Overview:
Bulk email senders (~5000+ email daily) need to ensure email authentication is configured and content reviewed to meet baseline security configurations and avoid their emails blocked, marked as spam or end up in the recipient’s junkmail:
Configure email authentication - SPF, DKIM, DMARC
Enable easy unsubscribe option
Only send wanted emails
The below are best practices for all email senders. Whispir encourages all email users to adopt the below.
What is changing and how do I overcome this?
Gmail and Yahoo have announced late 2023 they will be updating requirements to successfully deliver emails to Gmail and Yahoo inboxes. From February 2024, emails that do not meet the 3 requirements elaborated below will result in emails being blocked or marked as spam.
Requirements for individual Whispir accounts depend on factors such as if you use the default setting to send emails or have implemented custom domains.
1. Email Authentication - SPF, DKIM, DMARC
Email authentication is the process of ensuring the legitimacy and integrity of email. There are 3 key email authentication protocols designed to enhance email security.
DomainKeys Identified Mail (DKIM)
Senders attach digital signatures to the email headers using a private key, recipients verify this via the Sender’s public key. In short, emails are cryptographically signed and validated. This ensures that the message has not been tampered with, as the signature is bound to the message.
Sender Policy Framework (SPF)
SPF specifies the mail servers that are allowed to send email for your domain. Domain Name System (DNS) records can be managed to list authorised mail servers. A recipient’s email server can lookup the sender's SPF record to validate the sender is authorised to send on behalf of a particular domain.
Domain-based Message Authentication, Reporting, and Conformance (DMARC)
DMARC verifies email senders by building on the DKIM and SPF protocols. A DMARC record is a DNS record that tells receiving mail servers what to do with messages that don’t align or authenticate with SPF and DKIM. This is commonly used to quarantine or reject emails and reporting back to the domain owners about the email authentication results.
2. Enable easy unsubscribe option
Recipients need to have an accessible way to unsubscribe from future emails from the original sender. The Sender must remove the recipient from future send outs within 2 days of the request.
In Whispir: Company Admins have access to our API Mapping feature that can be designed to arrange an opt out solution.
3. Only send wanted emails
Popular email inboxes give recipients the option to mark emails as spam or similar. Actions taken by a significant number of recipients may suggest your emails are unwanted and can result in future emails ending up in spam.
Ensure your email content is intentional, relevant and solicited.
How do I know I have met these requirements?
Customers who are NOT using a custom email alias, SPF, DKIM & DMARC are automatically configured by Whispir to meet these requirements and require no further action. Customers using custom email aliases can refer to Whispir’s Email guide for how to meet these requirements. The guide is also a useful resource for all email senders to gain a general understanding of SPF and DKIM set ups.