2024 Email Authentication Standards: Elevating Security with Google and Yahoo

2024 Email Authentication Standards: Elevating Security with Google and Yahoo

In contemporary email communication, email authentication plays a pivotal role in mitigating email fraud, spam, and phishing attacks. Brace yourself for a new level of security. Starting February 2024, Gmail and Yahoo will be implementing robust email authentication requirements to combat harmful messages and emphasize the crucial role of data security. This measure aims to prevent restrictions on sending rates, message blocking, and marking messages as spam.



Who will experience the effects? 

The updated security guidelines apply to all users, particularly those who send 5000 or more than 5000 emails per day from ZOHO DESK. Not following these guidelines may lead to email delivery delays, blocked messages, or the categorization of emails as spam.

Not to worry. We are here to support you with the best possible solutions.

Basic details that every sender should be aware of
 
To safeguard your path in 2024, it is mandatory to follow the fundamental requirements, beginning with email authentications.

When utilizing a Gmail domain in the 'From' address, it is essential to configure the address with its dedicated SMTP for ensuring accurate mail delivery.

For recipients on gmail.com or googlemail.com, it is recommended to publish DMARC for the sender domain to enhance prompt mail delivery. 

Verify with your own SMTP 

In adherence to the new guidelines, reply emails sent from Zoho Desk with From addresses belonging to gmail.com, googlemail.com, to any domains may be bounced or marked as spam. Therefore, we kindly request all customers to configure these From addresses with your own SMTP verification and use TLS for transmitting email rather than Zoho SMTP. If the From addresses were verified previously with your own SMTP, we will continue using the same authentication for all notification emails sent from Zoho Desk.



Rolling out SPF & DKIM  

SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) are vital email authentication protocols that protect against spam, phishing, and spoofing. SPF verifies the authenticity of emails from your domain, while DKIM confirms their source by validating authorized servers associated with sending domains. These protocols work together to validate emails, ensuring that they originate from legitimate sources and have not been tampered with during transmission. This implementation enhances the overall security of your email communications by reducing the risk of email spoofing, phishing, and other malicious activities. 

Minimal Spam Rate 

Maintain spam rates below 0.10% and ensure they never exceed 0.30% for optimal email deliverability.

Essential  Requirements for Users Sending 5000 or More Emails Daily 

Implement DMARC Policy 

DMARC (Domain-based Message Authentication Reporting and Conformance) is an authentication technique that leverages the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to authenticate emails. This helps in preventing forging emails and engaging in unauthorized activities through them.

 How DMARC Works: 

1: Publish the DMARC policy outlining instructions for mailbox providers' receiving servers on how to handle emails that breach the policy.
2: Authenticate your sender domain by implementing SPF and DKIM.
3: The receiving server will apply the DMARC policy and execute the instructions specified in the policy.
4: The receiving server will send a report detailing how it handled the email to the reporting email address specified in the DMARC record.

Sample: DMARC record
v=DMARC1\; p=none\; rua=mailto:dmarc-aggregate@mydomain.com\; ruf=mailto:dmarc-afrf@mydomain.com\; pct=100

v: Signifies the DMARC version in use.
p: Signifies the policy established by the business.
rua: Specifies the URI for sending a consolidated report, including information on SPF and DKIM validation results, details about the sending and receiving domains, and the percentage of successful authentications.
ruf: Specifies the email address where the comprehensive SPF/DKIM failure report will be delivered.
pct: Denotes the percentage of emails subject to the policy application.

To prevent emails from being marked as spam, bounced, or experiencing delays in delivery, it is mandatory to set your policy (p) to none in DMARC record. “p = none”

If the policy (p) is set to "quarantine" or "reject," the emails will either be redirected to the spam folder or will not be delivered to the recipient, respectively. 

Ensure DMARC Alignment 

DMARC alignment pertains to the uniformity in the alignment of email authentication mechanisms, particularly SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail), with the domain asserted by the sender.

Sample DMARC - SPF Alignment

Sender Address

From: Header

Strict Alignment

Relaxed Alignment

support@mycompany.com

support@mycompany.com

Pass

Pass

support@admin. mycompany.com

support@mycompany.com

Fail

Pass

support@mycompany.org

support@mycompany.com

Fail

Fail

 
SPF Strict Alignment: A precise match between the SPF-authenticated domain and the domain specified in the header's "From:" address. 

SPF Relaxed Alignment: The domain indicated in the "From:" address of the header should either match or be a subdomain of the SPF-authenticated domain. 

