Google and Yahoo tell business email customers to get their SPF together

Estimated reading time: 2 minutes

Starting this month, a significant shift is on the horizon for companies reliant on mass emailing via Google or Yahoo. Businesses must adopt Domain-based Message Authentication Reporting and Conformance (DMARC), for any volume exceeding 5,000 emails.

This move, spearheaded by Google and Yahoo, is prodding all companies who use branded email to clean up their email security through DMARC, as well as the pre-requisites of Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). This trio not only fortifies against impersonation but also establishes a feedback loop, enabling domain owners to monitor and mitigate against email spoofing.

Neil Kumaran of Google emphasizes the dual benefit of adopting DMARC: bolstered security and valuable insights into email systems, fostering a more secure email environment. Despite the surge in DMARC adoption spurred by the remote work shift during the pandemic, the enforcement of stringent policies remains low, with a notable gap in nonprofit domains.

Google and Yahoo’s stipulations aim to set a new standard in email authentication, requiring adherence to SPF and DKIM protocols, avoiding spam, and providing straightforward unsubscribe links in marketing emails. While this initiative towards more secure email is a welcome one, some folks in the cybersecurity sector (including us) are calling for more rigorous measures to combat the rampant misuse within the email ecosystem.

As these requirements unfold, they promise to make a not-insignificant dent in the plague of unauthenticated emails. However, there are still some challenges to watch out for: Malicious actors might still circumvent these barriers, underscoring the need for a multifaceted approach to email security that extends beyond sender authentication.

The true efficacy of these measures hinges on their implementation and the broader adoption of comprehensive security practices such as Managed Detection & Response, and Conditional Access Policies to protect against unauthenticated access to your business’s email server.

If you need help securing your business’s email systems, don’t wait until the hammer drops. Get in touch with us today.

Responsive. Proactive. Leap Cloud Solutions.

Why gamble with your IT investment?

“I’m tired of IT systems that are operating poorly. Tired of expensive & limited solutions that don’t scale with the business. Tired of support applying short-term bandaids to long-term problems. I want a solution that scales without any IT hassles. I want technology to be an aid, not a burden. And I want a team of experts I trust to lead the way. I’m ready.”

Well said. Let's make that happen.

“We hired Leap Cloud Solutions to update our large physician group’s IT platform. Joel and his team provided a sound plan and stream-lined implementation. Leap was very responsive to the challenges we faced.”

Dr. Kevin F.

VH Anesthesia Services

“Responsive, pro-active & skilled – just what we needed. They’re a critical partner for our nonprofit. I can’t recommend Joel & his team enough.”

Tiffany M.

New View Society