The Impact of Stricter DMARC Policies on B2B Email Marketing
As technology evolves, so do the tactics employed by cybercriminals. In an effort to protect their customers from spam and email attacks that spoof sender domains, both Google and Yahoo have announced stricter sender authentication requirements, which will come into effect later this week. These changes will have a significant impact on B2B email marketing practices, so it’s important for marketers to understand and adapt to these new policies.
Does this affect me?
Starting February 2024, both Google and Yahoo will impose increasingly stringent email authentication requirements. Sender domains that deliver more than 5,000 emails per day will be required to carry a DMARC (Domain-based Message Authentication, Reporting and Conformance) policy, which outlines how to handle unauthorised emails sent via your domain.
But even those who send fewer emails will face tougher measures. Failure to meet these requirements may result in the rejection of legitimate inbound mail due to the inability to validate the sender’s authenticity, potentially impacting the effectiveness of your B2B marketing campaigns.
What do I need to do?
The new requirements are categorised into two sets. All senders will need to follow the first set, while high-volume senders delivering more than 5,000 messages per day will need to adhere to additional rules.
Applicable to all senders:
- Email Authentication: Implementing email authentication measures is necessary to prevent threat actors from sending emails under the pretence of being from your organisation. Domain spoofing is a common technique used in phishing attacks and email spam, and SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) protocols play a vital role in combating these threats.
- SPF: SPF is an email authentication protocol that prevents email spoofing by checking if incoming email comes from an IP address authorised by the domain’s administrator.
- DKIM: DKIM allows an organisation to take responsibility for transmitting a message by signing it in a way that mailbox providers can verify. DKIM record verification is made possible through cryptographic authentication.
- Low Spam Rates: To maintain a good sender reputation, it’s important to keep spam rates low. If recipients report your messages as spam at a rate that exceeds the new requirement of 0.3%, your messages could be blocked or sent directly to a spam folder.
Requirements for senders of more than 5,000 messages per day:
- SPF, DKIM, and DMARC: Companies sending to Gmail or Yahoo must have SPF and DKIM authentication methods implemented. Additionally, they must have a DMARC policy in place. DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication standard that provides domain-level protection and detects email spoofing techniques used in phishing and other email-based attacks.
- DMARC Alignment: Messages must pass DMARC alignment, which means that the sending Envelope From domain is the same as the Header From domain, or that the DKIM domain is the same as the Header From domain.
- One-Click Unsubscribe: For subscribed messages, it is vital to include a one-click unsubscribe option. Messages must contain List-Unsubscribe message headers and a clearly visible unsubscribe link in the message body. Unsubscribe actions must be taken for a requesting user within two days.
Keep in mind: These rules and best practices don’t just apply to marketing emails but also to regular business emails sent from the same domains. This includes your internal communications and any exchanges with clients, suppliers, stakeholders – literally anyone you email – so it’s important to be mindful of the main business email setup. If you neglect DMARC and that reduces deliverability of your marketing emails then that is undesirable, but not immediately business critical. However, if you make an erroneous change to your DMARC settings and that prevents delivery of normal business emails, that might have a catastrophic impact on your operations. With this in mind, it’s important to coordinate any DMARC changes with your company’s IT team or the people who look after your business email setup.
How do I put this into practice?
Most email marketing sending platforms – including Campaign Monitor, MailChimp and HubSpot – set their own requirements that represent their views of DMARC best practice, which they will enforce to protect the deliverability of their shared email servers. As a B2B marketer you might be tempted to take the view “I don’t send to personal email addresses / many emails so who cares if Yahoo and Gmail will bounce me”, but if you’re using someone else’s server you must comply with their policies – even if you only send 1 email a year – or risk getting your email tech account suspended.
You can check the status of your email domains and verify the status of your DMARC compliance. dmarcian’s domain checker is a useful tool, and their library of DMARC resources is a great place to signpost your IT team.
Why should this be a priority?
These stricter DMARC policies aim to enhance email security and protect users from malicious attacks. As a B2B marketer, it’s necessary to ensure compliance with these policies to maintain email deliverability, build trust with your audience, and keep this element of your digital marketing mix and daily email communications in motion. Adhering to email authentication protocols, monitoring spam rates, and implementing the necessary unsubscribe options will help you navigate these changes successfully. By following these guidelines, B2B marketers can continue to leverage email marketing effectively while safeguarding their reputation and maintaining strong communications with customers.
Remember, email authentication is an ongoing process, and continued efforts to ensure the security and authenticity of your email communications will contribute to the success of your B2B email marketing campaigns.
Sign up for our B2B digital marketing insights to stay up to date with the latest email marketing best practices, and learn how to adapt your strategies to comply with these stricter DMARC policies to stay ahead of your competitors. And if you need help implementing these changes, get in touch with one of our experts.