2024 Email Authentication Standards: Elevating Security with Google and Yahoo

2024 Email Authentication Standards: Elevating Security with Google and Yahoo

In contemporary email communication, email authentication plays a pivotal role in mitigating email fraud, spam, and phishing attacks. Brace yourself for a new level of security. Starting February 2024, Gmail and Yahoo will be implementing robust email authentication requirements to combat harmful messages and emphasize the crucial role of data security. This measure aims to prevent restrictions on sending rates, message blocking, and marking messages as spam.



Who will experience the effects? 

The updated security guidelines apply to all users, particularly those who send 5000 or more than 5000 emails per day from ZOHO DESK. Not following these guidelines may lead to email delivery delays, blocked messages, or the categorization of emails as spam.

Not to worry. We are here to support you with the best possible solutions.

Basic details that every sender should be aware of
 
To safeguard your path in 2024, it is mandatory to follow the fundamental requirements, beginning with email authentications.

When utilizing a Gmail domain in the 'From' address, it is essential to configure the address with its dedicated SMTP for ensuring accurate mail delivery.

For recipients on gmail.com or googlemail.com, it is recommended to publish DMARC for the sender domain to enhance prompt mail delivery. 

Verify with your own SMTP 

In adherence to the new guidelines, reply emails sent from Zoho Desk with From addresses belonging to gmail.com, googlemail.com, to any domains may be bounced or marked as spam. Therefore, we kindly request all customers to configure these From addresses with your own SMTP verification and use TLS for transmitting email rather than Zoho SMTP. If the From addresses were verified previously with your own SMTP, we will continue using the same authentication for all notification emails sent from Zoho Desk.



Rolling out SPF & DKIM  

SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) are vital email authentication protocols that protect against spam, phishing, and spoofing. SPF verifies the authenticity of emails from your domain, while DKIM confirms their source by validating authorized servers associated with sending domains. These protocols work together to validate emails, ensuring that they originate from legitimate sources and have not been tampered with during transmission. This implementation enhances the overall security of your email communications by reducing the risk of email spoofing, phishing, and other malicious activities. 

Minimal Spam Rate 

Maintain spam rates below 0.10% and ensure they never exceed 0.30% for optimal email deliverability.

Essential  Requirements for Users Sending 5000 or More Emails Daily 

Implement DMARC Policy 

DMARC (Domain-based Message Authentication Reporting and Conformance) is an authentication technique that leverages the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to authenticate emails. This helps in preventing forging emails and engaging in unauthorized activities through them.

 How DMARC Works: 

1: Publish the DMARC policy outlining instructions for mailbox providers' receiving servers on how to handle emails that breach the policy.
2: Authenticate your sender domain by implementing SPF and DKIM.
3: The receiving server will apply the DMARC policy and execute the instructions specified in the policy.
4: The receiving server will send a report detailing how it handled the email to the reporting email address specified in the DMARC record.

Sample: DMARC record
v=DMARC1\; p=none\; rua=mailto:dmarc-aggregate@mydomain.com\; ruf=mailto:dmarc-afrf@mydomain.com\; pct=100

v: Signifies the DMARC version in use.
p: Signifies the policy established by the business.
rua: Specifies the URI for sending a consolidated report, including information on SPF and DKIM validation results, details about the sending and receiving domains, and the percentage of successful authentications.
ruf: Specifies the email address where the comprehensive SPF/DKIM failure report will be delivered.
pct: Denotes the percentage of emails subject to the policy application.

To prevent emails from being marked as spam, bounced, or experiencing delays in delivery, it is mandatory to set your policy (p) to none in DMARC record. “p = none”

If the policy (p) is set to "quarantine" or "reject," the emails will either be redirected to the spam folder or will not be delivered to the recipient, respectively. 

Ensure DMARC Alignment 

DMARC alignment pertains to the uniformity in the alignment of email authentication mechanisms, particularly SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail), with the domain asserted by the sender.

Sample DMARC - SPF Alignment

Sender Address

From: Header

Strict Alignment

Relaxed Alignment

support@mycompany.com

support@mycompany.com

Pass

Pass

support@admin. mycompany.com

support@mycompany.com

Fail

Pass

support@mycompany.org

support@mycompany.com

Fail

Fail

 
SPF Strict Alignment: A precise match between the SPF-authenticated domain and the domain specified in the header's "From:" address. 

