2024 Email Authentication Standards: Elevating Security with Google and Yahoo

2024 Email Authentication Standards: Elevating Security with Google and Yahoo

In contemporary email communication, email authentication plays a pivotal role in mitigating email fraud, spam, and phishing attacks. Brace yourself for a new level of security. Starting February 2024, Gmail and Yahoo will be implementing robust email authentication requirements to combat harmful messages and emphasize the crucial role of data security. This measure aims to prevent restrictions on sending rates, message blocking, and marking messages as spam.



Who will experience the effects? 

The updated security guidelines apply to all users, particularly those who send 5000 or more than 5000 emails per day from ZOHO DESK. Not following these guidelines may lead to email delivery delays, blocked messages, or the categorization of emails as spam.

Not to worry. We are here to support you with the best possible solutions.

Basic details that every sender should be aware of
 
To safeguard your path in 2024, it is mandatory to follow the fundamental requirements, beginning with email authentications.

When utilizing a Gmail domain in the 'From' address, it is essential to configure the address with its dedicated SMTP for ensuring accurate mail delivery.

For recipients on gmail.com or googlemail.com, it is recommended to publish DMARC for the sender domain to enhance prompt mail delivery. 

Verify with your own SMTP 

In adherence to the new guidelines, reply emails sent from Zoho Desk with From addresses belonging to gmail.com, googlemail.com, to any domains may be bounced or marked as spam. Therefore, we kindly request all customers to configure these From addresses with your own SMTP verification and use TLS for transmitting email rather than Zoho SMTP. If the From addresses were verified previously with your own SMTP, we will continue using the same authentication for all notification emails sent from Zoho Desk.



Rolling out SPF & DKIM  

SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) are vital email authentication protocols that protect against spam, phishing, and spoofing. SPF verifies the authenticity of emails from your domain, while DKIM confirms their source by validating authorized servers associated with sending domains. These protocols work together to validate emails, ensuring that they originate from legitimate sources and have not been tampered with during transmission. This implementation enhances the overall security of your email communications by reducing the risk of email spoofing, phishing, and other malicious activities. 

Minimal Spam Rate 

Maintain spam rates below 0.10% and ensure they never exceed 0.30% for optimal email deliverability.

Essential  Requirements for Users Sending 5000 or More Emails Daily 

Implement DMARC Policy 

DMARC (Domain-based Message Authentication Reporting and Conformance) is an authentication technique that leverages the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to authenticate emails. This helps in preventing forging emails and engaging in unauthorized activities through them.

 How DMARC Works: 

1: Publish the DMARC policy outlining instructions for mailbox providers' receiving servers on how to handle emails that breach the policy.
2: Authenticate your sender domain by implementing SPF and DKIM.
3: The receiving server will apply the DMARC policy and execute the instructions specified in the policy.
4: The receiving server will send a report detailing how it handled the email to the reporting email address specified in the DMARC record.

Sample: DMARC record
v=DMARC1\; p=none\; rua=mailto:dmarc-aggregate@mydomain.com\; ruf=mailto:dmarc-afrf@mydomain.com\; pct=100

v: Signifies the DMARC version in use.
p: Signifies the policy established by the business.
rua: Specifies the URI for sending a consolidated report, including information on SPF and DKIM validation results, details about the sending and receiving domains, and the percentage of successful authentications.
ruf: Specifies the email address where the comprehensive SPF/DKIM failure report will be delivered.
pct: Denotes the percentage of emails subject to the policy application.

To prevent emails from being marked as spam, bounced, or experiencing delays in delivery, it is mandatory to set your policy (p) to none in DMARC record. “p = none”

If the policy (p) is set to "quarantine" or "reject," the emails will either be redirected to the spam folder or will not be delivered to the recipient, respectively. 

Ensure DMARC Alignment 

DMARC alignment pertains to the uniformity in the alignment of email authentication mechanisms, particularly SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail), with the domain asserted by the sender.

Sample DMARC - SPF Alignment

Sender Address

From: Header

Strict Alignment

Relaxed Alignment

support@mycompany.com

support@mycompany.com

Pass

Pass

support@admin. mycompany.com

support@mycompany.com

Fail

Pass

support@mycompany.org

support@mycompany.com

Fail

Fail

 
SPF Strict Alignment: A precise match between the SPF-authenticated domain and the domain specified in the header's "From:" address. 

SPF Relaxed Alignment: The domain indicated in the "From:" address of the header should either match or be a subdomain of the SPF-authenticated domain. 

