Nixon Digital

Google’s New Email Security Requirement

Introduction – what is the challenge? 

Every minute 240 million emails are sent which are either automatically detected or manually reported by users as SPAM. A large mail provider such as Google (Gmail) has announced taking additional measures to be able to increase the number of automatically detected mail before they are delivered into the mailboxes of their users (link: Gmail introduces new requirements to fight spam (blog.google)

If your company communicates with individuals using Gmail, these interactions could be affected if you don’t take the necessary steps. It’s important to note that this impact isn’t limited to mass emailings (like campaigns or newsletters) but also includes individual emails (the usual back-and-forth between people). 

Why is this a challenge?  

If your company communicates through various domains, each one must be checked to ensure necessary measures are in place. This task can be challenging, especially if many domains are actively used for email. The key question is whether you maintain a centralized list of all these domains and subdomains in use. Additionally, manually verifying each domain’s compliance can be a time-consuming process. 

What will happen if you don’t take action?  

If you fail to adopt the specified measures, your sent emails will not reach their destination. It’s important to understand the distinction between emails not being delivered and being marked as SPAM. An undelivered email won’t even appear to the recipient, meaning they won’t have the option to mark it as NOT SPAM. 

How can you solve it / What does the solution look like?  

Ideally, an agreement is reached on the standard to be implemented, typically a collaboration between the DNS management team (IT) and the security department to define the necessary settings. Once the standard is established, you’ll consult your CMDB (the centralized database that holds all the details about the domains your company owns) to check the settings for those domains using email services. From the current settings, you’ll compile a list of required adjustments. After making these adjustments, you’ll implement a policy to ensure that any time mail services are initiated for new or existing domains, the DNS management team is alerted if the predefined settings are not in place. 

How can the Nixon Team / Platform help you?  

The specialists of Nixon Digital have created a simple One Pager that explains DMARC and DKIM, detailing the settings necessary for successful email delivery. 

Our clients using the Nixon Platform benefit from an integrated CMDB, providing them with the information needed to identify which domains are not configured to meet the specified standards. This ensures peace of mind with a constantly updated list of domains that are correctly set up. With our Rule Management feature, you can effortlessly establish a notification system for your DNS management team to alert them whenever there’s a mismatch between the established standards and the actual settings. 

To summarise:

These new cutthroat requirements Google has announced carry the risk of your emails not reaching the desired mailboxes at all. Since Gmail has 29% of the market share worldwide, you are at risk of 29% of your emails not being delivered at all. Now the question becomes, whether you have insight into which of your domains are used for mail?

Are your (MX) records setup correct in case a domain is:

  • not used for mail
  • is used for 1-to-1 mail (like Outlook)
  • is used for 1-to-many mails (Campaign mailings)

Last week we tried out our latest feature to validate whether this is the case for a client, and guess what?
We found out that their mails are no longer delivered to recipients using @gmail.com for a large mail campaign that they have. What a nightmare!

Thanks to the Nixon Platform however, we can help our client validate (owning approximately 100+ domains) whether their domains are correctly configured so they are resilient and set up for success; and in case the domain is not used for mail, it’s set up in a way that prevents it from being abused (phishing/spoofing).

The Nixon Platform will continuously validate for you:

  • Are the settings related to DKIM, DMARC and SPF configured according to its use
  • Give recommendation how to fix this
  • Enable you to automatically assign the action to the right agency (to get it fixed) or DNS administrator

You will never have sleepless nights because unused domains are abused for phishing or spoofing.