If you are a marketer, your mailbox must be full with warnings and checklists to make sure you comply with Google and Yahoo’s new mailing regulations. As a Mautic user, this is what you have to know.
Spoiler alert: there is a good chance you are covered. If you update your Mautic soon.
But let’s see in simple language what you need to take care of to comply with all regulations:
- Email Authentication
This is DKIM and SPF. Make sure you are covered, if not you can always use tools, like mxtoolbox to see if your settings are okay. If you are an Amazon SES user, here is an article how to set up DKIM and SPF.
An easier way to check if you pass. Send an email to your Gmail address, and click on see original, upper right side, three dots.
Choose See original. This is what you are looking for:
spf=pass (google.com: domain of email@example.com designates 18.104.22.168 as permitted sender) firstname.lastname@example.org;
To check DKIM, continue reading:
dkim=pass email@example.com header.s=ibpnrwgrbweb7fyixm4z35es6apvuedc header.b=cTf7T2pi;
dkim=pass firstname.lastname@example.org header.s=shh3fegwg5fppqsuzphvschd53n6ihuv header.b=pN7zp0EY;
We like the word ‘pass’. 🙂
2. valid PTR records
In other words: your IP should be connected with a domain name. It means you cannot send with a sloppy set IP address anymore. If you are an Amazon SES / Sparkpost etc user, this is the responsibility of your sending provider. They will set it to their own name. Example:
Received: from a3-4.smtp-out.eu-west-1.amazonses.com (a3-4.smtp-out.eu-west-1.amazonses.com. [22.214.171.124]) by mx.google.com with ESMTPS id w4-20020adff9c4000000b00336fbad3bb4si3023206wrr.154.2024.01.19.02.01.36 for <email@example.com>
If we take the example above, the IP 126.96.36.199 was the actual sender of this email. If we would check the reverse DNS (rDNS) for this IP, we would get the PTR record. In real world the IP would be the employee number of a postman, who delivers the letters. The PTR is his name. From now on Google and Yahoo would like to run things on the first name basis. I can’t blame them.
3. TLS connection
This refers to the secure communication when you are sending emails. If you use SMTP, then you probably connect with TLS, using port 465. (Plz note, SSL often refers to TLS in this case.).
If you have an API connection to Amazon SES / Sendgrid, etc, then you will use port 443 probably, which is encrypted, and they will communicate with the receiver over an encrypted connection.
Amazon SES has the option to send emails unencrypted if the receiver party is unable to receive otherwise. You can manage this in the configuration sets. It’s safe to say, that you don’t want to deal with such receivers, I wouldn’t torn this on.
4. Message formatting
Email contents, headers, etc are regulated by guidelines, and Mautic does send emails according to RFC 5322 guideline. There is no change, you are fine. But there will be a twist at the end of this article, so bare with me.
5. Impersonation of Gmail Headers
This has been blocked for a while, but they are emphasising once again. If you are using a third party SMTP, it is really hard to do this accidentally.
As an example of email spoofing, an attacker might create an email that looks like it comes from PayPal. The message tells the user that their account will be suspended if they don’t click a link, authenticate into the site, and change the account’s password. Big no-no.
6. DMARC Email Authentication
This ties back to Nr. 1. DMARC is a way to get feedback on how your email authentication is performing. You set DMARC in your DNS records. Part of this settings is what to do if the authentication fails, and where to send reports to. Here is a good tutorial on DMARC. If you don’t want to do your homework, but pass the exam, just set the following txt record with your domain:
“v=DMARC1; p=none; rua= mailto:(email address);“
This will tell GMAIL, care enough to set it up, but you don’t care about the authentication results.
7. ARC Headers for Forwarded Email
Have you ever watched a CSI show? If so, then you probably know about chain of custody. It allows to follow back the delivery of an item to the very source. In other words, you always know who had it when. This is very useful in emails as well. DKIM and SPF will help you to authenticate your email, Dmarc will watch if anyone is tinkering with your domain.
But what happens if an email is forwarded? Since the sender and email headers might change when forwarding happens, the email would be no longer authenticated. This is where you need ARC. It will preserve the original authentication details taking care of chain of custody.
8. One-Click Unsubscribe and Unsubscribe Header for Marketing Messages
Okay, so this is a tricky one, and this is where most Mauticians will fail and not reach inboxes. At all.
So let’s spend a little more time on this one.
Unsubscribe header places a little “unsubscribe” link over the email body. In Outlook for example looks like this:
And this is what you see in Gmail:
Like I said above, this is generated by the “List-Unsubscribe” header in emails:
So if you click on the link you’ll be ‘one click unsubscribed’. (It is called one click unsubscribe, but if you have a landing page with a preference center, it’s still tolerated. So the one click unsubscribe is actually 2 clicks… at least.)
Now you probably nervously check back all your previously sent newsletters to see if you really have this link as above, and if it’s present in the header.
If you are a Mautic 4 user, this will be in your header, but there is a good chance, it’s not displayed at the top of the email (at least with Gmail). You don’t need to worry, that’s not you, but Gmail. Back in 2009, when this was first announced, they already disclosed, that it will be not rolled out for everyone:
“This only works for some senders right now. We’re actively encouraging senders to support auto-unsubscribe — we think 100% should. We won’t provide the unsubscribe option on messages from spammers: we can’t trust that they’ll actually unsubscribe you, and they might even send you more spam. So you’ll only see the unsubscribe option for senders that we’re pretty sure are not spammers and will actually honor your unsubscribe request. We’re being pretty conservative about which senders to trust in the beginning; over time, we hope to offer the ability to unsubscribe from more email.“
As a Mautic user, this header must be already in your emails, and once you install Mautic 4.4.11, the second header will be also added:
The new requirement is to add this header to your marketing emails if you send more then 5000 email / day. But with the change of adding the one more header to make sure Spam filters can differentiate between regular links and your unsubscribe link in the email, so you don’t get accidental unsubscribes from systems, like Microsoft.
A new value is added to the header:
This communicates to the spam that, don’t touch the link, otherwise this contact will auto-unsubscribe.
If you think, you can just simply add this value to the header in the email / advanced tab, you are wrong. It won’t work the same way. One of the requirements are to be able to process a POST request properly.
However installing 4.4.11, will change the way this ‘one click unsub works’, instead of redirecting you to the default unsub page, only a message is displayed “User unsubscribed.” You can test how it works by posting to the unsubscribe link with the parameter “List-Unsubscribe=One-Click.
See example below:
Before installing patch 4.4.11, you would get a while HTML which cumbersome to process and would result in misinterpretation.
There are 2 benefits here:
- Accidental unsubscribes problem is solved. When anti-spam software checks these links, there are no longer accidental unsubscribes.
- The receiver system can better process the List-Unsubscribe header. If there is
a List-Unsubscribe-Post header present, the whole unsubscribe can be processed
without any user interaction in the background. Since now there is a proper feedback following the post request, the receiver can be sure that the unsubscribe was successful.
If you are on Mautic 4 and you send more then 5000 emails / day, you should upgrade to 4.4.11 as soon as possible. It’s safe, it’s fun, it’s the right thing to do.