Starting February 2024, Google and Yahoo will be enacting changes to their self-authentication requirements, and we want to ensure that our customers have access to the most up-to-date information and resources to prepare. We made sure to push resources and notifications as soon as we could following the announcement last year, and we know going forward these kinds of questions will crop up regularly.
Due to the technical nature of authentication, it is recommended you work with either a) your organization’s IT department, b) your website host’s support, or c) your domain host directly, to make sure everything is set up correctly for your domain and Constant Contact account.
Remember, if you’re unable to find your answers from the resources linked here, or the FAQs answered, you are always welcome to email our team at social_support(at)constantcontact(dot)com. Please make sure to include your account username (not the password, just the username so we can match the case with the account), and your questions regarding self-authentication. If the question must be passed along to our Delivery team to address, we’ll notify you that we’re forwarding the case to their team, and give you a time frame of when to expect a response.
Quick reference to self-authentication resources
Defining Key Terms
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol that helps prevent email spoofing and phishing attacks. It allows domain owners to specify how email receivers should handle messages that claim to be from their domain. For an overview of DMARC, please visit their official site.
DNS (Domain Name System) is a decentralized system that translates domain names (e.g., www.example.com) into IP addresses - think of it like a phone book or cell phone’s Contacts app. It enables users to access websites and other internet services using human-readable domain names instead of numerical IP addresses.
DKIM (DomainKeys Identified Mail) is an email authentication method that allows the sender to digitally sign their emails. This signature verifies that the email was not tampered with during transit and confirms the sender's identity. In regards to our services, this is your stamp of approval on emails you have us deliver for you, increasing trust between Constant Contact and receiving email programs, networks, and internet service providers.
CNAME (Canonical Name) is a type of DNS record that maps an alias (or canonical name) to the actual domain name. It is often used to redirect one domain or subdomain to another. For example, when you’re setting up CNAME authentication in your account, this establishes the paper trail for the receiving system to track your approval of us delivering your emails on your behalf.
TXT (Text) is a type of DNS record that allows domain owners to add arbitrary text information to their DNS zone. It is commonly used for various purposes, such as domain verification, SPF records, and DKIM keys. This is the best methodology if you’re using your domain across multiple Constant Contact accounts.
SPF (Sender Policy Framework) is an email authentication protocol that helps prevent email spoofing. It allows domain owners to specify which mail servers are authorized to send emails on behalf of their domain. When you add us to your SPF records, it tells receiving networks that we are sending on your behalf, and to be trusted for these email deliveries.
SenderID is an email authentication protocol that was developed by Microsoft. It is similar to SPF and helps verify the sender's identity by checking the "Purported Responsible Address" (PRA) against the authorized mail servers.
Self-Authentication refers to the process of verifying the authenticity of an entity (such as an email sender) using its own credentials or digital signatures. It ensures that the entity is who they claim to be, and that the information they provide has not been tampered with.
What are the changes to Google and Yahoo's self-authentication requirements?
Both Yahoo and Google are strengthening their email security measures, particularly in the area of authentication. Mail sent through Email Service Providers (such as us) without proper authentication after February 1st may result in higher rates of bounced messages or placement in the junk/spam folder.
There are a variety of reasons why these changes are being made but a few big ones are:
- Spam Reduction: Unauthenticated or improperly authenticated emails can contribute to the influx of spam in users' inboxes. Strengthening email authentication helps in filtering out illegitimate emails, reducing the chances of users receiving unwanted or harmful content.
- Enhanced User Trust: With the prevalence of online threats, maintaining user trust is crucial. By implementing stricter email authentication measures, Google and Yahoo seek to provide a more trustworthy and secure email experience for their users.
- Global Cybersecurity Standards: As part of the broader effort to align with global cybersecurity standards, these changes are intended to contribute to a safer and more standardized email ecosystem.
How widespread is the impact of this change?
As Google and Yahoo are two of the most popular email programs / apps, these changes will significantly impact email delivery across the net, including other Email Service Providers. In fact, over 60% of emails sent through us go to Gmail and Yahoo addresses. Some email programs, such as Outlook (and other Microsoft-based programs) have been doing this for awhile, and many larger institutions like major corporations, public school districts, and government agencies also have particularly stringent requirements and filters.
These changes apply regardless of the business, organization, or industry - if you have your own domain, self-authentication is the best practice to improve your delivery reputation.
What if I don’t self-authenticate my account, despite using my own domain for sending?
Constant Contact will rewrite your 'From' address to our own domain (@shared1.ccsend.com for paid accounts, @shared2.ccsend.com for trial accounts) which includes a DMARC record to meet authentication requirements. Please see our article on verifying addresses for further info.
With that said, sending from your own domain and using self-authentication is an industry best practice as it provides better branding and will likely result in better deliverability.
What if my From address is a free domain (i.e. Gmail, Yahoo, AOL, etc.)?
Where will auto-replies like vacation and mailbox full notifications go if my from address has been rewritten? Are my reply-to addresses also rewritten?
Regardless of your authentication setup, whether you're relying on our rewrite or you've setup self-authentication, you reply-to addresses will appear as normal.
What is email authentication, and how do I implement it?
Email authentication is a set of techniques and protocols used to verify the legitimacy of an email message and ensure that it hasn't been forged or altered. This is important for preventing spam, phishing, and other malicious activities.
There are a few different methods of self-authentication for emails, however we’d recommend following along with our main article on the topic. Due to the technical nature of authentication, it is recommended you work with either a) your organization’s IT department, b) your website host’s support, or c) your domain host directly to make sure everything is being set up correctly for your domain and your Constant Contact account.
My domain host and website host are two different entities. Who do I reach out to ?
I have multiple Constant Contact accounts utilizing my domain. Which self-authentication method do I use?
What if I have only one account, but I send from multiple domains?
I entered the required information, but I'm getting errors when trying to send/schedule my emails. Why is this happening?
If you encounter errors after entering the required information, double-check that you have followed the instructions correctly. Ensure that the DNS records are set up accurately, and allow some time for the changes to propagate.
You won't be able to send emails until your DNS records fully propagate, which can take up to 48 hours. Make sure your webmaster or IT admin (if applicable) is looped into the process before you generate your DKIM key. Sending an email after your DKIM key is generated, but before your DNS record is updated, results in an error message.
Additionally, while updating your DNS records, make sure your domain host isn't one that automatically includes your domain. If this is the case for your DNS provider, the first half of the key as provided can be added to the Host Name/Record without your domain. With these hosts, copying exactly what's provided in your Constant Contact account without removing your domain will result in errors.
After your DNS record is updated, it's best to send a test email before sending an email to your contacts. If the issue persists more than 48 hours after you’ve updated your DNS records, please reach out to one of our available support channels (phone, chat, social media DMs, or the Community) for further assistance.
Is there a more centralized area, or a webinar I can watch to get a better understanding of what these changes are, and what I need to do in my account?
Absolutely, these two spots in our Community will be excellent resources when it comes to Google and Yahoo’s authentication changes, as well as for overall email delivery.
Who should I reach out to if I have additional questions regarding my account’s self-authentication?
Our Community & Social Care team is here to help. If you need clarification on anything mentioned above, you’re still experiencing issues, or you need us to submit a callback ticket, please email us at social_support(at)constantcontact(dot)com, with your account username and any relevant info regarding your support request included.