Google, Yahoo, and Apple recently announced a joint effort to reduce the number of unwanted emails received by users. Beginning in February 2024, they will start enforcing strict requirements on mail from high-volume senders.
Who is impacted?
If you are responsible for an application, center, website, or service that sends emails from a CBS domain (i.e., @gsb.columbia.edu or @columbia.edu), you should read on; you may need to take action. If you’re sending exclusively from CBS Microsoft 365, Campus Groups, or Google (LionMail), your emails already meet the new email authenticity requirements and you do not need to take action.
What is changing?
Starting in 2024, Google, Yahoo, and Apple will require all senders to follow email authentication best practices and policies for all domains (e.g., gsb.columbia.edu). Senders must have valid forward and reverse domain name records published for their mail servers and use a proper secure connection for sending mail. Google, Yahoo, and Apple also track user-reported spam rates for mail received from our domains. That rate must be below 0.3%.
High-volume senders will be subject to even stricter requirements related to email authentication. Additionally, marketing emails and newsletters will need to offer recipients the option to unsubscribe from future emails through a one-click unsubscribe that should already be in your email templates. Senders who don’t comply with the new requirements will be subject to message rate limiting and blocked messages, or the messages will be marked as spam.
While these changes are intended to target spam and unwanted marketing mail, CBS falls into the category of a high-volume sender, and we expect these rules will apply to us. We also anticipate Microsoft and other large email providers will make similar announcements within the next year.
What should you do?
If you are sending mail using servers or services other than CBS Office 365, Google, or Campus Groups, then you should review our policies website and CUIT’s IT Policies and Strategies website.
Marketing & Communications has identified nearly all of the email communications platforms in use by CBS sending as our domains. We need to work with service owners to address any gaps in best practices for sending emails.
What does this mean for CBS?
When our systems send out bulk emails or emails from platforms (e.g., Slate) not normally tied to our email servers (Microsoft Office365/Exchange & Google), they “spoof” our email address so that end users see it coming from CBS and not from a different vendor. Some examples: MailChimp, Constant Contact, reports tooling, 3rd party applications hosted by vendors, etc.
Google and Yahoo changed the rules and are now requiring all email messages being sent must come from sources tied directly to the proper record. This change can have an impact on tooling and platforms that may be sending emails as “gsb.columbia.edu” or “business.columbia.edu” or any of our domains without proper configurations. These tools and platforms will be flagged as impersonating our domain and their emails most likely will not reach intended users unless they have configurations set correctly.
We have two options available to ensure email deliverability for these:
- Change the FROM address for emails to come from a vendor-managed address (e.g., [email protected]) and ensure the vendor platform configuration records align. (Preferred).
- You can still have the REPLY TO address go to your preferred/required address (e.g., [email protected])
- If the recommendation above is not a viable option, CUIT can work with the respective group to create a custom domain address dedicated to the Platform/Application to use. We will need to select an address to use. CUIT will verify it is not used elsewhere. The address will be provisioned as a subdomain: (e.g., [email protected]). CUIT can create an appropriate record for that domain selected (e.g., @communications.gsb.columbia.edu).
What we may have to do is come up with a FROM email address to serve as the official record for Google and Yahoo while we can also set the REPLY TO email address to be whatever you need.
Thus, the idea of [email protected] as the FROM address with [email protected] as the REPLY TO address. We have to implement these changes by February 2024.
Note: If a recipient wants to compose an email message (outside of replying to a marketing campaign), and send their email to that specific custom domain address (e.g., [email protected]), there is some additional work required involving CUIT.
If you have any questions or concerns, please contact David Moretti, Senior Director of Digital Marketing & Technology.