Changes to Google, Yahoo, and Microsoft’s email authentication requirements

What the new email sender requirements mean for you and how you can prepare

Google, Yahoo, and Microsoft recently announced they're implementing new email authentication requirements for all email senders to improve deliverability and prevent spam. These changes are being made in a continuing effort to protect their users against fraudulent messages, such as scams and phishing attempts, and will prevent any emails sent from unauthenticated email addresses from reaching the recipient’s inbox.
 

• What are your options?
• Frequently asked questions

Learn more: For more information, check out our blogs on how to prepare for the changes from Google, Yahoo, and Microsoft.

What are your options?

Rest assured, Constant Contact is here to help ensure you’re covered and ready for these changes. To better understand your next steps, let’s focus on what you’re already doing:
 

• I have my own domain and have already set up self-authentication for my emails  

  If you’ve already self-authenticated your emails, you’ll need to make sure you also publish a DMARC policy record for your sending domain in your DNS settings. Setting up a DMARC record helps improve email deliverability and security by preventing email spoofing and phishing attacks. If you need help publishing your DMARC policy, your IT department or webmaster can assist you.
   
  
   

• I have my own domain and use it as my “From” address, but have not self-authenticated my emails

  If you own your sending domain, but have not enabled self-authentication, you're now required to self-authenticate using CNAME or TXT records within Constant Contact if you want to continue sending from your domain. In addition to self-authentication, you must also publish a DMARC policy record for your sending domain. Authenticating your emails will make you look more professional and strengthen your brand reputation. 
   
  
   

• I am sending from a freemail domain, such as @gmail.com or @yahoo.com 

  If you own a custom domain for your website, but don’t have a matching email address setup with it, now's the time to do that! Sending from your own domain gives you brand recognition and helps make your emails look more professional. Don’t have a domain of your own? No worries. When these changes go into effect, we'll be automatically rewriting your “From” email address with our shared ccsend.com domain to make sure your messages stay in compliance with the new requirements and continue to get delivered to your contacts. 
   
  
   

• I set up legacy authentication a long time ago (companyname.ccsend.com)

  Good news, if you still don’t have your own domain to send from, we’ve got you covered.  Be on the lookout for some messaging in your account to confirm the information we have for you. Alternatively, if you’ve obtained your own domain since you first started with us, it’s best to set up self-authentication with your domain.

Embracing these changes and adapting to the new standards will improve everyone's email experience. When you’re ready to tackle the new email sender changes, we’re ready to help!
 

Frequently asked questions

Who do these changes impact?

These changes impact all bulk email senders, regardless of industry, business type, or location. It’s not limited to just Constant Contact customers. 
 

Will these changes affect my deliverability or the likelihood of my emails going to junk/spam?

With these changes, Google, Yahoo, Microsoft, and many other receiving mailbox providers will treat unauthenticated email suspiciously. But don’t worry! At Constant Contact, we believe that no email should leave our system if it doesn’t meet the authentication requirements. If you don't have your own domain to authenticate with, or just haven’t had time to get it done, we'll be rewriting your “From” email address to a shared domain that we can authenticate for you to help keep your emails from landing in the junk folder.   
 

How do I check if I already meet the new requirements?

If you've already self-authenticated and published a DMARC policy for your domain, you’ll see your domain marked as "Authenticated" on the Account emails tab in your account settings. You can also check if you have a DMARC record using this lookup tool.
 

What if I don’t take any action?

Keep calm and email on. If you don’t take action, we’ll automatically rewrite your “From” email address with our shared ccsend.com domain, which meets the DKIM and DMARC authentication requirements. For example: <carlscoffee@gmail.com> will become <carlscoffee-gmail.com@shared1.ccsend.com>. That being said, sending from your own domain and setting up self-authentication is an industry best practice and helps build your brand’s sending reputation. 
 

Is there a cost for setting up self-authentication?

No, there's no cost to set up self-authentication within Constant Contact. However, keep in mind that any services performed outside of your account with a professional or domain provider could have a fee.
 

I want to set up my own domain. How do I do that?

Constant Contact doesn't offer domain hosting services, but you can purchase a custom domain from web hosting sites like bluehost.com or hostgator.com, or from domain hosting sites like domain.com or bigrock.com.
 

I don’t use Gmail, Yahoo, or Microsoft for my email addresses. I already use my own domain for sending. How does this impact me?

If you send from your own domain, you’ll want to make sure you set up self-authentication within Constant Contact and publish a DMARC policy in your DNS records to continue sending from your domain. 

No matter what domain you send your emails from—whether it’s your own domain that you self-authenticate or our shared ccsend.com domain—authentication will be required for Google, Yahoo, and Microsoft to deliver your email to their users’ inboxes. 
 

My domain is used across multiple Constant Contact accounts. Do I need to set up self-authentication for each account? 

Yes, you'll need to set up self-authentication using a TXT record and add the record to your DNS settings for each Constant Contact account. You can’t self-authenticate using CNAME records if the same domain is used in multiple accounts.
 

What if I use multiple “From” email addresses with different domains?

At this time, you can only authenticate one domain in an account to use for your “From” addresses. If you need to email from multiple entities, we recommend setting up a separate Constant Contact account for each to make sure there are no issues with unsubscribes, since your email footer defaults to one entity.
 

Are other email clients besides Gmail, Yahoo, and Microsoft impacted by this?

While these requirements are mainly being publicized by Google, Yahoo, and Microsoft, we’ve seen an increasing number of ISPs and mailbox providers start to impose stronger authentication requirements on inbound mail. We expect that all email clients will soon enforce these stronger requirements.
 

How does this affect my contacts? 

This should not affect your contacts, aside from helping to prevent them from receiving spam. 
If your “From” email address will be rewritten with our shared ccsend.com domain, you may want to give your contacts a heads-up ahead of time so they know your emails will be coming from a different address going forward.

Will I still receive replies from my contacts?

Your “Reply-to” email addresses will not be impacted, and you will continue to receive replies from your contacts.

Note: In some cases, if a contact has an auto-reply/vacation message set, it's sent to your "From" email address instead of your "Reply-to" email address. Unfortunately, Constant Contact can't control where these auto-reply messages are sent, as it's entirely dependent on the recipient's email provider. If you want to ensure you receive these auto-replies, use an authenticated custom domain for your "From" address instead of a freemail or unauthenticated domain, which get rewritten upon send with our ccsend.com domain and do not tie to an actual email inbox.

Do I need to do anything different with my email campaigns?

No, there’s nothing different you need to do when sending your emails. The only change will be that you'll only be able to send from email addresses at your authenticated domain, whether that’s your custom domain or your customized subdomain with our ccsend.com domain.
 

Will this affect my email reporting?

Our research has shown that properly authenticated email tends to get better open and click rates. 
 

Where is the easy unsubscribe option located?

There's nothing you need to do to set up easy unsubscribe for the new requirements. Constant Contact already adds the correct header for this requirement, and once your email is properly authenticated, Google, Yahoo will display an “unsubscribe” link at the top of the messages for their users.
 

What is the difference between a DMARC policy and a DMARC record?

These terms are used interchangeably, but essentially, a DMARC record is the information you need to add to your DNS records to implement a DMARC policy for your domain. A DMARC policy is the statement you make in your DMARC record telling receivers what to do with email that fails a DMARC check. For more information, take a look at this article explaining what a DMARC policy is.

 

Still have questions? Check out the recording of our recent Community Town Hall for what you need to know about the new requirements!

Questions?