In October 2023, Gmail and Yahoo! introduced a new set of requirements senders must meet by February 2024. Although many of the requirements mentioned are already considered industry best practices, Google and Yahoo! will enforce these practices in 2024. You can read the official announcements here:
Google Announcement: Gmail introduces new requirements to fight spam (blog.google)
Yahoo! Announcement: Postmaster @ Yahoo & AOL — More Secure, Less Spam: Enforcing Email Standards... (yahooinc.com)
Senders that don’t meet the requirements by February 2024 may experience temporary errors on a small percentage of their non-compliant mail to Google recipients. In April 2024, a small percentage of the mail will be rejected, and that percentage will gradually increase over time.
List of requirements and the impact to Cendyn CRM clients
FROM Email Address Domains should be set up with SPF and DKIM Authentication
Email authentication protocols such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail) are crucial for ensuring the security and integrity of email communications. SPF helps verify the authenticity of the sender's domain, reducing the likelihood of email spoofing and phishing attacks. SPF allows you to list all the IP addresses that are authorized to send mail on behalf of your domain. DKIM adds a digital signature to emails, providing recipients with a way to verify that the message hasn't been tampered with during transit.
For Cendyn CRM clients, the Cendyn team will authenticate the marketing and transactional domains at the time of implementation. Once those are authenticated, FROM email addresses are configured on behalf of the hotel to attach to email campaigns. If a hotel requires an additional FROM email address, a ticket to the Global Support Team is required.
Sending domains/IPs have valid forward & reverse DNS Records (AKA – PTR Records)
Reverse DNS (Domain Name System) plays a crucial role in email authentication by verifying that the IP address associated with an email server resolves back to a legitimate and correctly configured domain name. This process helps prevent email spoofing and enhances the overall security of email communications.
Like SPF and DKIM authentication, Reverse DNS is established during the implementation process. This happens for Shared or Dedicated IP hotels.
Abuse Complaint/Spam Complaint Rates below 0.3%
Calculating the spam complaint rate in email marketing involves measuring the number of recipients who mark a sender's emails as spam relative to the total number of delivered emails. A low spam complaint rate is indicative of a well-targeted and engaging email campaign, while a high rate may signal issues with content, frequency, or overall sender reputation.
The announcements require senders to maintain a Spam Complaint Rate (AKA as Spam Reports in Cendyn CRM) below 0.3%. It is important to note that Google does not send Spam Complaints to the ESP and, in turn, they are not reflected in Cendyn CRM. Dedicated IP senders can setup their own Google Postmaster Account. Google Postmaster offers valuable information regarding domain and IP reputation for Google. Additionally, it will provide the Google Spam Complaint Rate. Shared Domain Senders (those that use @contact-client.com or @reservations-client.com or a sub-domain of the aforementioned) cannot setup Google Postmaster. Those domains are monitored by Cendyn directly.
Outside of Google, you can keep an eye on your complaint rates at Yahoo, Microsoft, etc. via the Cendyn CRM.
Format messages according to the Internet Message Format standard (RFC 5322)
RFC 5322 is a standard that defines the syntax and structure of email messages on the Internet, specifying the format for headers, message bodies, and addresses. It outlines the rules for creating and interpreting email messages, ensuring consistency and interoperability across various email systems and clients.
Cendyn CRM's campaign editors consider the required Internet standards.
Don’t impersonate Gmail From: headers
The requirement basically says that a sender should not impersonate a Gmail FROM: header. For example, Cendyn CRM customers should not send any email campaign using the @gmail.com, for example, LuxuryHotel@gmail.com. Before sending any campaign, the hotel should make sure that the sending domain is fully authenticated in the Cendyn CRM system.
Gmail will begin to utilize a DMARC policy of ‘quarantine.’ If you attempt to impersonate a Gmail From: header, that will likely impact your campaign delivery rate.
The FROM Domain is required to have DMARC email authentication
DMARC (Domain-based Message Authentication, Reporting & Conformance) ties SPF and DKIM together, offering a comprehensive approach to email authentication that enhances trust and prevents domain impersonation, making it a fundamental defense against email-based cyber threats.
Each DMARC record needs to define a policy, which can be one of three options: none, quarantine, or reject. Gmail’s requirement for DMARC is to set it at p=none, this is the minimum. P=none instructs the receiving mailbox provider to take no action on an email that fails an SPF/DKIM check. A domain’s DMARC record can be checked using a free online tool: DMARC Check Tool - Domain Message Authentication Reporting & Conformance Lookup - MxToolBox.
The most secure setting is what’s called DMARC at enforcement, p=reject or p=quarantine. This requires additional work to ensure that this record incorporates all third parties sending on behalf of your domain. Publishing the record incorrectly could cause your mail from these providers to not be delivered. Hotels should work with their IT and DNS teams to establish a setting that is properly configured and monitored.
For direct mail, the domain in the sender's From: header must be aligned with either the SPF domain or the DKIM domain
To meet this requirement, the sending domain needs to pass DMARC alignment. The domain you include in your From: header must align with either the SPF domain or the DKIM domain. Alignment refers to the verification that the DKIM and SPF signatures in your email headers align with the domain you've authenticated your SendGrid account with.
Breaking this down, the hotel needs to ensure that “from” address matches the domain authenticated with SPF or DKIM. Cendyn sets up the FROM addresses for each hotel, and ensures this step is properly configured. However, there are several scenarios that can be accepted. Google has a blog post about these scenarios, including shared Domains and shared sub-domains.
Enable one-click unsubscribe and include a clearly visible unsubscribe link in the message body
"List-unsubscribe" is an email header or feature that provides recipients with an easy and standardized way to unsubscribe from an email mailing list. When included in the email header, it typically contains a specific email address or URL that users can click or reply to in order to opt-out or unsubscribe from future communications. This feature is designed to enhance user experience and compliance with email marketing regulations by providing a straightforward method for recipients to manage their subscription preferences.
Cendyn CRM emails will have a “list unsubscribe” header optioned enabled.
Use a TLS connection for transmitting email
Using a TLS (Transport Layer Security) connection for transmitting email means that the email communication is secured through encryption. TLS is a protocol that ensures the privacy and integrity of data during transmission over a network, such as the Internet. In the context of email, when a TLS connection is employed, the content of the emails and any sensitive information within them are encrypted, making it more difficult for unauthorized parties to intercept or tamper with the data as it travels between the email sender and the recipient. This added layer of security helps protect the confidentiality of email content and sensitive information exchanged during the email transmission process.
Gmail and Yahoo will require any mail transmitted to them to have a secure TLS connection.
The Cendyn CRM Email Service Provider handles the connection to the inbox providers and issues a TLS connection; hotels do not need to worry about this requirement.
Most of the above requirements apply to all senders and the last three above (DMARC Record, alignment, and one-client unsubscribe) are new and only apply to senders that send over 5,000 messages a day or in the history of their domain, has sent at least 1 day over 5,000 emails.
Please keep an eye on bounces, in particular soft bounces, which will begin to show sender requirement violations in the coming months. Spotting a bounce issue can help minimize any reputation and/or sender requirement violation from escalating and damaging your domain reputation. For Email Deliverability Assistance, you can open a support ticket and request for the Email Deliverability Team to review your issue.
0 comments
Please sign in to leave a comment.