Sample DMARC - DKIM Alignment

From: Header

DKIM d= domain

Strict Alignment

Relaxed Alignment

support@mycompany.com

mycompany.com

Pass

Pass

support@admin. mycompany.com

mycompany.com

Fail

Pass

support@mycompany.org

mycompany.com

Fail

Fail


DKIM Strict Alignment: A precise match between the relevant DKIM domain and the domain specified in the header's "From:" address. 

DKIM Relaxed Alignment: The domain mentioned in the "From:" address of the header must either coincide with or be a subdomain of the SPF-authenticated domain. 

Add ARC headers 

Implement ARC (Authenticated Received Chain) authentication to avoid Gmail categorizing the email as unauthenticated, especially when utilizing frequent mail forwarding practices.
For additional information on ARC authentication, please refer to the official Google document linked here.

Set up SPF & DKIM 
Mail authentication protocols such as SPF & DKIM should be implemented for organization sending emails to google or yahoo recipients.

What are the consequences if the deadline is not met? 

Adhering to the sender requirements before the deadline is crucial for optimizing email delivery. Failure to meet the criteria detailed in this article may lead to your email not reaching its destination as intended or being categorized as spam.

Quick Summary:

The Update - Gmail and Yahoo are implementing robust email authentication standards from February 2024.
The Effects - Failure to meet these requirements may result in emails being categorized as spam or not reaching their intended destination.
The Action to be taken - Users sending 5000 or more emails daily must implement SPF,  DKIM and publish DMARC policies. 


Regards,
Sumaya Howth - Product Manager
The Zoho Desk Team



      • Sticky Posts

      • 2024 Email Authentication Standards: Elevating Security with Google and Yahoo

        In contemporary email communication, email authentication plays a pivotal role in mitigating email fraud, spam, and phishing attacks. Brace yourself for a new level of security. Starting February 2024, Gmail and Yahoo will be implementing robust email

      • Using Agent Email Address as From Address

        Currently, while replying to a ticket, it is possible for agents to choose their own email addresses as 'from' addresses. Although we built this just for that little extra flexibility, in hindsight, it hasn't figured much in conventional usage.  Almost all businesses prefer that responses to their customers' tickets be sent from the common support/service email address and NOT from those of individual agents. During personal interactions at events, some of you have even made passing mentions about

      • Edit and Delete options in Comments

        A lot of teams have been using ticket comments extensively to collaborate everyday. Notification Center further improved this experience by bringing real-time updates. As we continue to build more improvements to this experience, we've shipped a small-yet-important

      • Webinar 2: Supercharged customer support for growing business

        Join us for this webinar and learn how to step up your support game using a real-time communication platform to generate happier, more successful customers. In this live webinar, we will will discuss the importance of SalesIQ for your support team and how it can help you:  Understand your customers better and their journeys to proactively support and engage them even before they ask for help.  Integrating real time conversations into Zoho Desk’s Support, providing a conversational customer service

      • Customize Colors of your Customer Self Service Portal

        You asked for it. We heard you. We're happy to roll out the most sought after feature request, Customizing the Colors of your Customer Self-service Portal. Now you can set the color of your customer portal to mimic your company's web site, so that your customers visiting the portal will not feel alienated by the default theme.  Go ahead and configure the color of the header, tabs, fonts and background according to your needs. You can either choose between default color themes like Blue, Grey, Green

        • Recent Topics

        • CRM x WorkDrive: File storage for new CRM signups is now powered by WorkDrive

          Availability Editions: All DCs: All Release plan: Released for new signups in all DCs. It will be enabled for existing users in a phased manner in the upcoming months. Help documentation: Documents in Zoho CRM Manage folders in Documents tab Manage files

        • Anyone worked out how to export or screengrab a full heatmap?

          I'd love to be able to include a copy of a heatmap in a report but can't work out how to grab the whole thing as there doesn't appear to be an export function? Thanks in advance.

        • Introducing Built-in Telephony in Zoho Recruit

          We’re excited to introduce Built-in Telephony in Zoho Recruit, designed to make recruiter–candidate communication faster, simpler, and fully traceable. These capabilities help you reduce app switching, handle inbound calls efficiently, and keep every

        • Sender Email Configuration Error.

          Hello Team, Hope you are all doing well. We are in the process of creating the Zoho FSM environment in the UAE. When we try to add the sender email address “techsupportuae@stryker.com”, we receive the error message: “Error occurred while sending mail

        • Default/Private Departments in Zoho Desk

          1) How does one configure a department to be private? 2) Also, how does one change the default department? 1) On the list of my company's Zoho Departments, I see that we have a default department, but I am unable to choose which department should be default. 2) From the Zoho documentation I see that in order to create a private department, one should uncheck "Display in customer portal" on the Add Department screen. However, is there a way to change this setting after the department has been created?

