Starting in February 2024, Google and Yahoo! have stated that there will be new requirements for sending emails to their users. Two of the mentioned requirements are that all senders must have an authenticated domain (SPF/DKIM) and a DMARC policy. 

In this article, we’ll go over what these new requirements are and how you can make sure that you are up to speed with all of them so you won’t run into any issues with these email service providers while sending your emails securely through Privy.

What are Google and Yahoo’s requirements?

What are DMARC, SPF, and DKIM records?

Dive into what each of these DNS records stands for and its purpose below:

Sender Policy Framework (SPF)

SPF is an email authentication protocol that allows receiving email servers to accept incoming emails from authorized senders. It was designed to prevent email spoofing, a common technique used in phishing attacks and email spam. As an integral part of email cybersecurity, SPF enables the receiving mail server to check whether incoming email comes from an IP address authorized by that domain’s administrator.

DomainKeys Identified Mail (DKIM)

DKIM is an email authentication method that employs public-key cryptography to digitally sign emails, ensuring that the message body and attachments remain unaltered during transmission. Receiving servers use DKIM to verify that the domain owner sent the message. It also acts as a digital signature that is added to the header of an email to further verify the identity of the sender. Receiving email servers will verify that the DKIM signature matches that of the associated sending domain.

Domain-based Message Authentication, Reporting, and Conformance (DMARC)

DMARC is a standard that builds on SPF and DKIM. It ensures emails are genuinely coming from the domain they claim to be from, by checking the alignment of the SPF and DKIM records. It detects and prevents email spoofing techniques used in phishing, business email compromise (BEC), and other email-based attacks.

  • DMARC provides instructions to receiving servers about how to handle incoming mail. To get delivered, messages need to pass DKIM and SPF alignment checks according to the requirements set by the DMARC policy. Messages that do not pass DMARC checks can be allowed, rejected, or placed in the spam folder.

How to set up these records

Setting up SPF, DKIM, and DMARC records can be a complex and time-consuming process and improper configuration can result in several errors. Because of this, and due to liability reasons, we recommend consulting with an IT team expert or your host domain support team to make and use online tools to analyze and ensure your SPF, DKIM, and DMARC policies are set up correctly.

That being said, here is a brief overview of what this process looks like:

Set up SPF Records

These records are TXT records on your domain that authorize specific servers to send mail using your domain name. This is how an SPF record may look:

Set up DKIM Records

A DKIM record is a specially formatted DNS TXT record that includes a name, version, key type, and the public key itself, and is often made available by the provider that is sending your email. A simple DKIM signature is composed of several parts and may look like this:

Set up DMARC Record

A DMARC record may look like this:

Helpful Resources

To get some more detailed information about how you can create and manage these records, please check out the articles for some of the most popular host providers:

If your host provider is not on the list above, don’t worry - you can contact us at support@privy.com so we can point you in the right direction!

Verify your custom domain in Privy

If you haven’t already, make sure you’d added your custom sending domain in Privy in order to improve deliverability and build trust with your customers. Your DMARC, SPF, and DKIM records are tied to your custom domain — not Privy’s shared domain — so you should be sending your emails from your own domain in Privy once authenticating your domain.

The approach to updating DNS records varies from one provider to another, most hosts have similar steps, however, we’ve included links to our KB articles for several top hosting sites:

  • Shopify

  • GoDaddy

  • Namecheap

  • Wix

  • Domain.com

If you encounter any difficulties while attempting to verify your custom domain with Privy, and require further assistance, don’t hesitate to schedule a call with one of our DNS experts using this link.

In order for a custom domain to become fully-verified, the custom domain must pass both of the following checks:

  1. DNS Records Check: Checks if the required Privy DNS records exist within the custom domain’s records and if they’re valid.

  2. DMARC Policy Check: Checks if a valid DMARC policy is configured within the custom domain’s records.

Sending Status

Privy introduced the following sending statuses, which are dependent on the outcome of the checks listed above.

Can send emails

A Privy account is placed into this status if the custom domain passes the DNS Records check, regardless of if the DMARC policy check fails. However, a valid DMARC policy is still recommended and should be added as soon as possible in order to comply with the recent Gmail + Yahoo sending requirements.

Cannot send emails

A Privy account is placed into this status if the custom domain fails both the DNS Records and the DMARC policy checks. Privy accounts under this status would not be able to schedule nor send emails from the custom domain.

If your Privy account is under the “Cannot send emails” status, you’d need to add the Privy DNS records and a valid DMARC policy to your domain host account.

FAQs

Was this page helpful?

Improving DeliverabilityCustom Sending Domain