Google and other mail services increase their requirements for email delivery

Time to add good SPF, DKIM and DMARC entries to your domains

Google and Yahoo have announced last month that they will have new requirements for email delivery.
Some measures have already been implemented as it mandatory to have min. SPF and have valid reverse entries for the sending email server.
As of January, 1st 2024 this list will become longer and you need to meet most of the following

  • Implementation of both SPF + DKIM
  • Sending with an aligned `From` domain in either the SPF or DKIM domains
  • Sending from a domain with a DMARC policy of at least p=none
  • Valid forward and reverse DNS (FCrDNS)
  • One-click unsubscribe (RFC 8058) should you have a mailing list.
  • Low spam reported rate

Most senders still miss DMARC and it is time to have this in your domain that you use for mail sending. As stated p=none policy is the minimum, but the recommendation after testing it for a while should be p=quarantine. There are 3 values:

none: The Domain Owner requests no specific action be taken
regarding delivery of messages.

quarantine: The Domain Owner wishes to have email that fails the
DMARC mechanism check be treated by Mail Receivers as
suspicious. Depending on the capabilities of the Mail
Receiver, this can mean “place into spam folder”, “scrutinize
with additional intensity”, and/or “flag as suspicious”.

reject: The Domain Owner wishes for Mail Receivers to reject
email that fails the DMARC mechanism check. Rejection SHOULD
occur during the SMTP transaction.

The values p=quarantine or p=reject make DMARC more effective on what to do based in the policy.

The .ch Registry, Switch, requires in their new DNS Resilience program update for 2024 to have DMARC entries to be p=quarantine (minimum) or p=reject to be present, a site from having a SPF record and dkim entry.

What does that mean?
It is time to clean your data in the domains and ensure  you have all these things setup. This also goes for domains that you are not using to ensure that they are a not miss used. If you are using our dns and register a  new domain our default entries have been adjusted already a year ago and look like these in regards to those mechanism:

testix.de. 600 IN TXT “v=spf1 -all”
testix.de. 600 IN MX 0 .
_dmarc.testix.de. 600 IN CNAME _dmarc.parked.brand-protection.tech.
*._domainkey.testix.de. 600 IN TXT “v=DKIM1; p=”

Of course you can add your own DMARC entry but the above will ensure you have no issues, BUT be carful as these are default entries for new zones and if you add them in active zone, you could break you zone.
If you have any questions about this, please contact our customer support through the usual channels.

If you want to do a test and learn a bit about dmarc try Learn DMARC: https://www.learndmarc.com/