Benchmark Email Help Center

or chat with:

smart support, our Benchmark Email expert powered by AI

chat now

Knowledge Base Home aero-right Delivery Email Marketing aero-right New Domain Authentication Requirements: How to Prepare

New Domain Authentication Requirements: How to Prepare

Delivery Email Marketing Updated on February 10, 2024

In the wake of Gmail’s recent announcement regarding email sender requirements, Yahoo is also poised to implement changes in its email authentication protocols. This requirement shift from major inbox service providers proves the evolving improvement of email communication standards. In this article, we’ll cover all the changes coming in February of 2024. While these changes can seem restrictive to email senders, requirements like domain authentication protect us from emails whose sole intention is negative or fraudulent.

Before Getting Started

  • The new requirements presented by major inbox providers focus on delivering wanted mail to their users and landing unwanted mail in the spam folder or rejecting it altogether.
  • Small and large senders must have proper domain authentication, opt-in mailing lists, an easy way to unsubscribe and maintain a low spam rate to avoid reduced email deliverability.
  • To ensure proper domain authentication, you will need an SPF record, a DKIM record, and a valid DMARC policy with at least a p=none. The “p” value tells the inbox provider what to do with the messages that fail DMARC.

Domain Authentication

As of February 1st, 2024, Gmail and Yahoo will require email senders to authenticate their domains for their emails to reach the inbox. What does this mean exactly?

For your email domain to be fully authenticated, you’ll need an SPF record, DKIM record, and DMARC policy configured in your DNS settings with your domain provider. There is no exception; you’ll need all three to be completely authenticated.

SPF (Sender Policy Framework)
  • The Sender Policy Framework record, commonly known as an SPF record, is a record added to your DNS settings. The SPF record is used to specify which domains have authorization for email sending. Adding an SPF record to your domain indicates which domains or IP addresses are authorized to send emails on your behalf.

SUMMARY

SPF validates the domain or IP address used to send the email message.

DKIM (DomainKeys Identified Mail)

DKIM stands for DomainKeys Identified Mail. It is an email authentication method designed to detect and prevent email spoofing, while also guaranteeing the integrity of email messages. DKIM allows the sender of an email to digitally sign the message, providing a cryptographic signature that can be verified by the recipient’s email server.

SUMMARY

The DKIM record adds a second layer of security, effectively reducing the risks associated with spoofing and phishing. 

DMARC Policy (Domain-based Message Authentication, Reporting, and Conformance)

DMARC is an important step of email domain authentication; it establishes how email clients will receive messages that fail the DMARC authentication checks. A GMAIL and Yahoo requirement with the DMARC policy is that all senders have at least a “p” value in their DMARC policy.

To check if you need to update your DMARC Policy, you can utilize a third-party tool like MXToolBox or check with your domain admin. If no DMARC record is found, you can add the following DMARC policy to your domain, ”v=DMARC1; p=none; adkim=r; aspf=r”. This will ensure you pass the requirements for sending from your domain using Benchmark Email.

Type: TXT
Name: _dmarc
Value: v=DMARC1; p=none; adkim=r; aspf=r

IMPORTANT

The key to successfully sending emails from Benchmark is to ensure that your domain’s DMARC record has a p= policy and aspf/adkim is not set to strict.

Mail sent from Benchmark Email will have to meet these requirements in order to send from your private domain. If you cannot fully authenticate your private domain, your emails will automatically be sent from a Benchmark Email-owned domain that is fully authenticated

For example, if you cannot authenticate your domain, and your from email address is sales@companyname.com, your email address would appear as: sales.yourcompanyname.com@123456.clients.bmsend.com.

For step-by-step instructions on how to authenticate your domain, click here.

SUMMARY

The DMARC policy verifies the alignment of SPF and DKIM in the from address of a sender.  The p= policy tells the email client what they should do with an email whose DMARC failed, and when rua and ruf tags are configured, it provides reporting to the legitimate domain of the activity of other domains impersonating them.

Unlike the SPF and DKIM records shared in the domain authentication page in your Benchmark Email account, DMARC records impact your entire domain and not just emails sent from Benchmark Email. It is important to consult your system administrator (if applicable) before making any changes to your DMARC records.