Sample DMARC - DKIM Alignment

From: Header

DKIM d= domain

Strict Alignment

Relaxed Alignment

support@mycompany.com

mycompany.com

Pass

Pass

support@admin. mycompany.com

mycompany.com

Fail

Pass

support@mycompany.org

mycompany.com

Fail

Fail


DKIM Strict Alignment: A precise match between the relevant DKIM domain and the domain specified in the header's "From:" address. 

DKIM Relaxed Alignment: The domain mentioned in the "From:" address of the header must either coincide with or be a subdomain of the SPF-authenticated domain. 

Add ARC headers 

Implement ARC (Authenticated Received Chain) authentication to avoid Gmail categorizing the email as unauthenticated, especially when utilizing frequent mail forwarding practices.
For additional information on ARC authentication, please refer to the official Google document linked here.

Set up SPF & DKIM 
Mail authentication protocols such as SPF & DKIM should be implemented for organization sending emails to google or yahoo recipients.

What are the consequences if the deadline is not met? 

Adhering to the sender requirements before the deadline is crucial for optimizing email delivery. Failure to meet the criteria detailed in this article may lead to your email not reaching its destination as intended or being categorized as spam.

Quick Summary:

The Update - Gmail and Yahoo are implementing robust email authentication standards from February 2024.
The Effects - Failure to meet these requirements may result in emails being categorized as spam or not reaching their intended destination.
The Action to be taken - Users sending 5000 or more emails daily must implement SPF,  DKIM and publish DMARC policies. 


Regards,
Sumaya Howth - Product Manager
The Zoho Desk Team


      • Sticky Posts

      • Webinar 2: Supercharged customer support for growing business

        Join us for this webinar and learn how to step up your support game using a real-time communication platform to generate happier, more successful customers. In this live webinar, we will will discuss the importance of SalesIQ for your support team and how it can help you:  Understand your customers better and their journeys to proactively support and engage them even before they ask for help.  Integrating real time conversations into Zoho Desk’s Support, providing a conversational customer service
      • Customize Colors of your Customer Self Service Portal

        You asked for it. We heard you. We're happy to roll out the most sought after feature request, Customizing the Colors of your Customer Self-service Portal. Now you can set the color of your customer portal to mimic your company's web site, so that your customers visiting the portal will not feel alienated by the default theme.  Go ahead and configure the color of the header, tabs, fonts and background according to your needs. You can either choose between default color themes like Blue, Grey, Green
      • Edit and Delete options in Comments

        A lot of teams have been using ticket comments extensively to collaborate everyday. Notification Center further improved this experience by bringing real-time updates. As we continue to build more improvements to this experience, we've shipped a small-yet-important
      • 2024 Email Authentication Standards: Elevating Security with Google and Yahoo

        In contemporary email communication, email authentication plays a pivotal role in mitigating email fraud, spam, and phishing attacks. Brace yourself for a new level of security. Starting February 2024, Gmail and Yahoo will be implementing robust email
      • Announcing the New and Improved Article Editor

        KBase articles are known to help customers, find solutions to problems on their own and set the stage for ticket deflection. That said, the way you present your KBase content is the clinching factor that ensures your customers stick around to consume it.  We took it upon ourselves to build an editor that allows you to publish articles without delving into the code. Well, at least for the most part. With more options and a redefined interface, the article editor in Zoho Desk is now better than ever!

        • Recent Topics

        • Firebase Functions integration

          Hello Zoho Team, Please advise how I can configure SMTP in my account to facilitate Firebase-triggered email functions. Please note that I desire to send an email with a JSON object collected from Firebase Firestore and included in my mail to forward
        • Cant connect my Zoho Email to Apollo.io account

          Im trying to add my Zoho email to my Apollo account in order to be able to send emails through Apollo but I keep getting time out error. In order to set the email account there is a small form in Apollo I have to fill. For email and password I use the
        • I am having issues with my Zoho Mail account;

          I am having issues with my Zoho Mail account; I am unable to send or receive emails and need to reactivate my account. I am receiving the following message: "This message was created automatically by the mail delivery system. THIS IS A WARNING MESSAGE
        • User Filter for Dynamic Date Dimensions in Zoho Analytics

          One challenge I frequently encounter is the need to create multiple versions of the same report—one for yearly data, another for quarterly data, another for monthly, and so on. While this works, it leads to unnecessary duplication, making maintenance
        • Zoho CRM - COQL query failing with no reason

          Hi I'm trying to execute a COQL query but it's returning an error. Unfortunately I cannot understand where I'm wrong The query is the following;: URL: POST https://www.zohoapis.com/crm/v2.1/coql Body: { "select_query": "select id,Adjustment,Billing_City,Billing_Code,Billing_State,Billing_Street,Buyer_PO_Number,Delivery_Date,Delivery_Method,Due_Date,Grand_Total,Invoice_
        • Does anyone know what is the time frame for our Tickets to be attended to?

