Sammy is a “marketer” in his own mind. Getting people to participate in his Multi Level Marketing pyramid schemes is his life’s passion. This week’s product is Ginseng Triple Ginger Antioxidant Big Toe Salve. According to the marketing description of the product, it helps to take the stink out of the big toe and helps reduce the presence of pus around the toenail. It’s a real gem and promises to revolutionize the big stinky pus big toe solution industry around the globe. In order for Sammy Spamsalots to make any real traction, he’s got to send out at least 5,000 emails to non-suspecting recipients on the daily. “This should really move the needle” he thought as he clicked the send button on Tuesday’s special promotion, buy one Ginseng Triple Ginger Antioxidant Big Toe Salve and get one for ½ off. Sammy anxiously awaited the results, 1 sold, 3 sold, 16 sold, this was going to be a huge ROI! “Now, what should I send out tomorrow?” Sammy Spamsalots thought to himself? “If I send out to 10,000 Gmail and Yahoo addresses tomorrow, I’m going to sell at least 32 bottles!” Sammy’s life was about to turn around, but not in the way that you think.
A few weeks back, Sammy got an email from his IT company. They were encouraging him to update some MX records that would be necessary to help him keep his empire rolling on. “I don’t really have time for that, and what in the heck does any of this mean? I don’t really care about SPF, DKIM, and DMARC records, besides, this probably doesn’t apply to me anyway.
BUT, it does. Effective in 2024, anyone or any business that is sending out over 5K emails a day to Yahoo address, Gmail, and more, needs to have their SPF, DKIM, and DMARC records added to their DNS/MX records in order to keep spamming people effectively. The failure to do so will result in failed deliveries and potentially even blacklisted sending domains. You can learn more about this new requirement here > https://powerdmarc.com/google-and-yahoo-email-authentication-requirements/
We’re NEVER a huge fan of spamming your prospects, but at ASSI, our goal is ALWAYS to make your life easier. FIrst off, these new rules currently only apply to people/companies sending out huge quantities of email. So, for now, unless you’re doing that, you’re in the clear. HOWEVER, after consulting our Magic 8 Ball, Tom’s Mother-In-Law, and our intuition, this could be a thing for anyone sending email out to anyone down the road. The ultimate goal? Protect people from spookers, spammers, and cyber crooks.
So, what do you need to know about making these adjustments? First, we’ve got you covered if you’re not into making these mods to your registrar records, second, here’s a quick breakdown of what you need to know (slightly geeky…)
A FEW POWER TIPS FROM ASSI:
Google, AOL, Yahoo, Microsoft, and Apple want to ensure your emails are not coming from someone else with a man-in-the-middle attack. Using DMARC with SPF and DKIM protects organizations against spoofing and phishing emails.
Domain-based Message Authentication, Reporting, and Conformance (DMARC) works with Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to authenticate mail senders.
So we want to ensure that all domains we manage have a valid SPF, DKIM, and DMARC record.
SPF
An SPF record helps validate outbound email sent from your custom domain (is coming from who it says it is). It’s the first step in setting up the fully recommended email authentication methods of SPF, DKIM, and DMARC.
DKIM
Once you’ve set up SPF, you need to set up DKIM. DKIM lets you add a digital signature to email messages in the message header. If you don’t set up DKIM and instead use the default DKIM configuration for your domain, DMARC may fail.
DMARC
DMARC ensures the destination email systems trust messages sent from your domain. The DMARC TXT record identifies authorized outbound email servers. DMARC helps receiving mail systems decide what to do with messages from your domain that fail SPF or DKIM checks.
Here is an example of our suggested DMARC record: (note the areas in blue)
_dmarc.advancedsystemssolutions.com 3600 IN TXT “v=DMARC1; p=none; pct=100; rua=mailto:emailaddress@advancedsystemssolutions.com; ruf=mailto:emailaddress@advancedsystemssolutions.com; fo=1”
What does all that mean?!
The dmarc is the domain you want to protect. (By default, the record protects mail from the domain and all subdomains. For example, if you specify _dmarc.advancedsystemssolutions.com, then DMARC protects mail from the domain and all subdomains, such as computers.advancedsystemssolutions.com or cabling.advancedsystemssolutions.com.)
3600
The TTL should always be the equivalent of one hour. The unit used for TTL, either hours (1 hour), minutes (60 minutes), or seconds (3600 seconds), will vary depending on the registrar for your domain.
PCT
pct=100 indicates that this rule should be used for 100% of email. (DUH)
P (Short for Policy)
The policy specifies what policy you want the receiving server to follow if DMARC fails. You can set the policy to none, quarantine, or reject. This is how the recipient will handle your email if it does not pass SPF and DKIM checks.
Policy Examples:
Policy set to none
_dmarc. advancedsystemssolutions.com 3600 IN TXT “v=DMARC1; p=none”
Policy set to quarantine
_dmarc. advancedsystemssolutions.com 3600 IN TXT “v=DMARC1; p=quarantine”
Policy set to reject
_dmarc. advancedsystemssolutions.com 3600 IN TXT “v=DMARC1; p=reject”
Rua & Ruf
The email address used to send RUA (Aggregate Reports) and RUF (Forensic Reports) details. These are reports sent after a DMARC check failure.
A USEFUL TOOL:
Want to ensure that your entries are all nice and accurate? Check out this nifty tool > https://www.appmaildev.com/
Select “Next Step”
Send an email to the email address provided
See your status!
So, in conclusion, so sorry Sammy Spamsalots, you’ll need to find a better way to pitch your wares (thank God.) Also, reach out to the ASSI team today to get your records all updated and shiny and clean. RELAX, we’re on IT. Call (407) 414-6626 today.
