2024 Email Authentication Standards: Elevating Security with Google and Yahoo

2024 Email Authentication Standards: Elevating Security with Google and Yahoo

In contemporary email communication, email authentication plays a pivotal role in mitigating email fraud, spam, and phishing attacks. Brace yourself for a new level of security. Starting February 2024, Gmail and Yahoo will be implementing robust email authentication requirements to combat harmful messages and emphasize the crucial role of data security. This measure aims to prevent restrictions on sending rates, message blocking, and marking messages as spam.



Who will experience the effects? 

The updated security guidelines apply to all users, particularly those who send 5000 or more than 5000 emails per day from ZOHO DESK. Not following these guidelines may lead to email delivery delays, blocked messages, or the categorization of emails as spam.

Not to worry. We are here to support you with the best possible solutions.

Basic details that every sender should be aware of
 
To safeguard your path in 2024, it is mandatory to follow the fundamental requirements, beginning with email authentications.

When utilizing a Gmail domain in the 'From' address, it is essential to configure the address with its dedicated SMTP for ensuring accurate mail delivery.

For recipients on gmail.com or googlemail.com, it is recommended to publish DMARC for the sender domain to enhance prompt mail delivery. 

Verify with your own SMTP 

In adherence to the new guidelines, reply emails sent from Zoho Desk with From addresses belonging to gmail.com, googlemail.com, to any domains may be bounced or marked as spam. Therefore, we kindly request all customers to configure these From addresses with your own SMTP verification and use TLS for transmitting email rather than Zoho SMTP. If the From addresses were verified previously with your own SMTP, we will continue using the same authentication for all notification emails sent from Zoho Desk.



Rolling out SPF & DKIM  

SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) are vital email authentication protocols that protect against spam, phishing, and spoofing. SPF verifies the authenticity of emails from your domain, while DKIM confirms their source by validating authorized servers associated with sending domains. These protocols work together to validate emails, ensuring that they originate from legitimate sources and have not been tampered with during transmission. This implementation enhances the overall security of your email communications by reducing the risk of email spoofing, phishing, and other malicious activities. 

Minimal Spam Rate 

Maintain spam rates below 0.10% and ensure they never exceed 0.30% for optimal email deliverability.

Essential  Requirements for Users Sending 5000 or More Emails Daily 

Implement DMARC Policy 

DMARC (Domain-based Message Authentication Reporting and Conformance) is an authentication technique that leverages the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to authenticate emails. This helps in preventing forging emails and engaging in unauthorized activities through them.

 How DMARC Works: 

1: Publish the DMARC policy outlining instructions for mailbox providers' receiving servers on how to handle emails that breach the policy.
2: Authenticate your sender domain by implementing SPF and DKIM.
3: The receiving server will apply the DMARC policy and execute the instructions specified in the policy.
4: The receiving server will send a report detailing how it handled the email to the reporting email address specified in the DMARC record.

Sample: DMARC record
v=DMARC1\; p=none\; rua=mailto:dmarc-aggregate@mydomain.com\; ruf=mailto:dmarc-afrf@mydomain.com\; pct=100

v: Signifies the DMARC version in use.
p: Signifies the policy established by the business.
rua: Specifies the URI for sending a consolidated report, including information on SPF and DKIM validation results, details about the sending and receiving domains, and the percentage of successful authentications.
ruf: Specifies the email address where the comprehensive SPF/DKIM failure report will be delivered.
pct: Denotes the percentage of emails subject to the policy application.

To prevent emails from being marked as spam, bounced, or experiencing delays in delivery, it is mandatory to set your policy (p) to none in DMARC record. “p = none”

If the policy (p) is set to "quarantine" or "reject," the emails will either be redirected to the spam folder or will not be delivered to the recipient, respectively. 

Ensure DMARC Alignment 

DMARC alignment pertains to the uniformity in the alignment of email authentication mechanisms, particularly SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail), with the domain asserted by the sender.

Sample DMARC - SPF Alignment

Sender Address

From: Header

Strict Alignment

Relaxed Alignment

support@mycompany.com

support@mycompany.com

Pass

Pass

support@admin. mycompany.com

support@mycompany.com

Fail

Pass

support@mycompany.org

support@mycompany.com

Fail

Fail

 
SPF Strict Alignment: A precise match between the SPF-authenticated domain and the domain specified in the header's "From:" address. 

SPF Relaxed Alignment: The domain indicated in the "From:" address of the header should either match or be a subdomain of the SPF-authenticated domain. 