        • Es posible cambiar el lenguaje de los modulos del ASAP?

          Es posible cambiar el lenguaje de estos textos? Tengo Zoho configurado en español pero aun así me muestra estos textos en ingles:

        • Auto-publish job openings on my Zoho Recruit Careers Website

          I have developed a script using the Zoho Recruit API that successfully inserts new jobOpening records to my Zoho Recruit website, but my goal is to auto-publish to the Careers Website. The jobOpening field data shows two possible candidates to make this

        • [Free webinar] Custom domains for portals in Zoho Creator - Creator Tech Connect

          Hello everyone, We’re excited to invite you to another edition of the Creator Tech Connect webinar. About Creator Tech Connect The Creator Tech Connect series is a free monthly webinar featuring in-depth technical sessions designed for developers, administrators,

        • Remove my video

          Hi, How can I remove my video so that I don't have to see myself. It's weird so I always remove my own video from what I see but cannot find this feature here. Thanks!

        • Marking a meeting 'done'.

          I would like to somehow mark a meeting 'done' and placed under the contact's page rather than deleting it and having no record of it. Am I missing a button that does this?

        • Add Lookup Field in Tasks Module

          Hello, I have a need to add a Lookup field in addition to the ones that are already there in the Tasks module. I've seen this thread and so understand that the reason lookup fields may not be part of it is that there are already links to the tables (

        • Super Admin Logging in as another User

          How can a Super Admin login as another user. For example, I have a sales rep that is having issues with their Accounts and I want to view their Zoho Account with out having to do a GTM and sharing screens. Moderation Update (8th Aug 2025): We are working

        • Cannot find zpuid for Zoho Projects user

          I'm using the Zoho Projects v3 API to create a task. The task is created successfully, but in order to assign the task owner, the "Create a Task" API also requires the zpuid of the task owner. Unfortunately I cannot find any user-related API calls that

        • Allocating inventory to specific SO's

          Is there a way that allocate inventory to a specific sales order? For example, let's say we have 90 items in stock. Customer 1 orders 100 items. This allocates all 90 items to their order, and they have a back order for the remaining 10 items which could

        • Can Zoho Marketing Automation send OTP codes via WhatsApp during user registration?

          The flow I would like to implement is: A user signs up in the mobile app and enters their phone number. The system generates a one-time verification code (OTP). The OTP is sent to the user via WhatsApp message. The user enters the code in the app to confirm

        • Incorrect Functioning of Time Logs API (Version 3)

          We need to fetch the list of time logs for each task for our company internal usage. We are trying to achieve it by using the next endpoint: https://projects.zoho.com/api-docs#bulk-time-logs#get-all-project-time-logs Firstly, in the documentation the

        • Partial payments for retainer invoices

          When a customer does not pay the entire retainer invoice there is no way to apply a partial payment. PLEASE add this function.

        • Can I export to PDF in Zoho Learn

          I have seen help pages where export to pdf options are available but I do not see that option available from the application. I see that exprt is available in my free trial version but that is only to html pages. I need to be able to export my manuals

        • Service line items

          Hello Latha, Could you please let me know the maximum number of service line items that can be added to a single work order? Thanks, Chethiya.

        • Sending emails via Books

          Anyone else getting similar problems recently ??..... Hi, Your message to the following recipient was not delivered. Please find the details below.  Bounce Details: Bounced Address : someone@google.com Bounce Reason : other ; Status : 5.0.0 (undefined status) ; Daignostic-Code : smtp;542 someone@google.com Rejected ; Bounced Time : Sep 05, 2017 06:37 PM BST Regards, Zoho Team The email addresses were fine only a few days ago but are now being rejected ?

        • PDF Generator Upgrade

          Hi Team, What will happen if I don't make any changes for existing template. Zoho just ask us upgrade but haven't tell the benefit. Zoho Corporation

        • No Need To Fix Something That Is Working

          Zoho Books is a great financial tool which helps businesses to become more efficient and productive with day-to-day operations. As such, every change, upgrade, improvement needs to be carefully thought before implemented in the software and I'm sure Zoho

        • Total Cost in reports showing zero

          The image below shows my issue. The column Total Cost should show the cost to our company based on hours logged and the employee's rate. For instance, if the person working on Subtask 1 is paid 20/hr, then Total Cost should display $160 ($20x8 logged

        • Zoho Books (and other finance suite apps) - Retrospective Linking of Invoice and Sales Orders to Quotes.

