Google, Yahoo and Apple recently announced a joint effort to reduce the number of unwanted emails received by users. Beginning in February 2024, they will start enforcing strict requirements on mail from high-volume senders.
Who is impacted?
If you are responsible for an application, website or service that sends emails from a UW–Madison domain, you should read on; you may need to take action. If you’re sending exclusively from UW–Madison Microsoft 365, Eloqua or Google Groups, your emails already meet the new email authenticity requirements and you do not need to take action.
What is changing?
Starting in 2024, Google, Yahoo and Apple will require all senders to follow email authentication best practices which include publishing SPF or DKIM records, as well as DMARC policies for all domains. Senders must have valid forward and reverse DNS records published for their mail servers and use a TLS connection for transmitting mail. Google, Yahoo and Apple also track user-reported spam rates for mail received from our domains. That rate must be below 0.3%.
High-volume senders will be subject to even stricter requirements related to email authentication. Additionally, marketing email and newsletters will need to offer recipients the option to unsubscribe from future emails through one-click unsubscribe implemented according to RFC 8058. Senders who don’t comply with the new requirements will be subject to message rate limiting and blocked messages, or the messages will be marked as spam.
While these changes are intended to target spam and unwanted marketing mail, UW–Madison falls into the category of a high-volume sender and we expect these rules will apply to us. We also anticipate Microsoft and other large email providers will make similar announcements within the next year.
What should you do?
Catalog what services you or your group use to send email. If you are sending mail using servers or services other than UW–Madison Office 365, Google Groups or Eloqua, then you should review our email authenticity website and consider requesting an email authenticity consultation.
We are in the process of identifying external services sending as our domains. In the coming months, we will work with service owners to address any gaps in best practices for sending emails.
More information
Note: What is a Request for Comment (RFC)? It is a formal document from the Internet Engineering Task Force (IETF) that contains specifications about internet, networking and computer topics.