If you use an online email marketing service such as MailChimp, iContact or Constant Contact and are sending from a web-hosted email address (such as from Google, Yahoo or Hotmail), you may soon notice a significant increase in bounced emails. This is due to a new Domain-based Message Authentication, Reporting and Conformance or “DMARC” authentication policy these mail receivers have implemented.
Additionally, if your website allows users to “email this to a friend,” those emails may also bounce as well.
An article from Yahoo reads “All DMARC compliant mail receivers are now bouncing emails sent as “@yahoo.com” addresses that aren’t sent through Yahoo servers. Any messages without a proper Domain Keys Identified Mail (DKIM) signature or Sender Policy Framework (SPF) alignment will be rejected.”
What Exactly Does This Mean?
Oftentimes, when spam or phishing emails are sent, they appear to be from one email address, but a closer look at the email header shows it was actually sent from another email address. That means the email address DKIM signatures or SPF alignment don’t match. When they don’t match, this sends out a red flag to the recipient’s mail host that it may not be legitimate and there’s a good chance the email could be marked as spam or bounced, preventing the message from being received.
If an email appears to be from a web-based email address but is not sent through their server, the email will be bounced.
- If email marketing is sent from a web-based email client (i.e. Gmail, Hotmail, Yahoo), it may be marked as fraudulent and not be delivered
- If a website has an “email this to a friend” option, those emails may bounce
How Is This Affected by Online Email Marketing Services?
When an email message is sent through an email marketing service, the service inserts its own authentication in the header. So while the email address may be perfectly legitimate, its DKIM signatures or SPF alignment don’t match up, making the email appear to be spam or fraudulent.
Why Is This Happening?
It’s extremely easy to sign up for a web-hosted email address, so if someone is looking to send spam or phishing emails, they could simply sign up for a new email address and send out fraudulent emails until their account was shut down by the host. They could then just create news accounts to continue sending fraudulent emails.
Since the emails came through the web-hosted email servers, it became pretty easy to block such accounts to prevent them from spamming. So spammers found a way around that by using online email marketing services to continue sending the emails without getting blocked by the email host. The email marketing services would put their own authentication in the header so it didn’t appear the email was coming from the email host, but rather another source.
This is a step by email providers to protect its users and prevent their domains from being used to send spam.
How Can I Get Around This?
- Don’t use web-based email for marketing. The simplest way to get around this is to not send from a Gmail, Hotmail or Yahoo email address since these are the kinds of sites blocking these kinds of emails. Instead, the best option would be to use an email address from your company’s own domain (i.e. firstname.lastname@example.org).
- Authenticate email with a domain key. Users can add a digital signature that is embedded in the email header so emails can be authenticated.
- Keep sending consistent. When sending marketing emails, to improve your chances of delivery, be sure to send from the same email and IP addresses.
- Sign messages with a DKIM to validate your domain name.
- Create an SPF for your domain to confirm email validity.
- Publish a DMARC policy to authenticate emails and prevent them from being marked as spam.
While this may be a hassle for those trying to send legitimate email marketing messages, it’s ultimately a good thing because email providers are taking big steps to protect consumers. The biggest drawback is that those who are attempting to get around these precautions can often quickly find ways to trick the system, so the email providers are always having to catch up to fight fraud.