Last week, Twilio SendGrid’s email team covered new email authentication standards with the experts. Customers are embracing the new normal with rapid and positive adoption of the new sending requirements both at the domain and overall volume levels. Len Shneyder, Senior Director of Industry Relations, partnered with Valimail’s CTO, Seth Blank, to hear directly from:
Ebenezer Anjorin, Google Product Manager
Clea Moore, Yahoo Principal Product Manager
Ross Adams, Microsoft Principal PM Architect
During the webinar, we covered the latest news on the new DMARC (Domain-based Message Authentication, Reporting and Conformance) requirements. We heard individually from each speaker on their perspectives as well as collectively, a unified stance that email authentication is here to stay. Representatives from Google, Yahoo, and Microsoft all firmly believe that this is just the beginning of the process and they are here to support senders along the way.
“I’m supportive of the initiative and am hopeful the process comes easier...You can expect us to come along to apply a similar approach” — Ross Adams, Microsoft Principal PM Architect
Based on Valimail’s analysis of DNS records, just from January 1 to March 31st, the acceleration of domains grew 55% to 7+ million domains.
“This is a journey and we recognize that different senders need different amounts of time, but this is not just a 2023 thing or 2024 thing. As we learn more about the ecosystem, the mindset should be that this is the new normal and senders need to think about how to be compliant. Once you have the foundation, then it becomes easier. Everyone should jump on the train as quickly as possible.” — Ebenezer Anjorin, Google Product Manager
During this journey, it’s important to still consider the existing best practices and deliverability requirements that have been pushed for years. These requirements don’t change best practices, they just enforce them.
“Take action on the deliverability requirements and best practices. Send mail that people want to receive to people who have given you permission.” — Clea Moore, Yahoo Principal Product Manager
As we dug into the details of these changes, we received common questions and included the answers in this blog to help make your next steps easier.
A p=none DMARC policy is considered the minimum policy that leaves the decision up to mailbox providers. P=reject is the strongest DMARC policy value and allows the provider to block any unauthorized emails so they cannot reach recipients. Today, 75% of domains are at p=none without reporting.
Sender reputation is calculated by the inbox providers involving complex algorithms that take into account delivery, engagement, open, clicks and other data points. We rely on the signals they send us such as delivery, bounce and block reporting to determine if there’s an issue or not. That being said, reputation can always be rehabilitated through hard work, vigorous sending policies and user engagement. If you need guidance with something like this, SendGrid Professional Services can help.
From Gmail's blog post: “Messages that aren’t authenticated with these methods might be marked as spam or rejected with a 5.7.26 error.” As such, if you want to have your mail delivered, you need to authenticate your domains.
SPF and DKIM are set with CNAME records (created within the UI or via API). DMARC is a separate record with multiple variables. Twilio SendGrid provides a default "p=none" record in the UI. If a user wants a more strict policy or other variables, there are lots of DMARC resources to help guide this process, however all 3 will need to be added to a sender's DNS in order to be implemented.
Gmail stated that there are a number of factors that determine if a sender will have the list-unsubscribe link in the header within the Gmail UI which impacts if it shows the button. However, this may change in the future.
Yes. IP and domain warming is still relevant. DMARC lets the sender tell the inbox providers how they want mail to be treated and if it doesn't pass SPF or DKIM. However, showing the providers that mail is desired by recipients is still also important. Adding a new IP or sending from a new domain requires a warm up period in order to demonstrate the wanted nature of your email through increasing engagement as you warm up.
While we can't 100% predict the future, we do foresee a place where a DMARC policy at enforcement (quarantine or reject) is required. While only 3% of domains are at enforcement (p=quarantine or p=reject), It's a logical step towards protecting domains from spoofing. In addition, in order to implement BIMI, you need to be at Quarantine or Reject for DMARC.
