[Sharing] Major focus on Gmail and Yahoo's new requirements for email senders
Dear valued clients,
We received feedback from some of our clients that they wish to have an additional explanation of the recent Google/Yahoo new Anti-spam policy.
Every mail server deploys its own Anti-spam policy which is decided by the recipient’s server administrator.
This explains why the same email content/subject that is FROM the same sender, gets a different delivery result in different recipient’s mailboxes.
Let’s put them into the following scenario:
Sender mail server: Post Office
Recipient mail server: Targeted destination building
Recipient mail server’s Anti-spam: Security guard
SPF: Identity card
DKIM: Signed email
DMARC: Instruct destination building owner on how to handle unauthenticated visits from My Domain only.
When you visit a Post Office physically to send a letter, the counter/postbox will not verify your identity.
It means you are free to send the letter to any destination address and put whoever at FROM: as long as you pay for the postage stamp right?
Nowadays, the community tries to reduce the damage of email spoofing by deploying verification records such as SPF/DKIM/DMARC.
SPF: (Identity card)
Publish all the IPs (Authorized post office address) that allow sending email from your domain (organization), for example, Exabytes listed out our HQ and branches are available in Malaysia, Singapore, and Indonesia only. https://www.exabytes.my/contact
If your Security Guard receives a visit request from Exabytes staff that come from a country that is out of our valid range in SPF record, the guard can reject the visit.
DKIM: (Wax Seals)
Allow the sender to deliver a signed email to the recipient, where the recipient’s security guard can track the origin of it. If the letter seal is broken or does not match the Public key (Wax seal stamp) mentioned by the sender (by comparing the Private key) you receive then fail it.
The sender can monitor all emails and then instruct the recipient’s security guard to either quarantine or reject the message if an unknown visit fails in SPF/DKIM verification.
What is the major new requirement for them?
A) Stronger Identity verification.
Google and Yahoo buildings have started to force the visitor to complete identity verification when they wish to visit their building. (send mail to Gmail / Ymail, etc)
It means visitors need to fulfill the above criteria so that they will help to deliver the mail to the recipient’s hand (Inbox) else they may reject or put your letter in the dustbin (Junk folder) You may use the following tools to check if your domain fulfills their new requirement or not: https://dmarcian.com/domain-checker/
B) Target the correct recipients.
For normal business communication with Google + Yahoo recipients is fine.
However, if your marketer or hired third-party marketing company is using your domain for mass mailing, recipients who do not expect to receive them may mark your email as Spam.
It contributes to the spam rates and once your domain spam rate is more than 0.3% then all email communication from that domain will go into the Junk folder unless your email address appears inside the recipient’s address book.
Sample of Good domain reputation
Sample of Poor domain reputation
Technical Support Department
1 person likes this idea