Google, Yahoo announce new email authentication requirements for 2024

Google and Yahoo have both announced new email authentication requirements that will come into force in 2024. From early next year, bulk Gmail and Yahoo Mail email senders will need to strongly authenticate their emails following well-established best practices such as DMARC, SPF, and DKIM, the pair said. The move aims to help the firms better identify and block malicious messages and declutter users' inboxes, limiting attackers' ability to exploit resources without detection. Bulk senders will also be required to enable easy unsubscription and ensure they're only sending wanted email, Gmail and Yahoo stated.

The lack of secure email authentication protocols exposes organizations and users to increased risk of businesses email compromise (BEC) and phishing attacks. In June, research from cybersecurity firm Proofpoint found that less than half (47%) of 150 banks incorporated in the UK implement the strictest and recommended level of DMARC. This is subjecting customers, staff, and stakeholders to increased risk of email-based impersonation attacks, the vendor said.

Bulk Gmail, Yahoo Mail senders must authenticate following best practices

Many bulk senders don't appropriately secure and configure their systems, allowing attackers to easily hide in their midst, Google wrote. "To help fix that, we've focused on a crucial aspect of email security: the validation that a sender is who they claim to be. As basic as it sounds, it's still sometimes impossible to verify who an email is from given the web of antiquated and inconsistent systems on the internet."

In the first quarter of 2024, Gmail and Yahoo Mail will start to require bulk senders to strongly authenticate their emails following best practices. "Ultimately, this will close loopholes exploited by attackers that threaten everyone who uses email," according to Google.

"We firmly believe that users worldwide deserve a more secure email environment, with fewer unwanted messages for an improved overall experience," said Neil Kumaran, group product manager, Gmail security and trust. "We look forward to working with peers across the industry to boost the adoption of these email standards that benefit everyone."

No matter who their email provider is, all users deserve the safest, most secure experience possible, commented Marcel Becker, senior director of product at Yahoo. "In the interconnected world of email, that takes all of us working together. Yahoo looks forward to working with Google and the rest of the email community to make these common-sense, high-impact changes the new industry standard."

Both Google and Yahoo have published guidance on improving email systems before enforcement begins next year.