Sample DMARC - DKIM Alignment

From: Header

DKIM d= domain

Strict Alignment

Relaxed Alignment

support@mycompany.com

mycompany.com

Pass

Pass

support@admin. mycompany.com

mycompany.com

Fail

Pass

support@mycompany.org

mycompany.com

Fail

Fail


DKIM Strict Alignment: A precise match between the relevant DKIM domain and the domain specified in the header's "From:" address. 

DKIM Relaxed Alignment: The domain mentioned in the "From:" address of the header must either coincide with or be a subdomain of the SPF-authenticated domain. 

Add ARC headers 

Implement ARC (Authenticated Received Chain) authentication to avoid Gmail categorizing the email as unauthenticated, especially when utilizing frequent mail forwarding practices.
For additional information on ARC authentication, please refer to the official Google document linked here.

Set up SPF & DKIM 
Mail authentication protocols such as SPF & DKIM should be implemented for organization sending emails to google or yahoo recipients.

What are the consequences if the deadline is not met? 

Adhering to the sender requirements before the deadline is crucial for optimizing email delivery. Failure to meet the criteria detailed in this article may lead to your email not reaching its destination as intended or being categorized as spam.

Quick Summary:

The Update - Gmail and Yahoo are implementing robust email authentication standards from February 2024.
The Effects - Failure to meet these requirements may result in emails being categorized as spam or not reaching their intended destination.
The Action to be taken - Users sending 5000 or more emails daily must implement SPF,  DKIM and publish DMARC policies. 


Regards,
Sumaya Howth - Product Manager
The Zoho Desk Team



      • Sticky Posts

      • 2024 Email Authentication Standards: Elevating Security with Google and Yahoo

        In contemporary email communication, email authentication plays a pivotal role in mitigating email fraud, spam, and phishing attacks. Brace yourself for a new level of security. Starting February 2024, Gmail and Yahoo will be implementing robust email

      • Using Agent Email Address as From Address

        Currently, while replying to a ticket, it is possible for agents to choose their own email addresses as 'from' addresses. Although we built this just for that little extra flexibility, in hindsight, it hasn't figured much in conventional usage.  Almost all businesses prefer that responses to their customers' tickets be sent from the common support/service email address and NOT from those of individual agents. During personal interactions at events, some of you have even made passing mentions about

      • Edit and Delete options in Comments

        A lot of teams have been using ticket comments extensively to collaborate everyday. Notification Center further improved this experience by bringing real-time updates. As we continue to build more improvements to this experience, we've shipped a small-yet-important

      • Webinar 2: Supercharged customer support for growing business

        Join us for this webinar and learn how to step up your support game using a real-time communication platform to generate happier, more successful customers. In this live webinar, we will will discuss the importance of SalesIQ for your support team and how it can help you:  Understand your customers better and their journeys to proactively support and engage them even before they ask for help.  Integrating real time conversations into Zoho Desk’s Support, providing a conversational customer service

      • Customize Colors of your Customer Self Service Portal

        You asked for it. We heard you. We're happy to roll out the most sought after feature request, Customizing the Colors of your Customer Self-service Portal. Now you can set the color of your customer portal to mimic your company's web site, so that your customers visiting the portal will not feel alienated by the default theme.  Go ahead and configure the color of the header, tabs, fonts and background according to your needs. You can either choose between default color themes like Blue, Grey, Green

        • Recent Topics

        • Bank Feeds

          Since Friday my bank feeds wont work. I have refreshed feeds, deactivate and reactivate and nothing is working

        • Mass emails - Allow preview of which emails will receive the email based on the criteria

          Feature request. Please allow us to view and confirm the exact recipients of the mass emails based on the criteria we've chosen before sending. It can be quite sensitive if you send the mass email to some wrong accounts accidently, so it would be great

        • Lack of Looping and Carry-Forward Functionality in Zoho Survey

          Zoho Survey currently does not support looping or carry-forward functionality, meaning it is not possible to dynamically generate follow-up questions based on each option selected in a previous question or to pipe selected responses (such as {Looping

        • How I Implemented Subscription-Based Access Control and Expiry Handling in Zoho Creator

          I recently worked on a use case where users come into the application to request a service, but they should only be able to continue the process after completing a subscription. The challenge was not just controlling access, but also making sure that

        • sync two zoho crm

          Hello everyone. Is it possible to sync 2 zoho crm? what would be the easiest way? I am thinking of Flow. I have a Custom Module that I would like to share with my client. We both use zoho crm. Regards.

