Manoj Sarma , Senior Director, Product Management November 16, 2023 Reading estimate: 4 minutes
Activate Email Domain Authentication To Build A Less Spammy World
Google and Yahoo Mail will require email domain authentication in place to accept emails beginning in February 2024. To prevent your emails from being rejected, add domain authentication this winter.
If you let this requirement slide, this could be detrimental to your business. Although it’s a change (no one likes change), it will ultimately help protect everyone else by helping to reduce the number of spam emails sent.
There has been a 61% increase in the number of spam and phishing emails sent across the internet, according to SlashNext research. A recent finding from Valimail identified that 1% of emails are spoofed. In light of this trend, many large companies have announced that they will no longer accept emails whose senders don’t have email domain authentication.
This blog post will walk you through the basics of email domain authentication and answer your questions about setup, risks, and deadlines.
Email domain authentication explained
Domain authentication allows the email sender to verify that they own or manage the domain that the email is being sent from and that the sender has permission to send an email from that domain (sending email and domain match). Simply said, this proves you own the domain or have authorization for the domain you are sending from. With domain authentication in place, it eliminates the risk of someone sending an email from a domain that is not theirs.
Domain authentication is generally completed by adding a few records to your Domain Name System, or DNS. These records are also known as DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF). Usually, when signing up with email providers, adding these records to your DNS system is the first step. Sometimes, if the records are absent when you send an email, it will display your email address followed by "sent via your email provider.”
Contact your IT department to confirm that they have email domain authentication in place, or use a domain-checker tool like Valimail.
Each email host has unique instructions for how to add the specific records, we recommend consulting with your provider's documentation or support team.
How a CMS Sends Email
WordPress and Drupal were created at a time when such applications were installed on general-purpose servers that could also send emails. As cloud computing has gotten increasingly specialized in the last two decades, it is no longer a safe assumption that the computer (or some abstraction thereof), running an application like a Content Management System, can send emails.
Sites running on Pantheon's containerized infrastructure will use our SMTP relays for sending regular emails like "forgot password" messages. However, the nature of containerization means that emails sent through this mechanism have a higher likelihood of getting flagged as spam or delivered slowly.
For more robust needs, like using WordPress or Drupal to generate marketing emails, it's always been a good idea to use a purpose-built third party for email delivery. Now it is more important than ever to do so.
We recommend that you integrate with a third-party email service, such as SendGrid or Gmail, to consolidate emails from a single source. Pantheon also has detailed instructions for how to set up the SMTP REST API with several email providers.
If you prefer to use the Pantheon SMTP relay
We recommend that you authenticate your domain with Pantheon's SMTP relays to prevent any email from being blocked. In the near future, we will reach out to customers currently using this service and provide instructions to add email domain authentication for your custom domains.
Will Pantheon continue to send my email if email domain authentication is not implemented?
Yes, Pantheon will continue to send your emails regardless of the email domain authentication status, although we cannot guarantee that the emails will be delivered after Gmail and Yahoo Mail have made their changes in February 2024. To ensure your emails are delivered, you must add email domain authentication for any custom domains you have added for your sites. If you are using a custom domain, the email will display as “your email via SendGrid.net” until you have added the email domain authentication.
How long do I have to make this change?
Gmail and Yahoo Mail have announced they will begin enforcing this change starting in February. No exact date has been provided. We recommend adding email domain authentication as soon as possible.
What other email providers does Pantheon recommend?
Pantheon provides instructions for using the SMTP Rest API to integrate with several email providers: Sendgrid, Mailgun, Mandril, Postmark, Sendinblue, and SparkPost.
If I don’t have a custom domain, how do I ensure that my emails will continue to be sent?
Pantheon will add email domain authentication to any Pantheon domain before the February timeline. For instance, if you use the “forgot password” functionality within WordPress or Drupal core on a Pantheon dev environment like dev-mysite.pantheonsite.io, Pantheon will add email domain authentication to remove the risk of the email being rejected by Gmail and Yahoo Mail after the February deadline.
Can I add email domain authentication to Pantheon’s Front-End Sites?
We will introduce this functionality as we prepare for the Front-End Sites General Availability. Please reach out to your Pantheon representative if you need this functionality within a Front-End Site now. We do not anticipate many Front-End Sites sending emails.
Pantheon Increases PHP Memory Limits for Performance and Elite Plans
Rachel Whitton, Developer Experience
Reading estimate: 2 minutes
Pantheon Includes Object Cache Pro for Painless Improved Performance
Reading estimate: 3 minutes
PHP 8.2.9 Security Release Demonstrates Pantheon’s Commitment to Protecting your Sites
Reading estimate: 3 minutes