SPF Relaxed Alignment: The domain indicated in the "From:" address of the header should either match or be a subdomain of the SPF-authenticated domain. 

Sample DMARC - DKIM Alignment

From: Header

DKIM d= domain

Strict Alignment

Relaxed Alignment

support@mycompany.com

mycompany.com

Pass

Pass

support@admin. mycompany.com

mycompany.com

Fail

Pass

support@mycompany.org

mycompany.com

Fail

Fail


DKIM Strict Alignment: A precise match between the relevant DKIM domain and the domain specified in the header's "From:" address. 

DKIM Relaxed Alignment: The domain mentioned in the "From:" address of the header must either coincide with or be a subdomain of the SPF-authenticated domain. 

Add ARC headers 

Implement ARC (Authenticated Received Chain) authentication to avoid Gmail categorizing the email as unauthenticated, especially when utilizing frequent mail forwarding practices.
For additional information on ARC authentication, please refer to the official Google document linked here.

Set up SPF & DKIM 
Mail authentication protocols such as SPF & DKIM should be implemented for organization sending emails to google or yahoo recipients.

What are the consequences if the deadline is not met? 

Adhering to the sender requirements before the deadline is crucial for optimizing email delivery. Failure to meet the criteria detailed in this article may lead to your email not reaching its destination as intended or being categorized as spam.

Quick Summary:

The Update - Gmail and Yahoo are implementing robust email authentication standards from February 2024.
The Effects - Failure to meet these requirements may result in emails being categorized as spam or not reaching their intended destination.
The Action to be taken - Users sending 5000 or more emails daily must implement SPF,  DKIM and publish DMARC policies. 


Regards,
Sumaya Howth - Product Manager
The Zoho Desk Team



      • Sticky Posts

      • Using Agent Email Address as From Address

        Currently, while replying to a ticket, it is possible for agents to choose their own email addresses as 'from' addresses. Although we built this just for that little extra flexibility, in hindsight, it hasn't figured much in conventional usage.  Almost all businesses prefer that responses to their customers' tickets be sent from the common support/service email address and NOT from those of individual agents. During personal interactions at events, some of you have even made passing mentions about

      • Edit and Delete options in Comments

        A lot of teams have been using ticket comments extensively to collaborate everyday. Notification Center further improved this experience by bringing real-time updates. As we continue to build more improvements to this experience, we've shipped a small-yet-important

      • Webinar 2: Supercharged customer support for growing business

        Join us for this webinar and learn how to step up your support game using a real-time communication platform to generate happier, more successful customers. In this live webinar, we will will discuss the importance of SalesIQ for your support team and how it can help you:  Understand your customers better and their journeys to proactively support and engage them even before they ask for help.  Integrating real time conversations into Zoho Desk’s Support, providing a conversational customer service

      • Customize Colors of your Customer Self Service Portal

        You asked for it. We heard you. We're happy to roll out the most sought after feature request, Customizing the Colors of your Customer Self-service Portal. Now you can set the color of your customer portal to mimic your company's web site, so that your customers visiting the portal will not feel alienated by the default theme.  Go ahead and configure the color of the header, tabs, fonts and background according to your needs. You can either choose between default color themes like Blue, Grey, Green

      • 2024 Email Authentication Standards: Elevating Security with Google and Yahoo

        In contemporary email communication, email authentication plays a pivotal role in mitigating email fraud, spam, and phishing attacks. Brace yourself for a new level of security. Starting February 2024, Gmail and Yahoo will be implementing robust email

        • Recent Topics

        • Marketing Tip #2: Recover lost sales with abandoned cart emails

          Did you know most online shoppers don’t complete checkout? Automated cart recovery emails are an easy way to bring them back. A simple reminder can recover sales you’d otherwise lose. Try this today: Enable abandoned cart emails in Zoho Commerce and set

        • Billing Management: #9 Usage Billing in IoTs

          We live in a world where connectivity has become a lifestyle rather than a luxury. From smart thermostats that adjust your home's temperature to GPS trackers monitoring end-to-end fleets and sensors that optimize energy grids, the Internet of Things has

        • {"code":1038,"message":"JSON is not well formed"}

          Today this began failing: sales_order_data = zoho.books.createRecord("salesorders",books_organization_ID,order_data); with this error message. {"code":1038,"message":"JSON is not well formed"} This code has been running for two years. Here is the input

        • How can I migrate Shared Mailbox from Zoho Mail to Team Inbox?

