I recently sat down with Neil Kumaran, Product Lead at Google, and Marcel Becker, Senior Director, Product Management at Yahoo, to discuss email authentication and the bulk sender requirements both companies have recently implemented.
As Google and Yahoo began rolling out changes in February 2024 to make inboxes a safer place for legitimate senders and recipients, it was important to have an open conversation about the motivations behind these new rules, why email authentication is crucial and central to these rules, and the collaborative efforts underway to strengthen protections across the email ecosystem.
If you missed the roundtable discussion we hosted with Kumaran and Becker and would like to watch the whole thing, check out the video here:
However, I still wanted to share the key takeaways from our conversation with you.
Increasing Threats Drive Urgent Need for Action
With threats like spam and phishing skyrocketing, the need to take steps to authenticate email and raise protections for inbox users is more important than ever. Google and Yahoo recognized the value of providing guidance and tools to enhance the safety and security for senders and recipients alike. Email authentication gives senders the ability to validate “hey this is actually from me,” and as a result, they’re more likely to reach inboxes with mail customers want to see. While they as mailbox providers work to deliver email to their users that the users want and the spam and bad actors out.
Think of it this way: it’s not about identifying spam – Most email (over 90%!) is spam. The job of the system is to deliver mail that the user wants. If we don’t know who the mail is from, then we don’t want it.
Requirements Aimed at Improving Safety for All
Senders should see these new requirements as an opportunity to work together through open standards to create a safer experience for all users. The goal is to make email more secure for both senders and recipients by reducing spam and improving the deliverability of legitimate and wanted messages.
Authentication Is Key to Reducing Impersonation Risks
The requirements are also starting with large email senders for a reason. Large senders face the greatest risks of impersonation and potential damage to the most number of recipients due to their volume, and authentication helps address this by verifying senders’ identities. Having large senders as the initial group to meet requirements also helps make a bigger impact and an overall meaningful difference in the ecosystem.
It was a unanimous consensus that all senders, of all sizes, should be looking to validate their compliance, protect their domain, and close any gaps. While authentication alone won’t stop all threats, combining SPF, DKIM, and DMARC forms a stronger foundation of protection for everyone.
We’re All In This Together
As the conversation wrapped up, we shared our encouragement to focus on the bigger picture and why we’re doing this as an industry. It’s important to remember there are tools and guidance available to help companies of all sizes understand the compliance journey. Further emphasizing the importance of a collaborative effort that aims to improve deliverability and strengthen email protections for all.
At the end of the day, strong authentication is a Northstar and it makes the whole system more effective and efficient. For everyone.
Seth Blank, CTO of Valimail