Google and Yahoo's DMARC Policy - Why you need email authentication now

Why your business in Hamilton needs to use DMARC

It seems odd that a change made by just two companies can have such a profound effect on how email, one of the most important communications tools that we use everyday is written, sent and processed. It's even crazier to think that the changes that ocurred are now causing mailflow between major business to be disrupted. Back in February we started getting calls from businesses in Hamilton, Burlington, Oakville, Niagara and beyond reporting issues emailing people. Most were having issues emailing things like paystubs to their employees.

The root cause of the issue were changes that Yahoo and Google made for their mail services requiring DMARC records to be setup for domains wishing to send email to users of Google and Yahoo. Seeing has how these are two of the largest email providers in the world this change was pretty disruptive to companies whose IT providers were not on the ball. Our own customers have had these records in place for some time, but it was shocking for me to hear from so many companies that were now having problems emailing.

The changes affected sending email to personal accounts ending in:

• @gmail.com

• @googlemail.com

• @yahoo.com (and .ca and other TLDs)

• @aol.com (yes apparently there's still one of you using AOL... I guess they still have some free time they're burning off...)

When I started the business back in 2020 I focused heavilly on security. One of the early things we did was ensure SPF, DKIM and DMARC records existed for every customer's domain that was sending or receiving email. I remember a conversation I had with another MSP asking why I was wasting my time setting up DKIM for so many customers as they thought it was unnecessary. Sadly this laissez-faire attitude is all too common in IT.

The cause of the shift in the email landscape is occurring to combat spam and phishing scams. Email authentication is becoming a requirement for email service providers, and it’s essential for your online presence and communication to stay ahead of this change.

The Email Spoofing Problem

Imagine receiving an email seemingly from your bank requesting urgent action. You click a link, enter your details, and boom – your information is compromised. This common scam is known as email spoofing, where scammers disguise their email addresses to appear as legitimate individuals or organizations. They might spoof your business’s email address and email your customers and vendors, pretending to be you.

These deceptive tactics can have devastating consequences, including:

• Financial losses

• Reputational damage

• Data breaches

• Loss of future business

Email spoofing is a growing problem, making email authentication a critical link in the defense chain.

What is Email Authentication?

Email authentication is a way of verifying that your email is legitimate. It includes verifying the server sending the email and reporting unauthorized uses of a company domain. Email authentication uses three key protocols, each with a specific job:

• SPF (Sender Policy Framework): Records the IP addresses authorized to send emails for a domain.

• DKIM (DomainKeys Identified Mail): Allows domain owners to digitally “sign” emails, verifying legitimacy.

• DMARC (Domain-based Message Authentication, Reporting, and Conformance): Gives instructions to a receiving email server on what to do with the results of an SPF and DKIM check and alerts domain owners if their domain is being spoofed.
  

If your Business IT Services provider hasn't already setup DMARC for your business in Hamilton (or anywhere for that matter) Here's how it works:

1. Set up a DMARC record in your DNS settings, informing email receivers like Google and Yahoo about the IP addresses authorized to send emails on your behalf.

2. When your email arrives at the receiver’s mail server, it checks if the email is from an authorized sender.

3. Based on your DMARC policy, the receiver can take action, such as delivery, rejection, or quarantine.

4. You receive reports from DMARC authentication, informing you if your business email is being delivered and if scammers are spoofing your domain.

Why Google & Yahoo's New DMARC Policy Matters

Google and Yahoo have offered some level of spam filtering but didn't strictly enforce DMARC policies. The new DMARC policy, effective February 2024, raises the bar on email security:

• Businesses sending over 5,000 emails daily must have DMARC implemented.

• Policies also exist for those sending fewer emails, relating to SPF and DKIM authentication.

Expect email authentication requirements to continue evolving. Ensuring smooth delivery of your business email is essential.

The Benefits of Implementing DMARC

Implementing DMARC isn't just about complying with new policies. It offers several benefits for your business:

• Protects your brand reputation: DMARC helps prevent email spoofing scams that could damage your brand image and customer trust.

• Improves email deliverability: Proper authentication ensures your legitimate emails reach recipients' inboxes instead of spam folders.

• Provides valuable insights: DMARC reports offer detailed information on how different receivers handle your emails, helping you identify potential issues and improve your email security posture.

Need Help with Email Authentication & DMARC Monitoring?

DMARC is just one piece of the email security puzzle. It’s important to implement email authentication as part of a comprehensive security strategy and to use a proper email protection system. We supply our clients with Checkpoint's Harmony Email and Collaboration system. We see DAILY messages that are spam or outright phishing attacks that O365 lets through. These messages are stopped by Checkpoint. Need help putting these protocols in place? Just let us know.

Contact 256 Solutions today to schedule a chat and enhance your email security and help prevent you from becoming the next victim.