• United States



UK Editor

Google, Yahoo announce new email authentication requirements for 2024

Oct 05, 20233 mins
AuthenticationEmail Security

Bulk Gmail and Yahoo Mail email senders will be required to strongly authenticate their emails following well-established best practices such as DMARC, SPF, and DKIM.

Google and Yahoo have both announced new email authentication requirements that will come into force in 2024. From early next year, bulk Gmail and Yahoo Mail email senders will need to strongly authenticate their emails following well-established best practices such as DMARC, SPF, and DKIM, the pair said. The move aims to help the firms better identify and block malicious messages and declutter users' inboxes, limiting attackers' ability to exploit resources without detection. Bulk senders will also be required to enable easy unsubscription and ensure they're only sending wanted email, Gmail and Yahoo stated.

The lack of secure email authentication protocols exposes organizations and users to increased risk of businesses email compromise (BEC) and phishing attacks. In June, research from cybersecurity firm Proofpoint found that less than half (47%) of 150 banks incorporated in the UK implement the strictest and recommended level of DMARC. This is subjecting customers, staff, and stakeholders to increased risk of email-based impersonation attacks, the vendor said.

Bulk Gmail, Yahoo Mail senders must authenticate following best practices

Many bulk senders don't appropriately secure and configure their systems, allowing attackers to easily hide in their midst, Google wrote. "To help fix that, we've focused on a crucial aspect of email security: the validation that a sender is who they claim to be. As basic as it sounds, it's still sometimes impossible to verify who an email is from given the web of antiquated and inconsistent systems on the internet."

In the first quarter of 2024, Gmail and Yahoo Mail will start to require bulk senders to strongly authenticate their emails following best practices. "Ultimately, this will close loopholes exploited by attackers that threaten everyone who uses email," according to Google.

"We firmly believe that users worldwide deserve a more secure email environment, with fewer unwanted messages for an improved overall experience," said Neil Kumaran, group product manager, Gmail security and trust. "We look forward to working with peers across the industry to boost the adoption of these email standards that benefit everyone."

No matter who their email provider is, all users deserve the safest, most secure experience possible, commented Marcel Becker, senior director of product at Yahoo. "In the interconnected world of email, that takes all of us working together. Yahoo looks forward to working with Google and the rest of the email community to make these common-sense, high-impact changes the new industry standard."

Both Google and Yahoo have published guidance on improving email systems before enforcement begins next year.

UK Editor

Michael Hill is the UK editor of CSO Online. He has spent the past five-plus years covering various aspects of the cybersecurity industry, with particular interest in the ever-evolving role of the human-related elements of information security. A keen storyteller with a passion for the publishing process, he enjoys working creatively to produce media that has the biggest possible impact on the audience.

More from this author