Email Authentication FAQ & February 2024 Google and Yahoo Changes

Hello Community!


Starting February 2024, Google and Yahoo will be enacting changes to their self-authentication requirements, and we want to ensure that our customers have access to the most up-to-date information and resources to prepare. We made sure to push resources and notifications as soon as we could following the announcement last year, and we know going forward these kinds of questions will crop up regularly.


Due to the technical nature of authentication, it is recommended you work with either a) your organization’s IT department, b) your website host’s support, or c) your domain host directly, to make sure everything is set up correctly for your domain and Constant Contact account.


Remember, if you’re unable to find your answers from the resources linked here, or the FAQs answered, you are always welcome to email our team at social_support(at)constantcontact(dot)com. Please make sure to include your account username (not the password, just the username so we can match the case with the account), and your questions regarding self-authenticationIf the question must be passed along to our Delivery team to address, we’ll notify you that we’re forwarding the case to their team, and give you a time frame of when to expect a response.


Quick reference to self-authentication resources


Click to see more


Defining Key Terms


Click to see more

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol that helps prevent email spoofing and phishing attacks. It allows domain owners to specify how email receivers should handle messages that claim to be from their domain. For an overview of DMARC, please visit their official site.


See also:

What is a DMARC policy and why do I need one?


DNS (Domain Name System) is a decentralized system that translates domain names (e.g., into IP addresses - think of it like a phone book or cell phone’s Contacts app. It enables users to access websites and other internet services using human-readable domain names instead of numerical IP addresses.


See also:

Update your DNS records through your hosting provider to finish setting up self-authentication


DKIM (DomainKeys Identified Mail) is an email authentication method that allows the sender to digitally sign their emails. This signature verifies that the email was not tampered with during transit and confirms the sender's identity. In regards to our services, this is your stamp of approval on emails you have us deliver for you, increasing trust between Constant Contact and receiving email programs, networks, and internet service providers.


CNAME (Canonical Name) is a type of DNS record that maps an alias (or canonical name) to the actual domain name. It is often used to redirect one domain or subdomain to another. For example, when you’re setting up CNAME authentication in your account, this establishes the paper trail for the receiving system to track your approval of us delivering your emails on your behalf.


See also:

Troubleshooting DKIM self-authentication using CNAME


TXT (Text) is a type of DNS record that allows domain owners to add arbitrary text information to their DNS zone. It is commonly used for various purposes, such as domain verification, SPF records, and DKIM keys. This is the best methodology if you’re using your domain across multiple Constant Contact accounts.


SPF (Sender Policy Framework) is an email authentication protocol that helps prevent email spoofing. It allows domain owners to specify which mail servers are authorized to send emails on behalf of their domain. When you add us to your SPF records, it tells receiving networks that we are sending on your behalf, and to be trusted for these email deliveries. 


SenderID is an email authentication protocol that was developed by Microsoft. It is similar to SPF and helps verify the sender's identity by checking the "Purported Responsible Address" (PRA) against the authorized mail servers. 


See also:

Include Constant Contact IP addresses in your SPF or SenderID record


Self-Authentication refers to the process of verifying the authenticity of an entity (such as an email sender) using its own credentials or digital signatures. It ensures that the entity is who they claim to be, and that the information they provide has not been tampered with.


See also:

Self-authenticate your emails using your own domain


What are the changes to Google and Yahoo's self-authentication requirements?


Click to see more

Both Yahoo and Google are strengthening their email security measures, particularly in the area of authentication. Mail sent through Email Service Providers (such as us) without proper authentication after February 1st may result in higher rates of bounced messages or placement in the junk/spam folder.

There are a variety of reasons why these changes are being made but a few big ones are:

  1. Spam Reduction: Unauthenticated or improperly authenticated emails can contribute to the influx of spam in users' inboxes. Strengthening email authentication helps in filtering out illegitimate emails, reducing the chances of users receiving unwanted or harmful content.
  2. Enhanced User Trust: With the prevalence of online threats, maintaining user trust is crucial. By implementing stricter email authentication measures, Google and Yahoo seek to provide a more trustworthy and secure email experience for their users.
  3. Global Cybersecurity Standards: As part of the broader effort to align with global cybersecurity standards, these changes are intended to contribute to a safer and more standardized email ecosystem.


How widespread is the impact of this change?


Click to see more

As Google and Yahoo are two of the most popular email programs / apps, these changes will significantly impact email delivery across the net, including other Email Service Providers. In fact, over 60% of emails sent through us go to Gmail and Yahoo addresses. Some email programs, such as Outlook (and other Microsoft-based programs) have been doing this for awhile, and many larger institutions like major corporations, public school districts, and government agencies also have particularly stringent requirements and filters. 