          4 Days ago I sent a ticket to check if our vendor's email address/domain is listed as spam because for some reason, their emails kept being bounced back and we did not receive any notification. As of yet, I have not received any indication that my query
        • Linking an email to a Contact when the email is sent in deluge via sendmail

          The "to:" address in this code is a CRM Contact. Email address is forced unique in CRM This sendmail gets sent via a workflow which is in a custom module. It works, except that the outbound email does not appear (i.e, get linked to) the Contact such that
        • Re-emphasizing the importance of Domain Whitelisting in ASAP's JWT Authentication Mechanism

          The problem We discovered a security vulnerability related to using OAuth tokens in non-whitelisted domains and have reinforced our security measures. If you experience any request failures in the authorized domains, please verify that they are whitelisted
        • How do you arrange order in which the speakers are listed in a session once they have been selected?

          Probably another simple thing I've missed but I can't find how to arrange the order in which the speakers are listed in a session once they have been selected. We usually want the speakers listed alphabetically by last name, but sometimes not. Once the
        • How do you select/display the Speaker that will be the chair/moderator of a Session?

          I could very well be missing something but I can't see an option for displaying the Speaker that will be chairing/moderating a Session There doesn’t appear to be an option for this in the available Session fields I can can’t find anywhere that would allow
        • How do I connect a Google Cloud Project as a Custom Service

          How can I connect a Google Cloud project as a custom service to ZohoCRM? I need to pull YouTube Analytics data into CRM, but I cannot use the included YouTube service as it does not have the scopes I need. Therefore, I need to create a custom service.
        • email configuration - email is rejected - what is best way forward

          We started getting rejection/bounce back on email sent out of zohodesk. typically we have SMTP from our domain into zohodesk eg support@example.com our mail respones go back out as example : support@example.zohodesk.com These email bounce with error:
        • Sync Gmail for Admins

          Hello. We migrated from gmail to Zoho mail a few years ago, but some users want to be able to use gmail. I have set up dual delivery in the Zoho Mail Admin console. This is working fine. I can't figure out how to sync outgoing emails. Specifically, if
        • Passing Information from ZohoCRM to ZohoCreator

          I've got a use case where I'm attempting to use a button within ZohoCRM to pull a list of options into buttons on creator when page is loaded. I'm pretty well versed in Deluge, but I'm having a difficult time trying to understand how to dynamically place
        • Zoho mail down?

          I try to log in my Zoho mail and I get a file named "0.json", attached, downloaded instead. What is happening?
        • Main Company Email Blocked - Error 5545 5.1.8, Urgent Help Needed!

          We've been using Zoho Email for two years and all our email activity is hosted on this platform. Yesterday, our account was blocked with error code 5545 5.1.8 without any explanation provided. How can we get our account unblocked? We have all our emails
        • Housing Leads and Existing Customers

          We are a Software as a Service (SaaS) company offering subscription-based services. Our customers include individuals, businesses, and resellers who market our software to their clients. Currently, we use Zoho CRM solely for leads/deals, but we would
        • No more IMAP/POP/SMTP on free plans even on referrals with NO NOTICE

          Outraged. Just referred a colleague to use her domain (not posting it publicly here) to Zoho, just as I have other colleagues, clients, friends. Expected the exact same free plan features as I have and as everyone else I ever referred got. I was helping
        • Import for Apple Notes

          Hi, thanks to GDPR we can now retrieve a full download of Apple Notes via https://appleid.apple.com/ It would be great if we could migrate to Zoho this way, especially because attachments in the notes could be safely included in the import. Thanks and
        • Simple Deluge Script

          Hi. I'm brand new to functions but I'm trying to create a script to convert a date field in Meetings to a written format. For example, instead of 02/05/2025 8:00AM, I'd like to convert it to Wednesday, February 5, 8:00 AM. My Date field is the API Name
        • Why hasn't Zoho CRM For Everyone been rolled out?

          I don't understand the point of rolling out new features so slowly after a big fanfare launch 8 months ago. I've signed up for 'early access' and also contacted my point of contact, but nothing. Not even an auto reply. Would you say that this is good
        • Create Pop up notification on Contacts that there's an "Open Deal".

