• A change to DKIM requirements looms

    Home » Forums » Newsletter and Homepage topics » A change to DKIM requirements looms

    Author
    Topic
    #2633013

    ISSUE 21.05.2 • 2024-01-31 By Susan Bradley Tomorrow, February 1, Google and Yahoo will implement a change to make email more secure and to eliminate
    [See the full post at: A change to DKIM requirements looms]

    Susan Bradley Patch Lady/Prudent patcher

    5 users thanked author for this post.
    Viewing 9 reply threads
    Author
    Replies
    • #2633019

      what is Microsoft doing in this area. Thank you for keeping us so well informed.

      Gerry

      1 user thanked author for this post.
    • #2633051

      Thank you Susan, for reminding us.

      I believe these new requirements actually affect all senders to Gmail and Yahoo accounts, not just bulk senders.

      And the new requirements can affect Gmail and Yahoo recipients also. If senders do not meet the requirements, email may not be delivered to the recipient or sent to spam folders.

      Here is a detailed Google Help article on what Google is requiring as of Feb 1, 2024. Note these are requirements for all email senders (organizations, individuals, mail services, etc.) who send to Gmail accounts. There are new requirements for all senders plus additional requirements for those who send more than 5,000 messages a day to Gmail accounts. The additional requirements probably affect you if you use a mail service like Constant Contact, Mailchimp, etc. to send bulk email. See https://support.google.com/mail/answer/81126.

      And here are the requirements for senders to Yahoo email accounts starting February, 2024: https://senders.yahooinc.com/best-practices/. Note there are requirements for ALL senders as well as bulk senders.

      4 users thanked author for this post.
    • #2633091

      This information needs to be made known more widely than only the AskWoody crowd. All the time I hear stories about bulk emails that people do not receive, so this is a pervasive issue. Maybe publish also as a PC World piece?

      I have taken the liberty of creating a two-page PDF to be forwarded on to at least one non-profit that experiences this issue, using a 3rd party provided for bulk email.

    • #2633092

      I wonder if this affects users whose email address is AT&T or an AT&T subsidiary, such as @bellsouth.net. This AT&T subsidiary contracts with Yahoo to provide the email service.

      I’ve lately been finding in my spam folder a number of emails from groups/persons who send the email to a whole lot of others. With this new policy, will marking the email as ‘Not spam’ keep future emails out of the spam folder?

    • #2633104

      For a while now I have been receiving four copies of the newsletter and four copies of alerts such as this one.  If I get a PM notice, it’s only a single copy.  The AskWoody bulk mailer is bulking me four copies of the same email.

      Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
      We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.
      We were all once "Average Users".

    • #2633103

      This change may affect users who have set email forwarding, e.g. from an alumni address at their former university, or from a former email address being forwarded to their current address. The simplest forwarders just send the message along. This means that the receiving MTA (Mail Transfer Agent) will get an email from a server that’s not listed in the From: domain’s SPF record. This will cause a failing SPF result. Forwarders can use a technique called SRS (Sender Rewriting Scheme) to avoid this problem. SRS is not always available. See https://en.wikipedia.org/wiki/Sender_Policy_Framework.

      1 user thanked author for this post.
    • #2633146

      My own experience tends to confirm Susan’s view that this change will probably not be a problem for those of us who do not send mass mailings, provided we have the right DMARC record. I have my own domain and always use a return address from that domain.

      If I send an email through my ISP (rarely) the ISP handles the DMARC record and I have no problems. Normally I send the email through the hosting company that handles my domain.  About a year ago, I had lots of bounces because of these issues. I corrected the DMARC record to ensure the SPF record is correct. The hosting company does not offer DKIM authentication, but that was not a problem because email hosts ask for authentication form only one of the two systems.

      I have been monitoring the DMARC reports ever since and they all come back with SPF OK and DKIM “fail”  but, most importantly, they all get delivered. That applies also to Google and Yahoo – no complaints from them. There have been one or two funky reports on emails to recipients that I think had bee onward forwarded automatically but, again, they all get delivered.

      So – so far so good, and long may it stay that way.

      Chris
      Win 10 Pro x64 Group A

      1 user thanked author for this post.
      • #2638974

        As an addendum, my hosting company has n ow added DKIM authorisation, so my emails all come up fully compliant. The only oddity is a few I sent to a financial institution, which I think is because they have an internal forwarding system. However, everything is delivered.

        Chris
        Win 10 Pro x64 Group A

    • #2633148

      OK, so the change to DKIM requirements is to use it. Also, I see from guest Mark’s links (yahoo and gmail) that at least gmail recommends a 2048 long key, but seems that 1024 is the requirement. Thanks for those links!

      Well, I’m glad they are recommending this; good to spell it out. Now, will I get shadow banned with a messed up DKIM. 😉 Nah. Per Susan’s suggestion, I checked my DKIM with MXToolbox and it’s all good. (fingers crossed)

      Win 11 Pro 23H2, Office 2024.
      Win 10 Pro 64-bit 22H2, Office 2019.
      Win 7 Pro 64-bit, Office 2010.
      Nethermost of the technically literate.

    • #2635448

      Looks like your efforts paid off. I’m using Gmail and gotten everything since the announcement.

    • #2692159

      This is late, but I think worth adding…

      Besides issues of bulk mail, I think this matter may also apply to mail that is generated by email-enabled applications. In particular cloud-based services that allow for generating email.

      Most of us have probably experienced something like not getting a notification from something like a doctor’s office (e.g., confirmation of appointment or billing notification), and where the standard (and often, too-glib) response is “if you didn’t get our stuff, check your spam folder”.

      In those kinds of applications, there’s usually a third-party email server that’s actually doing the mailing. The return address may show the true address of the sender, but if the sending server is operated by the cloud service and not the sender’s primary mail server, then the same issues with SPF and DKIM apply, of where it’s not evident that the message is authentic (DKIM signature) or being relayed through an approved server (SPF), and absent that information, mail servers such as Gmail or Yahoo have reason to handle as “possible junk” — not necessarily spam, but at least where there’s no verification that the message isn’t forged.

      In my opinion, if this kind of mail (non-bulk, but not sent through the sender’s primary mail server) then it means likely misconfiguration of the domain’s DNS records with proper SPF, DKIM and DMARC records. Ultimately, that’s the responsibility of whoever is responsible for maintaining DNS records.

      In the context of this discussion, if we’re seeing legitimate mail in Junk inboxes, there’s probably not a lot we can do (and complaining about “fix your DNS” probably isn’t very often possible), but for those of us that do interact with DNS, mail servers and application servers, it is a reminder that that information needs to be correctly defined, and kept updated, along with everything else that goes into a domain’s DNS settings.

    Viewing 9 reply threads
    Reply To: A change to DKIM requirements looms

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: