Getting email authentication right just got a lot more important.
In 2016, Google’s Gmail team announced that it would be rolling out two changes in how Gmail displays email messages to its web users.
The first change: If you’re reading email from (or sending email to) someone whose servers don’t support TLS encryption, you’ll see a broken lock icon.
But the second change is a much bigger deal: If you receive a message whose sender can’t be authenticated, you’ll see a Gmail question mark instead of the sender’s photo, logo, or avatar.
It’s that second change that should have anyone who relies on email for marketing or customer communications paying close attention.
Never mind how much work you’ve done building trust with your customers and prospects. Never mind how many opt-ins they’ve given you or how much care you put into crafting your email messages and ensuring their formatting is on-brand. If those messages don’t authenticate, they’ll have a big, bold question mark right next to them in Gmail.
Google’s illustration of how authenticated and unauthenticated emails will look.
What does the Gmail question mark mean?
Google is careful not to say that this means every message with a question mark is suspect. “Not all affected email will necessarily be dangerous,” Google wrote. “But we encourage you to be extra careful about replying to or clicking on links in messages you’re unsure about.”
But there’s no question that Google is injecting a note of doubt into recipients’ minds (not to mention blocking out the more customer-friendly logo or avatar that ordinarily represents your company in people’s inboxes). That is not exactly the move you want to make when trying to establish a relationship of trust with the people you’re selling to.
Google is making this move now because phishing attacks have reached epidemic proportions. For example, a single gang of cybercriminals successfully used phishing attacks against about 670 victims, getting them to install malware and then pay to have it removed. That one attack cost the victims $330,000 in Bitcoins.
The phishing problem is so bad that the FTC even warned U.S. citizens to be alert for fake emails from the Social Security Administration.
Unfortunately, the usual warnings to watch out for fake emails don’t solve the problem. In fact, they make it worse because they teach users to be suspicious of your emails.
Authenticate to avoid the question mark
Email authentication is the most effective and authoritative way to stop email phishing because it prevents fraudsters from sending messages that appear to be from other sources. It ends scammers impersonating the Social Security Administration, Target, Walmart, or anyone else. With authentication, you know that the sender really is who the email says it is.
Showing question marks for non-authenticated email senders is just one step in a series of steps Google has taken to support and enforce email authentication. It’s not the only one: Yahoo! Mail, AOL Mail, and Microsoft’s Hotmail support authentication too.
For now, Google’s authentication effort is focused on two core authentication standards: SPF and DKIM. Eventually, it will likely move to support a more modern standard, DMARC, that incorporates both SPF and DKIM and ties them together in an even harder way to spoof.
The problem for marketers is that most IT departments have struggled to implement email authentication correctly. It’s not enough to implement SPF and DKIM. You have to implement them correctly, or Gmail will flag your messages as non-authenticated.
Does your domain have authentication enabled correctly? Use our free and easy tool to check whether authentication is working for your domain.
How Valimail can help with email authentication
With its innovative approach, Valimail can automate—and maintain—email authentication for you. With our system:
Marketers will be happy because their emails will have improved deliverability, brand protection, and consumer protection. And there will be no scary Gmail question marks next to their messages in Gmail.
Messaging teams will benefit from Valimail because our system gives them visibility and control over email authentication and who is authorized to send messages on the organization’s behalf.
Security executives will be pleased with Valimail because authentication makes it much harder for scammers to spoof emails, thus increasing customer and employee protection.
To see how our authentication products can help protect your domain, schedule a demo today.