          I am trying to create Pop up notification on Contacts whenever there's an "Open Deal" on that contact. I am new to Zoho but figured out that this can be done with a Client Script. I got the code below and created the script however its not working. What
        • Editing landing page after signup for a webinar

          Hi, how can I edit the landing page after signing up for a webinar. I personalized the email "registration confirmation", which is working fine. Nevertheless after submitting the form, the participant gets redirected to a page, which looks like the standard
        • How to Send Weekly Scheduled Emails of a Custom View

          Greetings, We have a custom view called "All Employee View" for the Employee form. We are able to manually export that view using the "Export" button: However, we want to programmatically export this view as an XLS file each week and send it in an email
        • Determine which Notebook a Card is in?

          How can I find out which Notebook a Card is in? I.e. I search on "septic" and find that there is a Card named "Septic Status" but I need to know which Notebook it is in because I want to move it to a particular one.
        • Scroll to Bottom

          When scrolling a long list of notes within a Notebook, a "Scroll to Top" link appears. It would be very helpful to me if a "Scroll to Bottom" link was also provided. The same links would also be much appreciated if shown when scrolling within a long
        • All time fullscreen start -_-

          in new version ''Notebook'' progam start at full screen,it make my eyes bleeding when i use it. Becouse it start at full white bright screen ,even at night or dark mode. Can you fix this? make option to not start at fullscrn, or make program remember
        • Marking a Desk ticket as Unread after merge

          We have a custom script that runs against every new ticket and auto-merges it with any existing ticket that matches our criteria. That works fine but there is no functionality that reverts the newly-updated ticket back to an "unread" state. I found the
        • Automated Messages in Zoho Desk - WhatsApp

          Hi, We set-up an automated message reply to our whatsapp channel for our support that was connected to the zoho desk. I need to change these automated messages but am unable to find the place where I can make these changes. Anyone able to assist?
        • Restrict Announcement Pop-ups to Administrators in Zoho Desk

          Dear Zoho Desk Support Team, We are writing to request a feature enhancement that would allow organizations to restrict announcement pop-ups to administrators only. Currently, announcement pop-ups are sent to all users within a Zoho Desk organization,
        • Work Orders / Bundle Requests

          Zoho Inventory needs a work order / bundle request system. This record would be analogous to a purchase order in the purchasing workflow or a sales order in the sales cycle. It would be non-journaling, but it would reserve the appropriate inventory of
        • Upload and embed a video into an article?

          How can we upload a video and embed it into an article? It is possible for images but this only supports image files. And don't say it has to be uploaded to YouTube, Vimeo or DailyMotion in order to embed it. We're trying to create company documentation
        • For security reasons your account has been blocked as you have exceeded the maximum number of requests per minute that can originate from one account.

          Hello Zoho Even if we open 10-15 windows in still we are getting our accounts locked with error " For security reasons your account has been blocked as you have exceeded the maximum number of requests per minute that can originate from one account. "
        • Change default "Sort by"

          Is there a way to change the default "sort by" when searching across modules?" in Zoho CRM? Currently the default sort method is "Modified time" but i would like to utilize the second option of "relevance" as the sort by default and not have to change
        • Solution for setting up header and footer in a template

          Hi all, Emon need for business, I have long searched the forum and also how to put in my quote and my bills a header and a footer. And finally, I have an other working stream elements allowing me to meet my needs ... Given the number of people seeking the same thing as me, I say it might be good to share my discovery. It's simple and easy to implement First, start by adding the beginning of your HTML the following: <style> html {margin: 0;}  body {margin: 0;}  div # printhead { display: block;  position:
        • Embed links between Learn manuals and articles

          Is there a way to embed links so that the user can access different Learn articles, from within an article? For example, in a Billing manual, in an article on New Client Billing, can I link to an article in a Records manual on Client File Setup? Thanks
        • Zoho Analytics Triggers & Action Deprecation - Why So Much Manual Intervention Needed?

          I understand that APIs evolve and that updates need to happen. However, the way that the Zoho Analytics update is being rolled out is making life on users very difficult. First of all, the whole idea of forcing users to manually reconstruct Flows with
        • Allow all Company Users to view all projects, but only owner/admins can change projects

          I was wondering if there was a permission setting I could adjust to allow all our company users to see all projects created. Then, only the project owners and admins with the change permission. Thanks
        • Proceed with SSL certification for your domain

          Hi Team For white labelling of Zoho Survey, we have done the following things Domain Mapping Go to your domain provider's Admin Console Create a CNAME entry under your domain Edit the CNAME to survey.cs.zohohost.in Kindly proceed for the SSL Certification
        • How to separate Vendor custom fields from Customer custome fields

          Hi, Customer and Vendor form are separated in Books. We are synchronising them with (respectively) CRM Accounts and CRM Vendors. We add Customer Fields in Customer & Vendors Fields in Books as the CRM has some we need to synchronize. But Books shows Vendors
        • Next Page