Attention, Marketers: Gmail’s Recent Announcement Has Big Implications for Your Email Program
On February 9, 2016, Google, the world’s biggest email provider, announced that it will help its one billion monthly active Gmail users distinguish between good and malicious messages by showing them whether a sender’s identity can be trusted and whether an email could have been tampered with or viewed in transit.
Good vs. bad email: Gmail removes the guesswork for its users.
Effective immediately, if a user receives an email sent from a sender that did not encrypt the message using Transport Layer Security (TLS) encryption, Gmail will display a broken lock icon in the message.
In addition, if a user receives a message that can’t be authenticated with either SPF (Sender Policy Framework) or DKIM (DomainKeys Identified Mail), the sender’s profile photo or avatar will be replaced with a red question mark. Clicking on the icons will give the user more information about the authentication posture of the email in their inbox:
This announcement has important implications for marketers, who depend on email to drive leads and revenue for the business.
What does this mean for marketers?
Email is a critical marketing channel. It has an average ROI of $38 for each $1 spent and companies attribute 23% of their total sales to email.That’s why 73% of marketers agree that email marketing is core to their business.
Gmail’s new features draw a direct link between email authentication and user engagement—a link which has a big impact on marketers. If marketers are not diligent about encrypting and authenticating their emails the right way, their email campaigns could take a big hit, resulting in the loss of leads, conversions, and, ultimately, business.
Google has warned users that if they see the broken padlock or question mark icons, they should be hesitant about replying to or clicking on links within the message. The news media has also issued warnings to consumers. The Verge advises users “delete [unauthenticated messages] immediately”. The Inquirer’s advice is, “If you don’t like the look of [an email], do not engage with it.”
In the future, emails that bear these warning tags could fall into the spam folder or worse, be rejected by mailbox providers all together.
The solution lies in DMARC.
Implementing DMARC (Domain-based Message Authentication Reporting and Conformance) is the best way for organizations to protect their customers, their brand reputation, their business, and the engagement and deliverability of their legitimate messages.
As John Rae-Grant, Product Manager at Google said in the DMARC.org anniversary release, “We’re rapidly moving toward a world where all email is authenticated…If your domain doesn’t protect itself with DMARC, you will be increasingly likely to see your messages sent directly to a spam folder or even rejected.”
Through DMARC, organizations can determine which emails are not passing SPF and/or DKIM authentication checks, and identify how to fix those authentication issues. The following standard steps will help guide all parties toward full deployment over time.
Five steps to DMARC implementation.
Step 1: Select a sending domain. It could be your primary top level domain or a sub domain that sends a lot of email.
Step 2: Generate your record using our DMARC Creation Wizard (set the mail receiver policy to “none”).
Step 3: Work with your server administrator to add your DMARC record to DNS.
Step 4: Start receiving DMARC reports about your domain.
Step 5: Contact our Managed Service team and we will help you make sense of your email ecosystem, fast.
Want more advice for how marketing can collaborate with security to authenticate the email channel and protect the business? Download “The Marketer’s Guide to Email Fraud.”
About Robert Holmes
Robert Holmes is General Manager, Email Fraud Protection at Return Path. Rob has been in the brand & fraud protection industry for 15 years, helping major corporations understand, quantify and manage risk across the digital channels. Having previously held global roles running the product teams at Corporation Service Company and Melbourne IT's Digital Brand Services, Rob is a frequent speaker at major security events, including RSA Conference, Gartner Security & Risk Management Summit, FS-ISAC, and the global eCrime series. Rob has a MA (Hons) degree in Philosophy, Politics & Economics from the University of Oxford.