In a significant move towards enhancing email security, Google and Yahoo have announced new requirements set to take effect by February 2024. These requirements target companies sending more than 5,000 email messages through these platforms, mandating the use of Domain-based Message Authentication Reporting and Conformance (DMARC) technology. While initially impacting marketers, these measures will have far-reaching implications for all companies that have been slow to adopt a trio of essential security technologies.
The Trio: SPF, DKIM, and DMARC:
The new requirements build upon the existing security foundation provided by Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). Adoption of SPF and DKIM offers improved protection against impersonation through robust authentication mechanisms. DMARC, the third component, adds an extra layer by establishing a notification channel back to the domain-name owner, allowing them to collect information on potential email spoofing.
Neil Kumaran, group product manager for Google’s Gmail Security & Trust group, emphasises the benefits of adopting DMARC. “By adopting DMARC in the ways that we’re asking, senders start getting a lot of intelligence back that will help them identify issues with their configuration [and] things they may want to change,” he explains. This proactive approach enables companies to enhance their email security measures collectively.
Current Adoption Landscape:
The trio of email security technologies has seen accelerated adoption in recent years, particularly during the challenges posed by the coronavirus pandemic, which forced many companies into remote operations. Approximately half of email senders have a DMARC record, but only 14% have set DMARC to enforce a strict policy of quarantine or reject—a widely considered endpoint for optimal security, according to data from Valimail, a DMARC service provider. Surprisingly, only 1% of nonprofit domains have DMARC set up.
Encouraging Adoption and Market Readiness:
Google and Yahoo’s requirements mark a positive step toward bolstering email security, and industry experts believe they will encourage more companies to adopt DMARC. Neil Kumaran suggests, “The requirements by two large providers should push more companies to adopt DMARC until adoption reaches a level at which more effective security measures become possible.” However, Seth Blank, Chief Technology Officer at Valimail, hopes major email providers will continue to raise the bar quickly, indicating that the market may not yet be fully ready for more stringent requirements.
As the digital landscape evolves, ensuring the security of email communication becomes paramount. Google and Yahoo’s proactive measures are a call to action for companies to prioritise email security and adopt the necessary technologies. By embracing SPF, DKIM, and DMARC collectively, businesses can not only protect themselves from potential threats but also contribute to a more secure email ecosystem overall. Stay informed, stay secure, and be part of the movement towards a safer digital communication landscape.