Have you ever gotten an email that looks like it is coming from a particular company, but it really wasn’t? Perhaps even from your own domain? This is called spoofing and it can happen when you don’t have email authentication protocols in place.

So, Gmail and Yahoo, two of the largest email service providers, have announced significant changes coming into effect in February 2024. These changes will dramatically impact how emails are sent and received, particularly for those using branded email addresses. Let’s dive into what these changes entail and how you can ensure your emails remain deliverable.

In some ways, this announcement is kind of like the end of Google Analytics 3 and the requirement to move to Google Analytics 4. While the February date for enforcing DMARC and DKIM authentication is fixed, the reality is that Google has been checking for these records for some time, and without these protocols, some of your emails may have already been being rejected. Without these record, if you are sending emails to anyone with a Gmail or yahoo email address, your message will not get delivered.

Understanding the Changes

Starting February 2024, Gmail and Yahoo will no longer accept messages from senders lacking a DMARC policy on their domain. This move is aimed at combating email spoofing and ensuring that emails originate from legitimate sources. In addition to DMARC (Domain-based Message Authentication, Reporting, and Conformance), Gmail and Yahoo will also require proper SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) authentication. The implication is clear: without these authentications, your emails to Gmail and Yahoo addresses risk being undelivered.

Why is this Important?

Email authentication is not just a technicality but a cornerstone of modern digital communication. It’s essential for protecting your brand’s reputation and ensuring your messages reach your audience. The lack of proper authentication can lead to emails being marked as spam or, worse, not being delivered at all. This can have a significant impact on marketing campaigns, business communications, and overall digital presence.

Who is Affected?

While bulk senders, those dispatching over 5,000 messages a day, are expressly required to have a DMARC record, this policy change affects all email senders. Regardless of your email volume, setting up DMARC for your domain is now a critical step in ensuring uninterrupted email communication. If you are sending emails from your Shopify store or WooCommerce website, and do not have these records in place, your customers will not received email notifications about their orders. Shopify will actually rewrite your emails to come from store@shopifyemail.com, which is not the branding you want.

What happens if I do nothing and fail to comply?

If DMARC (Domain-based Message Authentication, Reporting, and Conformance) and DKIM (DomainKeys Identified Mail) authentication are not set up for emails sent from WordPress/WooCommerce, several issues can arise:

  1. Email Delivery Failures: Without DMARC and DKIM, emails sent from your WordPress/WooCommerce site may not be delivered to the recipient’s inbox. This is particularly relevant with email providers like Gmail and Yahoo, which are increasingly strict about these authentication protocols.
  2. Emails Marked as Spam: Emails lacking proper authentication are more likely to be flagged as spam by email service providers. This means that even if your emails are delivered, they may end up in the recipient’s spam or junk folder, reducing the likelihood of being read.
  3. Decreased Email Reputation: Sending emails without DMARC and DKIM can harm your domain’s email reputation over time. A poor reputation can lead to broader delivery issues across various email platforms, not just Gmail and Yahoo.
  4. Vulnerability to Email Spoofing: Without DKIM, your emails are more vulnerable to being spoofed. Spoofing can lead to phishing attacks where attackers send emails that appear to come from your domain, potentially harming your brand’s credibility and trust with customers.
  5. Challenges in Email Tracking and Reporting: DMARC not only authenticates emails but also provides reports on email delivery. Without DMARC, you lose valuable insights into how your emails are performing and how recipients’ servers are handling them.
  6. Impact on Customer Communications: For eCommerce platforms like WooCommerce, email is a key communication channel for order confirmations, shipping updates, and customer engagement. Authentication issues can disrupt this communication, affecting customer experience and potentially sales.

Therefore, it’s essential to set up DMARC and DKIM for your WordPress/WooCommerce emails to ensure reliable delivery, maintain your domain’s reputation, and protect against security threats.

Step-by-Step Guide to Compliance

  1. Check Your Domain’s Status: Use a free domain checker to verify if your domain is DMARC compliant. This is your starting point.
  2. Create a DMARC Record: If you don’t have a DMARC record, use a DMARC Record Wizard. It’s a simple tool that guides you through creating this essential record.
  3. Enable DMARC Monitoring: Set a monitor-mode policy of p=none in your DNS. This doesn’t affect email delivery but allows you to monitor DMARC reports and see who is sending emails on behalf of your domain.
  4. Ensure DMARC Alignment: Your messages must pass DMARC alignment either through DKIM or SPF. This means your emails are authenticated and aligned with the domain they claim to come from.

Remember, these steps are general guidelines. The specifics might vary based on your email service provider, so it’s always prudent to consult them for detailed instructions.

WebStoresLtd.com: Your Ally in Email Authentication

Navigating these changes can be daunting, especially if you’re not well-versed in DNS management and email authentication protocols. That’s where WebStoresLtd.com comes in. Our team of experts is equipped to help you set up these authentication records, ensuring your emails continue to reach your audience without any hitches.


The new email authentication requirements set by Gmail and Yahoo mark a significant shift in email communication standards. By implementing DMARC, SPF, and DKIM, you not only comply with these new regulations but also enhance the security and reliability of your email communications. It’s a step forward in maintaining the integrity of your digital presence and ensuring your messages always find their way to the intended inboxes.