IT partner to implement these policies.
No matter your current situation, Five Nines is here to help. Contact your Account Manager (existing clients) or send us a message about your company's IT Support needs if you would like to learn more.
Takeaways
By implementing DMARC authentication, Yahoo and Google aim to prevent unauthorized individuals from impersonating legitimate businesses like yours. This proactive measure will undoubtedly bolster the trustworthiness of their platforms and provide everyday users with a safer email experience.
If you want your emails to reach their intended recipients without any hindrance, it is imperative to follow email-sending regulations, use trusted tools, and adhere to the DMARC requirements set by email platforms. By embracing the DMARC authentication protocol and following relevant local, state, and federal laws, you can contribute to the improvement of email security and ensure the future deliverability of your emails.