        • Forecast in Zoho CRM Just Got Smarter with an upgraded Zia Intelligence

          Hello Everyone, We are here with an interesting enhancement to Forecasts in Zoho CRM — Enhanced Zia Insights for your sales Forecast. Imagine a regional sales manager reviewing their team’s performance using forecasts in Zoho CRM. Instead of switching

        • Option to Delete Chats in IM

          Currently, there is no option to delete any chats in IM, regardless of their source.

        • Update TDS and TCS rates for Income Tax Act, 2025 (effective April 1, 2026)

          Hello everyone, The Income-tax Rules, 2026 (G.S.R. 198(E), dated March 20, 2026) have been notified, marking a significant structural shift in India’s direct tax framework. From April 1, 2026, the Income Tax Act, 2025 replaces the Income Tax Act, 1961.

        • What is a realistic turnaround time for account review for ZeptoMail?

          On signing up it said 2-3 business days. I am on business-day 6 and have had zero contact of any kind. No follow-up questions, no approval or decline. Attempts to "leave a message" or use the "Contact Us" form have just vanished without a trace. It still

        • Service line items

          Hello Latha, Could you please let me know the maximum number of service line items that can be added to a single work order? Thanks, Chethiya.

        • Automation Series: Auto-assign Resources as Task Owners

          In Zoho Projects, task ownership can be set automatically during task creation, allowing resources to be assigned based on the task name. Resources are work equipment or tools added to the portal to monitor their usage across projects. They can be assigned

        • Zoho CRM Email Templates 100% Width No Background How?

          Hi, On the Zoho CRM Email Templates in setup > customization > templates > new templates > I choose blank template, but still it puts in a gray background and a max width for the email. I just want to make an email that looks like an email I would send from gmail that has no background or max width. How do you do this? 

        • Subform edits don't appear in parent record timeline?

          Is it possible to have subform edits (like add row/delete row) appear in the Timeline for parent records? A user can edit a record, only edit the subform, and it doesn't appear in the timeline. Is there a workaround or way that we can show when a user

        • AI secretary

          In our company, Claude is the secretary and creates inquiries and schedules from Gmail. You no longer have to enter them yourself. The secret is that we created an MCP server that connects to CRM. https://x.com/Mac_nishio/status/1917954562566328694

        • 5 small changes to Recruit that make a big difference

          Sometimes, the biggest improvements aren’t new features, they’re small changes that make everyday actions feel smoother. Over the past few weeks, we’ve made a few such updates across Zoho Recruit. They’re subtle, but together, they remove friction from

        • Project Management Bulletin: March, 2026

          We are passionate about equipping our users with efficient solutions that help them run their businesses successfully. Our collective efforts over the past 2 years have culminated in the launch of Sprints 3.0— built with reliable features, impactful integrations,

        • New security enhancements for portal users: MFA and password management

          Hello everyone, We are excited to announce three major security enhancements that are now available to portal users in Zoho CRM: Organization-wide multi-authentication for portal users - Admins can enforce multi-factor authentication across the entire

        • What matters more in Zoho implementations: tools or system architecture?

          I recently worked on a full-stack migration for a catering equipment business using Zoho One with Shopify, and it raised a few interesting observations. The setup included migrating a large product catalog (around 9,700+ SKUs), integrating multiple supplier

        • [Free Webinar] Learning Table Series 2026 – Customer agreement & contract management using Zoho Creator

          Hello everyone, We’re excited to announce the next session in Learning Table Series 2026, where we will continue with our purpose-driven approach—focusing on how Zoho Creator’s features help solve real-world business challenges. Each session in this series

        • Zoho Payroll's USA and KSA editions are available in Zoho One!

          Greetings! We’re excited to share that Zoho Payroll, currently available only in India and the UAE, is now introducing the KSA (Kingdom of Saudi Arabia) edition and the USA (United States of America) edition, and these editions are now available in Zoho

        • Looking for Guidance on Building a Zoho Website

          I'm exploring the possibility of building a custom website with specific features using Zoho as an alternative platform. My goal is to create something similar to https://gtasandresapk.com , with the same kind of functionality and user experience. I'd

        • Multilingual website feature

          Would be a great feature to have. I saw that this feature was available for backstage. I think it could be done for zoho sites too.

        • [Webinar] Modernize your sales engine with agentic analytics

          Traditional sales decision-making methods aren't cut out for modern businesses. Leveraging AI in sales helps businesses actively respond to the changing dynamics of the market. Agentic AI is letting sales teams across industries make better decisions

        • Built-in Date Functions in Zoho Analytics Query Tables

          I have a doubt about whether Zoho Analytics Query Tables provide built-in functions for start date, end date, and the current month

        • Zoho Commerce in multiple languages

          When will you be able to offer Zoho Commerce in more languages? We sell in multiple markets and want to be able to offer a local version of our webshop. What does the roadmap look like?