Back to the top ↑


One-click Unsubscribe

As a new requirement, all emails must include a one-click unsubscribe header. The one-click unsubscribe header is different from the unsubscribe link in the email’s footer. All emails delivered from Benchmark include the mandatory unsubscribe header, which asks the recipient in their inbox if they would like to unsubscribe from your mailing list.

The new one-click unsubscribe header is not visible in the email itself, only in the inbox. It will appear next to the From name in the email message. When you click on this, a pop-up will appear asking you to confirm your choice; that’s it. Recipients won’t have to fill out an Unsubscribe form, improving their email experience.

One-click unsubscribe in the inbox
One-click unsubscribe in the email message
This is the message a recipient will see after clicking the Unsubscribe option.

IMPORTANT

  • No action is required to add the one-click unsubscribe link; this has already been enabled in all Benchmark accounts. Contacts who leverage the one-click unsubscribe in their inbox will be automatically unsubscribed from your mailing list.

  • For some senders, Gmail and other email clients will not display the one-click unsubscribe button within the inbox. The email client’s algorithm determines the visibility of the one-click unsubscribe button. This algorithm has different components, such as domain reputation, server reputation, contact engagement, type of email content, email length, and number of emails sent from the domain and the server, as well as if an email contains the unsubscribe link in the footer. To learn more about the one-click unsubscribe button, click here.

Back to the top ↑


Spam Complaint Rates

Keeping a low Spam complaint rate has always been a standard practice. However, with the coming changes, the new threshold is to keep a spam complaint rate under 0.10% and avoid reaching a complaint rate of 0.3%. The spam complaint rate is composed of emails marked as spam from the contact’s inbox. This statistic is tracked at the domain level and should be proactively monitored using tools like Postmaster. Tools that track your domain sending can give you the following information.

  • Emails delivery status
  • Your domain’s influence on email delivery
  • Number of emails marked as spam, junk or abuse
  • Authentication of your emails

Maintaining a low spam rate is crucial to an email’s delivery success. To see how spam rate affects emails in Google, click here.

Back to the top ↑


Best Practices

Some of the requirements listed above have always been in place but will now be more heavily enforced, which brings us to what senders can do to avoid their emails being rejected or marked as spam.

Here is a list of best practice recommendations from GMAIL, Yahoo, and Benchmark Email.
Avoid sending from public domains
Permission-Based Lists
List Hygiene
Send Permission Reminder Emails
Don’t Hide Content in Your Email
Email Volume and Frequency
Sub-domain for Email Sending

Back to the top ↑


Frequently Asked Questions

What happens if my domain is already authenticated?

If you previously authenticated your domain in Benchmark Email (SPF & DKIM) and have a valid DMARC record, no action is required.

How do I check if my domain is authenticated?

You can check your domain status directly from your Benchmark account. To check your authentication records, log in to your account, then on the top right, click on your name and select Account Settings. Next, click on Domain Authentication, and you will see a status for your domain. Click on View. You can also run a check using MXToolbox.

What if I don’t authenticate my domain?

If you fail to authenticate your domain with SPF, DKIM, and DMARC, we will adjust your From email address, and emails from Benchmark Email will be sent from an authenticated Benchmark domain. For example, if your email address is sales@companyname.com, your domain would appear as: sales.yourcompanyname.com@123456.clients.bmsend.com.

What happens if I don’t own a domain and send from a public domain?

Customers using a public email address will have their from email adjusted to use an authenticated Benchmark. For example, if your email address is companyname@gmail.com, your domain would look like this: companyname.gmail.com@001B00.clients.bmsend.com.

However, because this is a shared domain, you have less control over your deliverability results. We encourage you to purchase a private domain for email sending immediately.

What if I send from multiple Benchmark accounts?

Each Benchmark account is unique from one another, including subaccounts. You must add an SPF and DKIM record for each account you send from. However, you do not need to add another DMARC record.

What if I send from different domains, do they all need to be authenticated?

Yes, you will need to authenticate the private domains in your account to ensure proper authentication.

What if I send from subdomains?

If you are sending emails from a subdomain, the subdomain should also have an SPF and DKIM record, and while it is not required, we recommend adding a DMARC record at the subdomain level for each subdomain used in Benchmark Email.

What if I use more than one email service provider?

You will need to add an SPF and DKIM record for each email service provider you use; otherwise, you risk low deliverability. Please consult with your IT administrator to make sure all your records align.


If you have any questions, please contact our support team.