DKIM, DMARC & SPF - How Google Plans to Secure Email

In response to the never-ending barrage of spam and phishing emails, Google plans to implement arguably extreme measures to ensure the emails received by Gmail inboxes are from who they say they're from. 

Here's what all these acronyms stand for:

  • DMARC (Domain-based Message Authentication, Reporting & Conformance)

  • SPF (Sender Policy Framework)

  • DKIM (Domain Keys Identified Mail)

As you might have guessed from these terms, the plan (in broad strokes) is to insist that emails have the capacity to be matched back to the domains they purport to come from. What this means though, is that some senders (probably not all, at least initially) will need to make some additions to the systems that send their emails, in order to allow this to happen. This is likely to impact businesses, as opposed to individual users. Scammers don't bother with individual emails - they send thousands at a time, so bulk senders will be the main target of this rule when it's implemented. How they decide who is a bulk sender and whether this is eventually extended to all senders is yet to be seen.   

So what do I need to do about this?

Just be aware that these changes are coming. If you're involved with a business that sends a lot of emails you may want to better acquaint yourself with the issue. Here are a couple of articles to begin with:

If you find that your emails sent to Gmail email addresses are bouncing back this could be why. Please contact us if you find this happening, particularly if you're one of our business clients for whom we manage your MS365 licensing. We will be able to make the necessary changes at the back end to legitimise your emails under Google's impending regulations. 

If you have a Gmail email address and find that your regular newsletters or advertising emails aren't coming through anymore, this could be the reason. In these cases it will be up to the senders to make the necessary changes on their end.