        • Nimble enhancements to WhatsApp for Business integration in Zoho CRM: Enjoy context and clarity in business messaging

          Dear Customers, We hope you're well! WhatsApp for business is a renowned business messaging platform that takes your business closer to your customers; it gives your business the power of personalized outreach. Using the WhatsApp for Business integration

        • Zoho Recruit mailserver get blocked by Microsoft!

          Hi, We have experienced this issue twice now, where Zoho Recruit outbound IP addresses are being blocked by Microsoft. We are confident that Microsoft is the blocking party, as all outbound emails to candidates with @hotmail.com, @live.com, and @outlook.com

        • Connectivity issues with Google Calendar and third-party integrations

          Description: We are currently experiencing a critical failure with Zoho CRM third-party connections. This issue is heavily affecting our primary workflow. Symptoms: Sync Failure: Existing Zoho CRM to Google Calendar connections have been failing for approximately

        • How can I export all Deluge code across the application?

          I’m working on a application with multiple forms, reports, and HTML views, where Deluge scripts are used across workflows, field actions, and custom functions. Is there a way to export all Deluge scripts into a single file for easier search?

        • First Name in Mail

          While sending a mail/message to the user, I want only the first name to be displayed—for example: “Hi John” instead of the full name using "Hi ${Name_Field}"

        • Can you import projects into Zoho Projects yet?

          I see some very old posts asking about importing project records into Zoho Projects. But I can't find anything up to date about the topic. Has this functionality been added? Importing tasks is helpful. But we do have a project where importing projects

        • Updating Sales orders on hold

          Surely updating irrelevant fields such as shipping date should be allowed when sales orders are awaiting back orders? Maybe the PO is going to be late arriving so we have to change the shipment date of the Sales order ! Not even allowed through the api - {"code":36014,"message":"Sales orders that have been shipped or on hold cannot be updated."}

        • New Account, Setting up Domain Question

          Hello, I recently set up a new account with a custom domain. But after paying and setting up my account, it says OpenSRS actually owns the domain, and I have to sign up with them to host my site. But OpenSRS wants to charge me $95, which is ridiculous.

        • Zoho Social API for generating draft posts from a third-party app ?

          Hello everyone, I hope you are all well. I have a question regarding Zoho Social. I am developing an application that generates social media posts, and I would like to be able to incorporate a feature that allows saving these posts as drafts in Zoho Social.

        • Deleting unwanted ticket replies

          Hello, In a Zoho Desk Ticket thread, sometimes one of the recipients has auto-reply activated. This creates a new message in the Ticket thread that not only pollutes the thread, but most importantly cannot be replied properly because usually auto-reply e-mails don't do "reply all", so the other recipients are not included. I want to delete such a message in the Ticket thread. I searched the help of Zoho Desk, but only found a way to mark as Spam (https://help.zoho.com/portal/kb/articles/marking-support-tickets-as-spam)

        • Create formula calculations in Assemblies for scaling quantities

          Something we have been encountering with our composite items is dealing with scaling of quantity of one or more items within the composite assembly relative to the number of complete units being sold. I.e. running the equation 2(n-1) on one of the assembly

        • Advanced email configuration - agent's name vs. department name

          We currently have all four Advanced Configuration options turned ON at the Global-level (Channels > Email > Advanced Configuration) - including the "Show Agent name in Ticket replies and outgoing emails" option. We also had that same option turned ON

        • Logged out

          Hi, just been working on a sheet when a pop up box appeared telling me I'm going to be logged out in x number of seconds and if I reload I may lose any edits, or words to that effect. It did indeed log me out and I did indeed lose my last edits. Any idea

        • Issue updating Multi-Select Picklist via API (saves as string instead of checking boxes)

          Hi everyone, I'm hoping someone can point out what I'm doing wrong here. I'm stuck trying to update a custom multi-select field via the Desk API and it's driving me a bit crazy. I have a multi-select picklist called "Buy years" with options like 2023,

        • Page variable not receiving URL parameter in Creator 6 HTML snippet Deluge — Canada DC

          I have a Creator 6 app on Canada DC. I'm trying to pass a URL parameter to an HTML snippet page via Deluge but the variable always returns empty. Setup: Page: MYC_Meeting_Tool Page variable declared: submission_id, type Text Page Script tab contains:

        • Next Page