Activate Email Domain Authentication To Build A Less Spammy World

Google and Yahoo Mail will require email domain authentication in place to accept emails beginning in February 2024. To prevent your emails from being rejected, add domain authentication this winter.

If you let this requirement slide, this could be detrimental to your business. Although it’s a change (no one likes change), it will ultimately help protect everyone else by helping to reduce the number of spam emails sent.

There has been a 61% increase in the number of spam and phishing emails sent across the internet, according to SlashNext research. A recent finding from Valimail identified that 1% of emails are spoofed.  In light of this trend, many large companies have announced that they will no longer accept emails whose senders don’t have email domain authentication.

This blog post will walk you through the basics of email domain authentication and answer your questions about setup, risks, and deadlines.

Email domain authentication explained

Domain authentication allows the email sender to verify that they own or manage the domain that the email is being sent from and that the sender has permission to send an email from that domain (sending email and domain match). Simply said, this proves you own the domain or have authorization for the domain you are sending from. With domain authentication in place, it eliminates the risk of someone sending an email from a domain that is not theirs.

Domain authentication is generally completed by adding a few records to your Domain Name System, or DNS. These records are also known as DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF). Usually, when signing up with email providers, adding these records to your DNS system is the first step. Sometimes, if the records are absent when you send an email, it will display your email address followed by "sent via your email provider.”

Contact your IT department to confirm that they have email domain authentication in place, or use a domain-checker tool like Valimail.

Each email host has unique instructions for how to add the specific records, we recommend consulting with your provider's documentation or support team.

How a CMS Sends Email

WordPress and Drupal were created at a time when such applications were installed on general-purpose servers that could also send emails. As cloud computing has gotten increasingly specialized in the last two decades, it is no longer a safe assumption that the computer (or some abstraction thereof), running an application like a Content Management System, can send emails.

Sites running on Pantheon's containerized infrastructure will use our SMTP relays for sending regular emails like "forgot password" messages. However, the nature of containerization means that emails sent through this mechanism have a higher likelihood of getting flagged as spam or delivered slowly.

For more robust needs, like using WordPress or Drupal to generate marketing emails, it's always been a good idea to use a purpose-built third party for email delivery. Now it is more important than ever to do so.

We recommend that you integrate with a third-party email service, such as SendGrid or Gmail, to consolidate emails from a single source. Pantheon also has detailed instructions for how to set up the REST API with several email providers.

Will Pantheon continue to send my email if email domain authentication is not implemented?

Yes, Pantheon will continue to send your emails regardless of the email domain authentication status, although we cannot guarantee that the emails will be delivered after Gmail and Yahoo Mail have made their changes in February 2024. To ensure your emails are delivered, you must add email domain authentication for any custom domains you have added for your sites. If you are using a custom domain, the email will display as “your email via SendGrid.net” until you have added the email domain authentication.

How long do I have to make this change?

Gmail and Yahoo Mail have announced they will begin enforcing this change starting in February. No exact date has been provided. We recommend adding email domain authentication as soon as possible. 

What other email providers does Pantheon recommend?

Pantheon provides instructions for using the Rest API to integrate with several email providers: Sendgrid, Mailgun, Mandril, Postmark, Sendinblue, and SparkPost.

If I don’t have a custom domain, how do I ensure that my emails will continue to be sent?

Pantheon will add email domain authentication to any Pantheon domain before the February timeline. For instance, if you use the “forgot password” functionality within WordPress or Drupal core on a Pantheon dev environment like dev-mysite.pantheonsite.io, Pantheon will add email domain authentication to remove the risk of the email being rejected by Gmail and Yahoo Mail after the February deadline.

Can I add email domain authentication to Pantheon’s Front-End Sites?

We will introduce this functionality as we prepare for the Front-End Sites General Availability. Please reach out to your Pantheon representative if you need this functionality within a Front-End Site now. We do not anticipate many Front-End Sites sending emails.