          In some cases, Quotes and Invoies may be created sperately instead of using the convert feature. In this feature request I am asking for the Finance Suite team to consider adding a lookup field to reference the quote on Invoices and Sales Orders, or some

        • Bring real app analytics into Zoho Creator apps with Zoho Apptics

          We’re kicking off the year with a release we’ve been looking forward to for a long time. After being in the works for a while, Zoho Creator and Zoho Apptics are now officially integrated, bringing in-depth product analytics directly into the Zoho Creator

        • ZohoMail's outbound webhook sends incorrect folderId and messageId

          I used a webhook (outbound) from within ZohoMail to send message details when a new message arrives that meets specific criteria. I received this data correctly. Now I want to get the attachment from this email message. When I made an api call using folder

        • Use URL field to populate Image in a Email Template

          We have two records Record 1: Appointments (with a Lookup to Doctors module) Related Record 2: Doctors (with a URL field that is an image of the doctor) We would like to populate a CRM email template with the image of the URL field for the related doctor

        • Looking for Guidance on Building a Zoho Website

          I'm exploring the possibility of building a custom website with specific features using Zoho as an alternative platform. My goal is to create something similar to https://gtasandresapk.com , with the same kind of functionality and user experience. I'd

        • Ability to add VAT to Retainer Invoices

          Hello, I've had a telephone conversation a month ago with Dinesh on this topic and my request to allow for the addition of VAT on Retainer Invoices.  It's currently not possible to add VAT to Retainer Invoices and it was mutually agreed that there is absolutely no reason why there shouldn't be, especially as TAX LAW makes VAT mandatory on each invoice in Europe!   So basically, what i'm saying is that if you don't allow us to add VAT to Retainer Invoices, than the whole Retainer Invoices becomes

        • Zoho Bookings Forge: A hands-on workshop series

          Hello all! We’re hosting a five-part, hands-on workshop series to help you optimize Zoho Bookings for your business. In these sessions, we’ll cover key features, practical use cases, and clear steps to get started or improve your current setup. Here are

        • Introducing parent-child ticketing in Zoho Desk [Early access]

          Hello Zoho Desk users! We have introduced the parent-child ticketing system to help customer service teams ensure efficient resolution of issues involving multiple, related tickets. You can now combine repetitive and interconnected tickets into parent-child

        • Update Existing Records greyed out in Free Version

          Trying to update records from an Excel sheet, and not getting the option to update. Only option is to add as new accounts. All documentation I can see says update should be an option! Accounts, Leads, Contacts, all the same.

        • Help with deluge script

          Hi Community, this is my first Deluge script. I've pieced it together from reading various articles I want to use it in a workflow to 1 Convert a lead to a contact 2. Create a record in a custom module Below is what I have got so far but it does not fire

        • Introducing Workqueue: your all-in-one view to manage daily work

          Hello all, We’re excited to introduce a major productivity boost to your CRM experience: Workqueue, a dynamic, all-in-one workspace that brings every important sales activity, approval, and follow-up right to your fingertips. What is Workqueue? Sales

        • Delete button

          Hi, The delete button were hide into the three dot button. Can I display outside? why Zoho make this update?

        • Zoho Vault CLI for Developers and Automations

          Hi everyone, If you're managing credentials in scripts, CI/CD pipelines, or automation workflows, Zoho Vault's Command Line Interface (CLI) can help you securely access and manage secrets directly from your terminal. Zoho Vault was launched in 2013 as

        • On Edit Validation Blueprint

          Hello, I have a notes field and a signature field. When the Approve button is clicked, the Signature field will appear and must be filled in. When the Reject button is clicked, the Notes field will appear and must be filled in. Question: Blueprint will

        • Server-based Appication API access for Social, Sites, Flow, Pages.

          Hello, I am trying to hook up API access for a number of apps and I have hit a wall trying to add these scopes to the API feed. We cannot find the correct way to list the scope for these Zoho apps; Social, Sites, Flow, Pages. Error on web-page comes back

        • Zoho Subscriptions -- Zoho Commerce integration

          Is there integration between Zoho Subscriptions and Zoho Commerce? I would like to create subscription plans in Zoho Subscritpions and list them for on my Zoho Commerce store.

        • Synching changes to Stripe when changes are made in Zoho Billing

          We have a situation where we have merged customers in Zoho BIlling and then found out later that the payment in Stripe was not updated and still associated with the old customer record. The card gets updated and billed, but that payment is still associated

        • Next Page