Gmail and Yahoo are introducing new sender authentication requirements in order to provide their end users with a safer email experience.  Even if you don’t use Gmail or Yahoo, you need to pay attention as the requirements apply to organizations that send to Gmail or Yahoo.

The new requirements apply to organizations that send more than 5,000 emails per day to Gmail and Yahoo inboxes. These policy changes are meant to benefit the end recipient and ensure both Gmail and Yahoo users can trust the mail they receive. For many senders, the new requirements won’t impact their email programs, but for others, these changes will mean they’ll need to re-examine their current email authentication and sending practices. Emails not meeting these requirements may be rejected or marked as spam by Gmail and Yahoo. These requirements will take effect in the first quarter of 2024.

The key requirements are to:

a) ensure you authenticate your sent mail using SPF, DKIM, and DMARC and at a minimum send from a domain with a DMARC policy of at least p=none;

b) have a valid forward and reverse DNS record for your sending IP addresses;

c) comply with RFC 5321 "Simple Mail Transfer Protocol" and RFC 5322 "Internet Message Format";

d) provide one-click unsubscribe links;

e) do not send unsolicited email.

Our Symantec Email Fraud Protection solution provides a fully automated sender authentication solution that makes DMARC enforcement easy and accessible so that you can easily comply with the new requirements and manage emails coming from your domain. We provide the Email Fraud Protection monitoring portion of the service complementary to all our Email Security.Cloud customers so you can gain 100% visibility into all email traffic using your domains. For complete details on the Email Fraud Protection solution please visit the following link.  

For general help with configuring SPF, DKIM and DMARC outside the Email Fraud Protection service please refer to:

• "Implement SPF records for Email Security.cloud" - https://knowledge.broadcom.com/external/article?articleNumber=161394
• "Configuring DKIM signing for outbound mail" - https://knowledge.broadcom.com/external/article/171225/configuring-dkim-signing-for-outbound-ma.html
• "Adding a DMARC Record" - https://knowledge.broadcom.com/external/article?articleNumber=178782#mcetoc_1gops6au31c1

Please note, that forward and reverse DNS records are already in place for all emails routed via Email Security.cloud.  However, it is good practice to ensure you have these records in place for your own mail servers. Also, if you are using modern commercial email software or a cloud mailbox service such as Microsoft Office 365, then you are likely already RFC 5321 and RFC 5322 compliant. If you are using custom-developed email-sending applications then we recommend you check their behavior is RFC compliant.