Google has started automatically blocking emails sent by bulk senders who don’t meet stricter spam thresholds and authenticate their messages as required by new guidelines to strengthen defenses against spam and phishing attacks.

As announced in October, the company now requires those who want to dispatch over 5,000 messages daily to Gmail accounts to set up SPF/DKIM and DMARC email authentication for their domains.

  • Sybil@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    1
    ·
    8 months ago

    it’s in the article. more than 5000 messages to gmail users per day without dkim

      • Jyek@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        7
        ·
        8 months ago

        DKIM is the standard for verification right now. This isn’t an anti-competition play. I manage DKIM records for my clients all the time. Yahoo, SB global, and At&t enforced DKIM requirements a few months back and it’s been a headache but it has made a huge difference in spam emails.

        For anyone who doesn’t know what DKIM is, it’s a method of an email provider getting a sort of green flag from the host domain name. So if you have an email address [email protected] and your email provider is Microsoft 365 and your domain provider is goDaddy, Microsoft says to goDaddy, “hey I’m sending this email, can you verify that I have permission to send from the domain my business.com?” And go daddy checks for DKIM records from Microsoft and sees it and says “yes sir, this is approved.” Then M365 sends the email, and if the recipient requires DKIM to receive the email at [email protected], Yahoo looks at the domain and asks, “hey goDaddy, it says you host this, is this email legit?” And goDaddy says “yep it’s all legit, give it to the recipient.”

        This effectively eliminates messages sent from a domain without DKIM records as well as spoofed emails because those spoofed emails never checked in when sending.

        I appreciate the skepticism but this is a security play, not a business one.