Free email hosting providers now require a DMARC policy

Do you frequently email individuals with @gmail.com, @googlemail.com, @yahoo.com, @ymail.com, @hotmail.com, @outlook.com, or @live.com addresses?

Government institutions, including schools, counties, cities and other municipal services (like EMS) do, not to mention Business-to-Consumer (B2C) organizations who sell directly to end users, and all of them are impacted by these rules.

Back in 2023 and continuing into 2024, free email hosting providers have all announced and begun implementation of DMARC-required policies. 2025 and beyond portends further tightening of the policies to mitigate spam and phishing even more.

New Email Sending Requirements: What You Need to Know

In order to create a safer email ecosystem, major email service providers like Microsoft, Google, and Yahoo have introduced new, wide-ranging requirements for all senders. These changes help combat phishing, spoofing, and other fraudulent activities from bad actors. 

Affected Senders

All email senders must follow basic requirements, and bulk senders are required to adhere to additional, stricter guidelines.

Bulk senders are generally classified as those who send 5,000+ messages to personal email accounts within a 24-hour period. Personal email accounts are accounts with domains provided by free email service providers (gmail.com, yahoo.com, etc.). 

Not a bulk sender? It’s still strongly recommended to comply with all new sending requirements. Full compliance for everyone will likely be required in the future; preparing now helps avoid operational disruption later.

Want to ensure that a domain’s emails are delivered reliably and securely to recipients? Read on to learn about these changes.

Common Myths about the New Email Sending Requirements

There is an enormous quantity of misinformation about the policies being laid out, resulting in lots of organizations believing that the changes do not apply to them.

Don’t be fooled: review the common tales that are propagated online about what applies and to whom for to obtain a clear-eyed view here.

The Impact of Non-Compliance

What happens when an organization fails to comply with the new sending guidelines? Major providers may limit sending rates, reject messages entirely, or flag messages as spam. 

For organizations that rely on email to communicate, this can become disastrous. Marketing campaign ROI can plummet, along with significant damage to sender reputation and email deliverability for the future. Organizations will no longer be able to reach customers or members when needed. 

These consequences can affect every organization, but particularly those that rely on communication direct to the customers or citizens they impact. 

  • B2C Organizations: Disrupt marketing campaigns, onboarding flows, product update announcements, and customer engagement rates. Without the ability to effectively reach customers, key initiatives come crashing to a halt. 

  • Educational Institutions: Lose the ability to communicate with students, parents, faculty, and staff. Email disruption can affect newsletters, course updates, administrative alerts, and other critical communications. 

  • Government Agencies: Compromise the delivery of public health alerts, policy updates, service notifications, and the ability to reach citizens during emergency situations. 

All Senders

SPF & DKIM Authentication/Alignment

Implement SPF & DKIM to authenticate emails and prevent spoofing. 

  • Ensure that the Sending IP is listed in the SPF record of the domain for the RFC5321.MailFrom address.

  • Senders must add a digital signature to the outgoing message, ensuring that the content of the message was not modified in transit.

Low Spam Rates

  • Maintain spam rates below 0.3%; ideally below 0.1%.

  • To avoid a rising spam rate, organizations should send only to recipients who have agreed to receive communications.

Valid DNS PTR Records

  • Ensure valid forward and reverse DNS PTR records for a domain’s sending IPs. 

Adhere to RFC 5321 & 5322 Standards

  • Adhere to guidelines for header fields, message body, originator fields, and more.

  • RFC5321: Defines the SMTP mechanisms and best practices for email transmission.

  • RFC5322: Defines guidelines for message formatting, including header fields, message body, originator fields, and more. 

Additional Requirements for Bulk Senders

Domains classified as bulk senders are required to meet additional, stricter requirements. 

DMARC Email Authentication 

Establish a DMARC authentication protocol that provides domain-level protection and establishes protocols to handle emails that fail authentication. Enforcement policies must be at least P=none, which monitors email activity without taking action. 

Easy Unsubscribe

Unsubscribe links must be clearly visible within the email and streamlined so that a recipient can successfully unsubscribe within one click. Upon unsubscribing, recipients must be removed from the sender mailing list within two days. 

No Domain Impersonation

  • Avoid domain impersonation in the From: headers, including not using misleading or fake domains to deceive recipients. 

Forwarding Service

  • Senders who manage forwarding services must add Authenticated Received Chain (ARC) headers to outgoing mail. These indicate that the message was forwarded and identifies the forwarding party. 

TLS Connection

  • Use a Transport Layer Security (TLS) secured connection to transmit email and ensure secure communication.