Gmail, Yahoo and others are making big changes in February 2024 that might prevent your customers from receiving marketing material and even invoices if your domain isn't correctly set up and managed.
Our managed clients are all prepared for the new requirements because we:
The Domain Name System (DNS) translates your domain (e.g. threeshield.ca) to the numbers that computers use to find their way around the Internet. A few years ago, the Internet community used this system to decrease spam and improve your email reputation to improve the chances that emails you send to your customers and prospects make it past the Spam or Junk Mail folders.
The key elements for this are SPF, DKIM, and DMARC.
SPF tells other servers what services are allowed to send email on your behalf. You can also use it to tell email recipients how confident you are in your list and instruct them to treat others with suspicion or completely block them.
This is an example:
The above example says that email servers that Microsoft has added to spf.protection.outlook.com or from 126.96.36.199 can send email on behalf of the domain that set this up.
The tilde (~) before all in ~all means that they aren't 100% confident, so don't automatically block emails from other sources. In contrast -all would show a strong confidence level and block all others.
DKIM allows your email provider to sign emails to give an additional confidence level that the messages are actually yours and haven't been tampered with from when they left your mail server to when they reached your recipient.
Typically, your service provider will provide this to you to add to your DNS.
DMARC brings this all together: it allows other email servers to report emails that it receives from service providers that aren't authorized in your DKIM or SPF. It also allows you to instruct email recipients to reject or quarantine messages from other email providers.
There are a few companies that process DMARC records. However, we became frustrated with the limited amount of information that they provided. Some would give the domain, some would give the host, but none seemed to dig deep into the country, ISP, host, and give us statistics on which seemed to be malicious and which weren't -- so we built our own.
This internal tool has been essential for us to make sure that our clients can confidently signal higher levels of confidence in their SPF and DMARC records to reduce the likelihood that their emails would get quarantined or fall into the spam folder.
As of February 2024, Google is just requiring DMARC records. They do not have to have to be set to block or quarantine messages. However, they are making the change to quarantine and block internally and will likely be enforcing it as a next step, so it's important to get your ducks lined up in advance.
Given that our internal DMARC tool gathers statistics and flags potentially harmless and harmful email providers, the more organizations using the tool, the more powerful it is.
As such, we're making it available to accredited MSPs who want to use the same powerful technology with their clients through our Lavawall® platform.
" ThreeShield has employed a dynamic, risk-based approach to information security that is specific to our business needs but also provides comfort to our external stakeholders. I recommend their services. "
" Collaborating with ThreeShield to ensure data security was an exciting and educational experience. As we exploded in growth, it was clear that we needed to rapidly mature on all fronts, and ThreeShield was integral to building our confidence with information, software, and infrastructure security. "
" ThreeShield helped us focus our efforts, enhancing our security posture and verifying PCI compliance.
All of this was achieved with minimal disruption to the engineering organization as a whole.
The approach was smart. In a short time, we accomplished what much larger companies still struggle to achieve. "
Senior Director of Systems and Build Engineering
" ThreeShield very much values active and respectful collaboration, and went out of their way to get feedback on policies to make sure proposals balanced business needs while not making employees feel like they were dealing with unreasonable overhead. By doing so ThreeShield really helped change the culture around security mindfulness is positive ways. "
29 January 2024
13 February 2023
2 February 2023
16 January 2023
26 March 2021