Important Email Update – Starting February 1, 2024! Google and Yahoo! are making big changes. From February 1, 2024, if you send a lot of emails, you must use your own website’s address (domain) and prove that the emails are really from you (self-authentication). This is to stop spam and fake emails. Make sure to use your website’s address in your emails to keep them reaching your audience!
Understanding Email Authentication
Ensure emails are legitimate. The current standard is DKIM (Domain Keys Identified Mail), using cryptographic signatures to sign messages. To validate the “From” address, mailbox providers emphasize domain validation, leading to Self-Authentication. Importantly, this can’t be done with free domains like gmail.com.
- DKIM (Domain Keys Identified Mail): DKIM is an email security standard designed to verify messages aren’t altered in transit. A pair of public and private cryptographic keys are generated, with the public key stored in the DNS record for the domain. The private key encodes parts of the email, creating a hash string. The ISP uses the public key to decrypt the hash string, ensuring the email wasn’t altered.
- SPF (Sender Policy Framework): SPF allows a domain to state which IP addresses (email servers) are allowed to send email on its behalf. The ISP checks the IP address against the list of legitimate addresses for the domain, blocking unrecognized servers.
- DMARC (Domain-Based Message Authentication, Reporting & Conformance): DMARC is a policy statement made by a domain owner about how email from their domain should look. A DMARC check ensures the DKIM signature aligns with the “From” address domain, providing control over what happens to an email if it fails an alignment check.
The Impact of Email Authentication
Boost security and brand reputation. By sending emails from your domain and using DKIM, establish professionalism. Enhance deliverability, potentially increasing opens and clicks by 10-20%.
Taking the Initial Step
Boost security and brand reputation through Self-Authentication. Begin by identifying where your domain is hosted:
- Identify the person who set up your website or bought your domain.
- If you used a large registrar like GoDaddy, your records are likely hosted there.
- Check bills for domain hosting information.
- Use online tools to find your domain’s DNS hosting provider.
- Log in to your DNS host, add new CNAME records. This process enhances email security and builds a positive brand image.
How do I Self-Authenticate in Constant Contact?
In order to self-authenticate, you’ll need to be able to access the DNS records for your domain, usually through your hosting provider. Not sure where your DNS records are hosted? You can do a lookup with this tool.
You have two options for the type of record you can add:
- CNAME records – This is the simplest and most secure way to authenticate your domain email address.
- TXT record – This is the best option if you have multiple Constant Contact accounts using the same domain.
Constant Contact generates the CNAME or TXT record information, as well as the DMARC policy information, you’ll need to publish in your domain’s DNS settings, which can be done by your IT department or webmaster if you have one, or with the help of your hosting provider. Once your DNS records are updated, it can take anywhere from a couple of hours to a couple of days for the newly published authentication records to propagate through the internet.
Self-authenticate using CNAME records
Self-authenticating using CNAME records is the simplest and most secure way to authenticate your domain email address.
Note: You can only authenticate one domain in your account.
- Click the profile name in the upper-right and select Account settings.
- Click the Advanced settings tab.
- Click Add self-authentication.
- Select “Self-authenticate using DKIM CNAME records.”
- Click Continue.
- From the drop-down, select the domain you want to use for email authentication. If the custom domain you want to use isn’t listed, choose “Select another domain” from the drop-down to add and verify a new email address.
- Click Continue
- Copy the CNAME and DMARC record names and values to update your DNS records through your hosting provider. Your IT department or Mail administrator can do this, if you have one. Click Copy information to easily share the information with them.
- Once you’re done, click OK.
- Click Got it. Once you add the CNAME and DMARC records to your DNS settings, it can take up to 48 hours to fully propagate. Don’t worry, you’ll still be able to send emails while you wait for your DNS records to update.
- Click OKto return to your account.
- About 24-48 hours after you’ve pasted the CNAME and DMARC records into your DNS settings, click Check status or Manage to finish activating your self-authentication.
- If ready, click Activate. If you’re receiving an error message and unable to activate, learn more about troubleshooting self-authentication using CNAME.
Self-authenticate using a TXT record
When you self-authenticate using a TXT record, Constant Contact generates a public/private DKIM key pair for you. We use the private key to sign your outgoing emails, while you publish the public key in the DNS records for your domain. This option is best if you have multiple Constant Contact accounts using the same domain.
Note: You can only authenticate one domain in each Constant Contact account.
- Click the profile name in the upper-right and select Account settings.
- Click the Advanced settings tab.
- Click Add self-authentication.
- Select “Self-authenticate using DKIM TXT record.”
- Click Continue.
- From the drop-down, select the domain you want to use for email authentication. If the custom domain you want to use isn’t listed, choose “Select another domain” from the drop-down to add and verify a new email address.
- Click Continue.
- Click Generate key.
- Click the copy symbols to easily copy the TXT and DMARC host names and records. Click Copy information to easily share it with your domain administrator, hosting provider, ISP, or Constant Contact re-seller to update the authentication records in your domain’s DNS entry. They’ll need to create a DNS TXT record, using the Hostname as the name of the TXT record and the TXT Record as the content of the TXT record.
- Once you’re done, click Ok.
Note: If you send email from multiple locations, such as Constant Contact, Google apps, and a CRM tool, each location signs with a different private DKIM key. You will have multiple public keys on your DNS to correspond to the private keys. DKIM keys are differentiated by the selector – in the above example, the selector is 10008432. Constant Contact uses numbers for the selector, but that’s not always the case. For example, Google uses letters for the selector instead.
Test your email authentication records
It’s a good idea to test your authentication before you send out an email, because it may take anywhere from a couple of hours to a couple of days for the newly published authentication records to propagate through the internet.
To test the new settings:
- In Constant Contact, copy one of your recent emails to use as a test campaign.
- Create a new contact list called TestAuthentication, and add one (or several) of your own private email addresses to that list.
- Send your test email to the TestAuthentication list, making sure that the “From” address you set in the email header has the same domain as the one where you published your authentication records.
- Check the email to see if it was sent successfully.
Once you have a successful test send, you can start sending emails that help build your reputation. If your initial test fails due to having “no signature,” wait and try again later.
Update your authenticated domain
If you want to authenticate a different domain to use for your emails going forward, you’ll need to first remove your current self-authentication.
- Click the profile name in the upper-right and select Account settings.
- Click the Advanced settings tab.
- Click the Check status or Manage button.
- Click Remove self-authentication.
- Click Remove self-authenticationagain to confirm.
- You can now follow the steps above to self-authenticate your new domain using CNAME recordsor a TXT record.
As Google and Yahoo! prioritize domain validation, Self-Authentication is vital for securing emails and establishing a professional brand presence. Take control of email authentication today for a safer, more reputable digital communication experience. Contact IGV for any assistance you may need in authenticating your emails.