Tuesday, January 30, 2024

Is your email system ready to keep delivering email as the spam wars escalate?

Google's new restrictions on the email they will accept starting February 1st 2024 are just good practices we should be following.  But what are they really, and how can we make sure they are in place?

This applies to any sending email system, whether on your own servers, or hosted in the cloud such as with Microsoft or Google, to be successfully delivered. 

The pieces have all been here for a while as good optional settings, but now Google is just the first enforcing them:

  1. The IP address of the server(s) your mail comes from must-have a reverse lookup.  PTR
  2. The server must have a functioning encryption running.  STARTTLS
  3. You must have published where your domain's mail is coming from.  SPF
  4. Your server has to sign the message (like a wax seal).  DKIM
  5. You have to publish your domain's alignment rules for #3 & #4, and where to send reports. DMARC
#3 & #4 are either/or for low volume senders, but both must be there for high volume senders.
#5 is mandatory for large volume senders.

It is a good idea to get all of them working, as inevitably, we will need to have this for all systems. #5 is the part that ties SPF and DKIM together to close the loop holes the spammers found in them. 

How to check:

Much of this is checked in DNS, checking the header/source of an email from the system, and talking directly to your mail server from another "mail server".  

  • You can see if your system is good to go, or if you have problems by sending an email to a Gmail account you can log into. For each message in Gmail, you can check much of the status of a message that was sent to you, as to how the sending system was working or not at the new levels, at the time the message was sent.
  • in Gmail, open the message,  then from the message 'more' stacked dots, select "<> Show original
  • This view will show any results for any SPF, DKIM, or DMARC settings that are in place. If doesn't show, then that protection level doesn't yet exist for that internet domain or mailserver (i.e. it needs to be added).
  • To check if it was encrypted, Ctl-F(search) for TLS, and there should be at least one (such as TLS1_3 or TLS1_2) for the connection from the sending server to Gmail's first server in.   


Google is just the first, Yahoo! and AOL have committed to doing the same thing very soon, and Microsoft won't be far behind (looks like they may just be letting the others take the heat for being more secure)

These are also all good things to check and filter at your inbound / receiving mail systems.


Would you like someone from outside your organization to validate how ready your organization is for these upcoming changes. Konecny Consulting for $99CDN + HST (payment via credit card) will do this checking for you. To engage with us please complete the contact form and we will get back to you. This offer is available to organizations within North America.



No comments:

Post a Comment