Changes to email security, and what that means for your contact forms

by | May 16, 2024 | News, Websites

Email Security and Website Contact Forms

Have you noticed that emails from your website’s contact form have suddenly stopped appearing in your inbox? You’re not alone. Earlier this year, major email providers like Google and Yahoo implemented changes aimed at tightening email security. While these changes help combat email fraud, they also mean that emails sent from your website’s contact form might not be reaching you.

The Issue with Contact Form Emails

When someone fills out a contact form on your website, the form typically sends an email to you. These emails are often sent from a generic email address (like [email protected]) or even from the visitor’s email address, but they are actually being sent from your web server. This discrepancy can cause email providers to flag these emails as suspicious.

The Impact of Google and Yahoo’s Changes

Google and Yahoo have rolled out updates that enforce stricter checks on emails. These checks include verifying that the email is coming from an authorised server and that it has not been tampered with. If your contact form emails fail these checks, they may be rejected or sent to the spam folder. This is where DMARC, SPF, and DKIM come into play, helping you ensure your emails are authenticated and delivered successfully.

Boost Your Email Deliverability with DMARC: A Guide for Small Businesses

At Harper Digital, we understand that managing email security can seem daunting, especially for small business owners who may not have a technical background. However, protecting your domain from email spoofing and phishing scams is crucial for maintaining trust with your customers and ensuring your emails reach their inboxes. This is where DMARC comes in.

DMARC, which stands for Domain-based Message Authentication, Reporting, and Conformance, is a system designed to authenticate your emails and protect your domain from cybercrimes. By implementing DMARC, you can significantly improve your email deliverability and ensure that your messages land where they should—in your recipients’ inboxes, not their spam folders.

Why DMARC Matters

DMARC builds on two existing email authentication mechanisms: SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). Here’s a quick rundown of these technologies:

  • SPF: This allows email servers to verify that emails sent from your domain are coming from IP addresses you’ve authorised.
  • DKIM: This adds a digital signature to your emails, allowing the receiving server to check that the email was indeed authorised by your domain.

With DMARC, you add an extra layer of security that instructs email servers on how to handle emails that fail SPF and DKIM checks.

Setting Up DMARC: Step-by-Step

  1. Understand SPF and DKIM Before you can set up DMARC, make sure you have SPF and DKIM records in place. These records are essential for verifying and authenticating your emails.
  2. Set Up a DMARC Policy DMARC policies are published in your DNS as TXT records. These policies tell receiving mail servers what to do with emails that fail SPF and DKIM checks. You have three options:
    • None: Do nothing (used for monitoring purposes).
    • Quarantine: Treat the messages as suspicious.
    • Reject: Outright reject the messages.
  3. Start with a Monitoring Policy When first implementing DMARC, it’s best to start with a p=none policy. This policy will allow you to monitor how your emails are being handled without affecting their delivery. Essentially, it tells receiving servers to report back on emails from your domain, providing valuable insights without risking any disruptions.
  4. Analyse Reports and Adjust Your Policy You will receive aggregate reports from receiving mail servers, showing you which emails are passing or failing SPF and DKIM checks. Use these reports to identify legitimate sending sources and adjust your policies accordingly. This step is crucial for ensuring that only authorised emails are sent on behalf of your domain.
  5. Move to a Quarantine or Reject Policy Once you’re confident that legitimate emails are passing SPF and DKIM checks, you can adjust your DMARC policy to p=quarantine or p=reject. This step helps prevent spoofed or fraudulent emails from being delivered, thereby improving your email deliverability. ISPs and receiving mail servers are more likely to trust emails from domains with a stricter DMARC policy.
  6. Keep Monitoring and Updating Email sending practices and relationships can change, so it’s important to regularly review DMARC reports and update your SPF, DKIM, and DMARC records as needed. Ongoing monitoring ensures that your email authentication remains effective and that your emails continue to be delivered to their intended recipients.

Why SaaS Providers Ask You to Update SPF Records

If you’re using various SaaS providers for services like marketing emails or transactional notifications, you might be asked to add their details to your SPF record. Here’s why:

  • Email Authentication and Deliverability: By adding the SaaS provider to your SPF record, you’re authorising their servers to send emails on your behalf. This helps ensure that your emails pass SPF checks and don’t get marked as spam.
  • Protecting Your Email Reputation: A good email reputation is key to ensuring your emails reach your recipients. Adding SaaS providers to your SPF record helps maintain this reputation by reducing the chances of your emails being flagged as spam.
  • Preventing Email Spoofing: By authorising legitimate email senders, you help prevent malicious actors from spoofing your domain. This protects your brand and your customers from phishing scams.

Can You Have Multiple DKIM Records?

Yes, you can have multiple DKIM records for a single domain. This is especially useful if you use multiple email service providers or third-party services to send emails on your behalf. Each provider can have its own DKIM signature, allowing you to manage and authenticate your emails more effectively.

Final Thoughts

Implementing DMARC might seem technical, but it’s an essential step in protecting your domain from cyber threats and ensuring your emails reach their recipients. By following these steps, small businesses can significantly reduce the risk of email fraud, increase the trustworthiness of their emails, and improve their overall email deliverability.

At Harper Digital, we’re here to help you navigate the complexities of email security. While we don’t manage these settings directly (we’re not IT experts!) We have a number of trusted partners who know what they are doing, and who would be happy to help. Together, we can ensure your emails are safe, secure, and always delivered.

Like it? Share.

Claim your free digital strategy session:

Want to know how to get the most out of your web presence? Book a free 30 minute strategy session and digital audit with one of our experts.