Today, February 1, Google is starting to implement their new anti-spam rules, which means you need to authenticate your domain.
Now in case you’ve been avoiding this because it sounds overwhelming — or you didn’t even know Google had new rules — I want to explain it to you and then offer my help.
Here’s the deal:
- If you send marketing emails from a gmail address…
- If you send marketing emails with an email from a domain that you didn’t authenticate…
- If you don’t allow your subscribers to unsubscribe with one click…
- If you send more than 5000 emails a day and haven’t set up something called DMARC…
- If you send lots of emails to people who don’t engage with them (open, click, reply)…
…your emails will probably start going to spam in the coming weeks/months.
Google and Yahoo’s new email guidelines in short
Here’s what all email senders — not only mass senders — who want their emails to end up in a Gmail users’ inboxes have to do:
- Set up SPF or DKIM email authentication for your sending domains
- Use a secure connection for sending emails
- Keep reported spam rates below 0.3%
- Use proper email formatting and headers (in practice you don’t have to worry much about this one; all modern email sending clients do it for you)
If you send more than 5,000 a day, you also need to set up DMARC email authentication.
For more details, visit Google’s article on this topic.
The part that affects you most is if you have been using a free email address for email marketing. Email marketing platforms will no longer allow you to use your free email address, and you’ll need to authenticate your domain as well.
It was always best practice to use your own authenticated domain, but now it’s the official rule. Check out my article from a couple of years ago on two easy, cost-effective ways to get your own domain.
What does authenticating my domain mean?
This whole email compliance thing is full of jargon — no wonder the ostrich approach is your only recourse!
Let’s see if we can simplify it a bit.
Bad actors can send emails pretending to be you, and their unsuspecting recipients (victims) would never know the difference. That’s why security measures evolved over time to deal with this.
Here are the 3 main ones:
SPF — sender policy framework.
SPF is a record added to your domain that tells all receiving email clients (your recipient’s Gmail, Yahoo, Microsoft, etc. account) who is allowed to send emails on your behalf. This will generally be your mail host and email marketing software.
Think of it as the return address on an envelope.
DKIM — DomainKeys Identified Mail.
DKIM is a digital signature added into the hidden code of your email that tells email clients that nobody tampered with the email between you hitting send and it arriving at the email client.
Think of it as a wax seal covering the envelope flap.
Together, the SPF and DKIM records are called “authenticating” your domain. Every email that your inbox receives is checked for SPF and DKIM matches. If either one fails, the email is more likely to go to spam.
DMARC — Domain-based Message Authentication, Reporting, and Conformance
DMARC brings it a step further. It’s an instruction for email clients of what to do with your email if it fails the SPF/DKIM check. It can also send YOU reports of all messages sent from your domain, so you can see any failures and investigate.
DMARC can instruct the receiving client to do nothing, send it to spam, or reject it completely.
Best practice is to start at the “do nothing” level and monitor your reports to make sure your SPF and DKIM are set up properly. Then gradually tighten the policy until it reaches the strictest level of security — called “enforcement.”
Stay compliant with my quick setup service
If you rely on email marketing for communicating with your audience, sticking your head in the sand and hoping this won’t affect you is not a good strategy.
I can help! After doing it for a bunch of clients over the last month or two, I decided to offer this as a standalone service.
For just $95, you’ll get:
- Your domain set up (if necessary)
- Your domain authenticated and aligned
- Your unsubscribe settings checked
- Your DMARC record set up (it’s best practice to do this even if you have a tiny list)
- 30 days of DMARC monitoring and then enforcement
Want to get this over and done with? Click here to reserve your hassle-free authentication service.