          I am unable to migrate mails from my shared mailbox in Zoho Mail to Team Inbox. I am the super admin of my Zoho One plan and yet I am getting an error saying only admins can do this? I don't understand the issue.

        • Remember all the ways we've posted?

          The world celebrates World Postal Day in 2025 with the theme “#PostForPeople: Local Service. Global Reach". The story of the “post” is a story of human connection itself, evolving from simple handwritten notes carried over long distances to instant digital

        • Add Support for Authenticator App MFA in Zoho Desk Help Center

          Hello Zoho Desk Team, We hope you are doing well. We would like to request an enhancement related to security for the Zoho Desk Help Center (customer portal). Currently, the Help Center supports MFA for portal users via SAML, JWT, SMS authentication,

        • Can no longer upload my own Notebook cover

          I've had Notebook for over a year and have been able to create my own notebook covers, but when I tried to upload my own cover for a new notebook today, the upload feature has suddenly been starred, requiring me to upgrade my account. When did this

        • Zoho Desk - Cannot Invite or Register New User

          Hi who may concern, we encountered a problem that we cannot invite user or the visitor cannot register for a user at all through our help center portal, with the snapshot shown as below and the attachement. It always pops up that "Sorry, Unable to process

        • Custom domain issue

          I recently changed records for my support area custom domain for a few months, I then wanted to come back to Zoho, but now I can't connect it and I can't login as it's having an SSL issue. I cannot get a good response from support, as I've been notified

        • How do you generate personalized certificates and save them in dynamic folders using Writer's mail merge?

          Zoho Writer's mail merge feature can help you enhance the certificate management process. It's a great way to save time and effort! Merge certificates and maintain a well-organised repository with personalised certificates stored in separate folders for

        • Zoho Editor

          Zoho PDf Editor is not working I am clicking on EDIT PDf then it again bringing me back to the same page. again and again.

        • The present is a "present"

          The conversation around mental health has been gaining attention in recent years. Even with this awareness, we often feel stuck; the relentless pace of modern life makes us too busy to pause, reflect, and recharge. In the world of customer support, this

        • Market cap

          Market cap formula?? Kaise nikale

        • Need Help to setup plugs along with codeless bot buidler. To send sms OTPs to users via Zoho Voice and to verify it

          Need Help to setup plugs along with codeless bot buidler. To send sms OTPs to users via Zoho Voice and to verify it. I get leads from our website and we need to make sure those are not junk. So we are using proactive chat bot and we need mobile OTPs to

        • Direct Integration Between Zoho Cliq Meetings and Google Calendar

          Dear Zoho Team, We’d like to submit the following feature request based on our current use case and the challenges we’re facing: 🎯 Feature Request: Enable meetings scheduled in Zoho Cliq to be automatically added to the host's Google Calendar, not just

        • Zoho sheet

          Unable to share zoho sheet with anyone on internet with editer option only view option is show

        • Mail and OS

          Jai Hind! Zoho is doing good by creating good software (made in india) on par with other tech giants. 🥰 Suggestion: 1. Whenever we sign up on zoho mail its asking for other mail id. It shouldn't be like that. You should ask general details of a user

        • Personal account created under org account

          Hi there, I am Jayesh. We are using ME Central, and we have an account by the email ID soc@kissht.com.. Now I have created a personal account., jayesh.auti@zohomail.in, accidentally. Can you help me to remove this jayesh.auti@zohomail.in from my organization

        • Add another account

          How to add another mail account to my zoho mail.

        • Recover deleted user

          Hi by mistake i have deleted an added user and his email associated. Please help me recover it thank you.

        • No connection to the server

          Hello! I can't add a new email address to my mailbox because your server is rejecting me. Please help. I took and added a screenshot of this problem Marek Olbrys

        • Emails missing from desktop but visible on phone

          Subject says it all. Windows 11 laptop. Apple phone. all systems up to date.

