Since February 2024, email senders must deal with increased requirements from Google and Yahoo. These changes were suggestions in the past, but they are now mandatory for ensuring successful email delivery.
Properly authenticating your emails has always been a best practice, but not all senders have fully embraced the tools available to protect their messages. The consequences of inadequate authentication are severe: bad actors can easily impersonate domains, leading to phishing attacks and damaging your sending reputation.
To authenticate your emails, you must implement email authentication protocols, specifically SPF, DKIM, and DMARC. These protocols work together to ensure that your emails are legitimate and not forged by malicious actors. These protocols are summarised below:
- SPF (Sender Policy Framework): Authorises legitimate senders by allowing only permitted domains and IPs to send emails on behalf of their domain. This significantly reduces spam complaints.
- DKIM: Protects your email’s content from alteration by adding digital signatures to message headers. It verifies that the email hasn’t been tampered with during transit.
- DMARC (Domain-based Message Authentication, Reporting, and Conformance): Aligns messages against SPF and/or DKIM checkpoints. With DMARC, you can set up instructions for receiving servers to accept, quarantine, or reject misaligned emails. It provides robust protection against phishing, spoofing, and other threats.
The setup steps for all the above will be provided by your email sending provider, but there is a gotcha when verifying the DKIM entry is correct. DKIM has a special format for looking up the TXT record. You need to use _dmarc.domain when doing the lookup. So, for example, for mzansibytes.com, you would use _dmarc.mzansibytes.com.
Google introduced Brand Indicators for Message Identification (BIMI) for Gmail, an industry standard that allows approved logos to appear next to a sender’s email in participating platforms. BIMI requires senders to use strong authentication and verify their brand logo to display it as an avatar in emails. While BIMI does not directly improve deliverability or reputation, it builds trust with recipients and enhances engagement.
Why Is This Important?
- Standing Out: With BIMI, your brand logo stands out in recipients’ inboxes.
- Building Trust: Displaying a verified logo boosts trust.
- Control: You decide what appears next to your emails.
You email sending service will provide instructions for setting this up, but like verifying a DMARC record, the TXT record for BIMI records needs to be prefixed with _bimi. For mzansibytes.com, this would be _bimi.mzansibytes.com.