These changes apply regardless of the business, organization, or industry - if you have your own domain, self-authentication is the best practice to improve your delivery reputation.


What if I don’t self-authenticate my account, despite using my own domain for sending?


Click to see more

Constant Contact will rewrite your 'From' address to our own domain ( for paid accounts, for trial accounts) which includes a DMARC record to meet authentication requirements. Please see our article on verifying addresses for further info.

With that said, sending from your own domain and using self-authentication
is an industry best practice as it provides better branding and will likely result in better deliverability. 


See also:

Tips to improve and maximize your email deliverability rate


What if my From address is a free domain (i.e. Gmail, Yahoo, AOL, etc.)?


Click to see more
We will be handling the authentication on our backend, which will result in being included in your sending address. Please see our article on verifying addresses for further info on setting this up, as well as our main article on the ccsend rewrite changes


Where will auto-replies like vacation and mailbox full notifications go if my from address has been rewritten? Are my reply-to addresses also rewritten?


Click to see more
These auto-reply functionalities will still trigger, and most likely, target the original sending address. Even with the rewrite for the sake of authentication, these auto-replies should still be getting set to the original sending address. However this can vary based on a myriad of factors, such as the receiving network and email clients' settings.

Regardless of your authentication setup, whether you're relying on our rewrite or you've setup self-authentication, you reply-to addresses will appear as normal.


What is email authentication, and how do I implement it?


Click to see more

Email authentication is a set of techniques and protocols used to verify the legitimacy of an email message and ensure that it hasn't been forged or altered. This is important for preventing spam, phishing, and other malicious activities.


There are a few different methods of self-authentication for emails, however we’d recommend following along with our main article on the topic. Due to the technical nature of authentication, it is recommended you work with either a) your organization’s IT department, b) your website host’s support, or c) your domain host directly to make sure everything is being set up correctly for your domain and your Constant Contact account.



My domain host and website host are two different entities. Who do I reach out to ?


Click to see more
This will entirely depend on whichever entity hosts your DNS records. There are resources online for determining who hosts your DNS records, such as this site


I have multiple Constant Contact accounts utilizing my domain. Which self-authentication method do I use?


Click to see more
If you have multiple accounts using a single domain for sending (less than 20), then you’ll need to use the TXT self-authentication method for each account. Trying to use the CNAME method when multiple accounts are sending from the same domain will result in errors, including scheduled sendouts becoming errored out.


What if I have only one account, but I send from multiple domains?


Click to see more
At this time, only one domain can be self-authenticated per account.


I entered the required information, but I'm getting errors when trying to send/schedule my emails. Why is this happening? 


Click to see more

If you encounter errors after entering the required information, double-check that you have followed the instructions correctly. Ensure that the DNS records are set up accurately, and allow some time for the changes to propagate


You won't be able to send emails until your DNS records fully propagate, which can take up to 48 hours. Make sure your webmaster or IT admin (if applicable) is looped into the process before you generate your DKIM key. Sending an email after your DKIM key is generated, but before your DNS record is updated, results in an error message.

Additionally, while updating your DNS records, make sure your domain host isn't one that automatically includes your domain. If this is the case for your DNS provider, the first half of the key as provided can be added to the Host Name/Record without your domain. With these hosts, copying exactly what's provided in your Constant Contact account without removing your domain will result in errors.

After your DNS record is updated, it's best to
send a test email before sending an email to your contacts. If the issue persists more than 48 hours after you’ve updated your DNS records, please reach out to one of our available support channels (phone, chat, social media DMs, or the Community) for further assistance.


See also:

Troubleshooting DKIM self-authentication using CNAME

Error Message: We Could Not Verify Your Authenticated Sender Address

DMARC reporting errors with self-authentication


Is there a more centralized area, or a webinar I can watch to get a better understanding of what these changes are, and what I need to do in my account?


Click to see more

Absolutely, these two spots in our Community will be excellent resources when it comes to Google and Yahoo’s authentication changes, as well as for overall email delivery.

Email Delivery in 2024: Success Hub

Q&A: What you need to know about Google and Yahoo’s new requirements [12/20/2023]


Who should I reach out to if I have additional questions regarding my account’s self-authentication?


Click to see more
Our general support teams available via phone, chat, social media, and the Community are trained to provide standard insight and troubleshooting for self-authentication. If you (or your IT department) are needing particularly advanced support, then we’d recommend speaking with our Delivery team directly



Our Community & Social Care team is here to help. If you need clarification on anything mentioned above, you’re still experiencing issues, or you need us to submit a callback ticket, please email us at social_support(at)constantcontact(dot)com, with your account username and any relevant info regarding your support request included. 

Version history
Last update:
‎05-14-2024 05:43 PM
Updated by:
Labels (1)