        • Website Hosting

          Hello, I want to host my domain on Hostinger, and I want my emails to run through Zoho Mail. Please provide me with the SPF record, MX record (Type: TXT), and A record, so that I don’t face any issues with my emails. My website is on Hostinger hosting,

        • Can not search zoho mail after update V.1.7.0

          i can not search mail on to and cc box from attached picture and then search contacts box can't click or use anything. include replay mail too.

        • How to retreive the "To be received" value of an Item displayed in Zoho inventory.

          Hi everyone, We have our own Deluge code to generate a PO according to taget quantity and box quantity, pretty usefull and powerful! However, we want to reduce our quantity to order according to "To be received" variable. Seems like this might not even

        • Kaizen #211 - Answering your Questions | Using Canvas and Widgets to Tailor CRM for Mobile

          Howdy, tech wizards! We are back with the final post in addressing the queries you shared for our 200th milestone. This week, we are focusing on a couple of queries on Zoho CRM mobile configurations and custom payment gateway integration. 1. Mobile SDK

        • Remove "Invalid entries found. Rectify and submit again" modal

          Following up on a post from a few years back, but can the Zoho team consider either removing the 'Invalid entries found. Rectify and submit again' modal that displays for empty mandatory fields OR allow an admin to change it? I've built a custom error

        • No Functional Autosave or Manual Save Button

          Application : Zoho Notebook So I wanted to try Zoho Notebook(On Ubuntu) as an application, I installed the application and went solving my LeetCode problems visually(Drawing mode), at one point the app just stopped saving anything... Every time I tried

        • Cadence reports as front-end reports

          Hello everyone, We have built a cadence which is connected to the Leads module. There are 11 steps in total, 7 are automatic emails and 4 are tasks for the Lead owners. As admins, we have access to this (very nicely made) 'View Reports' tab where we can

        • Show elapsed time on the thank-you page?

          Is it possible to display the total time a user spent filling out a Zoho Form on the thank-you? I’d like to show the difference between the `form submission timestamp` and the `start time` (currently have a hidden Date-Time field set to autofill the date

        • Email Integration - Zoho CRM - OAuth and IMAP

          Hello, We are attempting to integrate our Microsoft 365 email with Zoho CRM. We are using the documentation at Email Configuration for IMAP and POP3 (zoho.com) We use Microsoft 365 and per their recommendations (and requirements) for secure email we have

        • I need to do crud with snippet html

          I need to implement a form with an improved user interface. I would like to use snippets to build a CRUD that allows me to create and update records. How could I achieve this using snippets?

        • Allow Stripe Credit Card and Stripe ACH payment methods to be enabled separately on an invoice.

          I need to be able to pick at the invoice level whether Stripe Credit Card and/or Stripe ACH payment methods are available. Currently, I'm not able to select from the two Stripe payment methods individually on an invoice. However, there are some larger

        • Resume Harvester: New Enhancements for Faster Sourcing

          We’re excited to share a set of enhancements to Resume Harvester that make sourcing faster and more flexible. These updates help you cut down on repetitive steps, manage auto searches more efficiently, and review candidate profiles with ease. Why we built

        • Incorrect “correct” password on email client apple mail

          I have troubleshot this account several times. I have deleted and re added account. It keeps saying incorrect password. Can you check that it is not locked on your end?

        • Is it possible to lock editing subform rows?

          Ideally editing would only be locked after the form has been updated but I still want them to be able to add new subform records at any time and they should be able to delete rows from the subform. It is a named subform if that's relevant however the

        • "Spreadsheet Mode" for Fast Bulk Edits

          One of the challenges with using Zoho Inventory is when bulk edits need to be done via the UI, and each value that needs to be changed is different. A very common use case here is price changes. Often, a price increase will need to be implemented, and

        • What is the maximum file size of a video upload in Zoho chat?

          Can I upload a 20 mb video file and share it with my colleagues? 

        • Update a field in ALL all calls under a contact

          HI guys! I have written some deluge code to update a field in my calls after i have comepleted the call, i need this field to update in all my scheduled calls as well that are comeing up. I just cant seem to get it to work, i have put teh code below,

        • In place field editing for candidates

          Wondering about any insight/best practices for efficiently updating candidate records while reviewing them in a Job Opening pipeline. We can do in-field editing (e.g. update job title or City) only when we have the full candidate record open, however

        • Next Page