Back in April, without fanfare, and over a weekend Yahoo! implemented rigid new authentication standards for emails that use a yahoo.com From: address. For some time, spammers had been sending emails pretending to come from yahoo.com email addresses. To combat this, and preserve the shining integrity of their mail system, Yahoo! now requires that they authenticate all emails claiming to be from a yahoo.com address. Yahoo!’s new email authentication process might look something like this: Carl Johnson is the owner and marketing guy at Widget Corp, a perfectly legitimate company. He sends bulk marketing email to a perfectly legitimate mailing list. He uses a MailChimp, a Email Service Provider (ESP) , to send his marketing mail with his email, and has set [email protected] as his return address. When the email arrives at his destination addresses, each mail server pings Yahoo! (the alleged sender of the email) and says, “Hey! Did [email protected] send this email to me?”, to which Yahoo! will respond, “Heck no… You should reject that email!”. And, bang! Your mail gets rejected. Your delivery rate goes down, your SPAM report rate might go up, and your conversion rate suffers. You can be sure that AOL (since early May 2014) has hopped on the Yahoo! authentication bandwagon, and that most free email providers and major ISPs are sure to follow. What does this mean for you? Do you send your bulk marketing email with a From: address at your own domain name, like [email protected]? Skip ahead to the Next Steps section. But, if you send bulk marketing mail and your From: address is an account at a free email provider like Gmail, Hotmail, Yahoo, AOL, etc., or from a major ISP, it’s time to stop. Technically, you’re spoofing the address you’re using. Your email will increasingly be bounced. This same “sending on behalf of someone” rule applies to other tools such as many forward-to-a-friend and sharing systems. You can no longer send on behalf of Yahoo or AOL users and the new normal is that you won’t be able to send on behalf of anyone else, either. Get yourself a domain name and start sending emails From: that new domain.

What do I do?

We would recommend that Carl start by purchasing widgetcorp.com and setting up an email address such as [email protected]. Once he completes this, Carl can simply update the From: address in the control panel at his ESP (email service provider). Yahoo! authentication problem solved.

Next Steps

What now? Well, you’re done. That’s it. If Google Apps handles your email, or if you’d like to add some deliverability insurance, it’s time to get down and dirty with your DNS records. You’ll need to add SPF and DKIM records to your domain. This will tell Google-fronting-as-your-email-domain to say, “Yes! I did send that email from [email protected]”.  And if you host your own email, it will give your messages a better chance of arriving in the recipient’s inbox.  It’s worth noting that you cannot change the SPF & DKIM records for Gmail, Hotmail, Yahoo! or any other free webmail accounts. SPF is a sender policy framework: in short, a list of all servers authorized to send email on behalf of your domain name. DKIM stands for DomainKeys Identified Mail and is a fancy way to associate an email message with the domain name it it claims to have originated from. Think of DKIM as a digital signature that the receiving server can check against a signature-card stored in your DNS records. This not only increases the deliverability of your emails, you’ll also reduce or eliminate any emails that might be spoofing your From: address. The details of setting up SPF and DKIM records can be found over at Tech Republic.  If you were completely confused by the article that hypertext links to or if you didn’t even venture to click it, don’t worry.  We’re on top if it.  Reach out to LocalFresh, and we can help you with purchasing a domain and setting up Google Apps, or simply managing  your SPF and DKIM records. In the end, we’re going to see the entire email ecosystem shift to a mandatory authentication model where servers will reject, or at least mark as bulk, any emails that do not authenticate. In 2013, 90 percent of non-spam email sent to Gmail was authenticated. Just one year after the release of the protocol that created email authentication, more than 60 percent of email inboxes have implemented the feature. Those large numbers make it possible for folks like AOL and Yahoo! get on board with authentication.  Authentication is a reality, and if you don’t get on board too, your bulk mail campaigns will face the consequences. In February of this year, Microsoft tweeted the following: https://twitter.com/MAAWG/status/436296923792678913