Given the increasing frequency of cyber attacks, email security is now, more than ever before, an absolute priority. Of the threats that cybersecurity systems are required to neutralize, spoofing is particularly insidious.
A spoofing attack falsifies the identities of legitimate users and uses them to send fraudulent messages.
The aim is to appear a trusted user so as to access the victim’s confidential information and sensitive data, distribute malware and defraud them financially.
Spoofing compromises security and trust in the digital environment by attacking personal and corporate communications.
In order to deal with the challenge of spoofing attacks, Gmail, Yahoo and other email service providers have introduced new requisites for email senders, with the aim of improving the security of their digital communications.
What are the new requisites for email senders?
According to a study based on the Accenture Cyber Resilience Report, cyber attacks are ever more sophisticated, accounting for 88% of all data violations in the third quarter of 2022.
Email attacks were the primary attack vector for the fifteenth quarter in a row. Out of 1,595 violations, 461 (22% of the total) were caused by email exploits like spoofing.
In order to combat spoofing and improve the security of digital communications, Gmail, Yahoo and other email service providers have introduced new requisites for email senders.
These requisites, in force since February 2024, are:
- SPF and DKIM email authentication of the domain
- Sender domains or IPs must have valid forward and reverse DNS records (also known as PTR records)
- The incidence of spam reported by Postmaster Tools must be below 0.3%
- Messages must be formatted using the Internet Message Format standard (RFC 5322)
- Impersonating Gmail “from” headers is prohibited (no sending from “example@gmail.com”)
- ARC headers are required for outgoing email if the emails are regularly forwarded (including mailing lists and incoming gateways)
- DMARC email authentication of the sender domain
- The domain in the sender’s “from” header must correspond to the SPF or DKIM domain
- Option for one-click unsubscribe, with link to the unsubscribe option clearly visible in the body of the message
- TLS connection for transmitting email.
Of the above, three requisites are of particular relevance:
- DMARC criterion enabled: this is an email authentication standard that detects and prevents email spoofing, thus protecting sender domains against fraudulent use.
- Implementation of email authentication protocols (SPF and DKIM): these are security protocols that prevent authors of threats from sending emails from legitimate domains that are trusted by their recipients.
- One-click unsubscribe: this simplifies the unsubscribe process and improves the user experience, as well as reducing the risk of erroneously marking email as spam.
- Non-compliance and its negative consequences for business.
The adoption of these new requisites is essential to ensuring compliance and protecting digital communications against cyber attacks.
For senders who send more than 5000 messages a day, and who rely on email for their client communications, compliance is a particularly critical concern in avoiding negative consequences for their business.
Neglecting or delaying implementation of the requisites may result in significant criticalities: thousands of emails may not be delivered as required, or may be marked as spam by Gmail, Yahoo and Apple accounts.
For many organizations, this would compromise the effectiveness of their marketing and communications campaigns; it would damage their reputations and undermine their customer loyalty, and potentially incur long term financial repercussions.
Doxee Platform®: the solution for guaranteed compliance and security
Doxee offers an immediate, complete response to the above concerns. Since it is equipped with all the configurations required to satisfy email authentication requisites, including SPF, DKIM and DMARC, Doxee Platform® simplifies email management and guarantees compliance without compromising the effectiveness of business communications. Doxee is the ideal solution for companies wanting to manage their email security in-house, protecting their digital communications and making them more reliable.