What's happening and why should you care?

Email Providers (think: Google and Yahoo, or even your local internet provider) continuously work to ensure that they are preventing their users from unwanted emails aka spam. As spammers’ tactics and email technology change, so do the standards for what mail these providers will consider delivering to an inbox and which they will send immediately to spam. Here are the changes to expect starting in February 2024 — along with assessed risk level and clear action items from the Stitch team.

‍

Validation Requirements

DKIM and SPF Authentication (Feb 2024)

Good news: If you are currently using the Braze platform, you almost certainly have these records in place. As part of your initial implementation, the Braze team provided updates to your domain’s DNS records (your network admin knows all about this). It required an update to the CNAME record and a new TXT file to incorporate.

• ‍Action Items: Double-check with your Network Admin to ensure that the CNAME was updated as part of the Braze implementation** ( ✅ on SPF) and that the TXT records for DKIM were added to the DNS.Alternatively, you can send yourself a test email and review the headers of the message to see if the email passes SPF and DKIM.‍
• Risk Level: LOW

**The CNAME records you receive from Braze will look something like this:

‍

DMARC implemented on core domain (Feb 2024)

This is another requirement that sounds scary but really isn’t. Basically, all DMARC does is check to see if DKIM and SPF are configured, and then tell the inbox providers what to do if the mail they have received does not pass those authentications. If you are a current Braze sender, you are already sending from a sub-domain of your main root domain. For example, Big Retailer (bigretailer.com) is set up to send their marketing messages from ‘marketing.bigretailer.com’ and their transactional emails from ‘orders.bigretailer.com’.

Here's the bright side: DMARC is usually implemented at the root domain (bigretailer.com), meaning that any sub-domain automatically adopts that policy (unless explicitly specified otherwise), and the required policy is a straightforward 'p=none,' representing the least restrictive setting.

• Action Items: Your Network Admin is your go-to resource here - they can confirm that the DNS for your root domain (and/or potentially your dedicated sub-domains) has been updated with a DMARC record set to ‘p=none’ at minimum (p.s. if the ‘p’ record is set to ‘quarantine’ or ‘reject’ - that is good! You are essentially going above and beyond the new requirements).
• Risk Level: Low-ish
• Next Steps: Talk to us about getting you set up with BIMI! It’s a great way to add your logo to your messages for a little extra brand exposure. (Not sure what BIMI is? You can read more about it from Braze.)

‍

IP address(es) have valid PTR records (Feb 2024)

TL;DR: Braze handles all PTR records. When you set up your Braze instance, you were assigned at least one dedicated IP address. Braze did this on your behalf, and so they are taking care of updating any PTR records that may need to be updated. They have contacted any customers who may be affected by these changes.

• Action Items: Cross this off your to-do list. Your Braze CSM would have already reached out to you if you are impacted by this requirement and need to make changes.
• Risk Level: Low

‍

Ensure you’re sending from your authenticated domain (Feb 2024)

This tip is easy! All you need to do to meet this requirement is make sure you send from your dedicated subdomain. If your company has another domain, maybe for a huge annual convention or something of that nature, you should still send your mail from your subdomain and not from anything else.

• ‍Action Items: Probably nothing! If anyone asks you to send from a different friendly “From” address, the domain needs to be your dedicated subdomain. ‍
• Risk Level: Low

‍

Sending Requirements:

Keep SPAM rates low (Feb 2024)

Here’s something you really want to dive in on. The Email Providers we send to have always monitored the spam rates for each sending domain - this is a main component for their calculation in determining Sender Reputation (which you can monitor via the various providers like Postmaster tools, Sender Hubs, etc). What is NEW is that they have never published a rate they want senders to stay below.

The published rate is to stay below 0.3% spam rate - calculated as the number of emails delivered to that publisher divided by the number of users who click “this is spam”. BUT, if you are consistently hitting a 0.3% spam rate, you are likely already in a not-so-good situation. At Stitch, we’d like to see senders below 0.1% or even lower than that.

• Action Items: Review your spam complaint rate for your Campaigns and Canvases. No singular send is gonna throw you into spam-purgatory, but you definitely want your overall complaint rate to stay below the limit.
• Risk Level: Low (hopefully) to High (if your spam complaints already average around 0.3%)

‍

“One-Click” Unsubscribe (June 2024)

Speaking of spam rates, consider the average subscriber. When they want to stop receiving your emails, they’re not likely to spend longer than 1 second looking for an opt-out method. If they can’t find it easily, many recipients will choose the “easy button” and click “Mark as Spam” —a double whammy for senders. That recipient was already lost to you the moment they decided your messages weren’t relevant to them any longer. But now you have a reputation ding on top of a lost subscriber.

So, how do marketers “tell” the Email Providers they offer a “one-click” unsubscribe? It’s not what you do with your footer - it’s actually what you do in the header of the email that informs the Email Providers you comply with this requirement.

• Action Items: For everyone: Your footers are fine; you can leave them as they are!For those that use OOTB Braze unsubscribe functionality: Braze has announced they plan to offer OOTB functionality for this requirement that should be rolled out in early February. You will be able to leverage this functionality by enabling the List-Unsubscribe Header in your Email Settings.
  
  For those that use a custom preference center to capture unsubscribes: You have a few options to investigate. You can choose to leverage the OOTB Braze functionality to enable one-click unsubscribe in the header; OR you can work with your Stitch team to identify requirements for a custom solution that leverages the same endpoints as your custom preference center. (For more information on the specific header details the email providers need to see, look at the Google and Yahoo documentation).

• Risk Level: HIGH

‍

What one-click unsubscribe looks like on desktop:

‍

‍

What one-click unsubscribe looks like on mobile:

‍

‍

We've outlined the upcoming changes in the email realm from Google and Yahoo, and we're here to guide you through the preparations. If you've got questions or need some expert assistance, don't hit the snooze button on it – reach out to Stitch! We're all about making your email experience seamless and secure.

‍

Resources:

Google blog post announcing changes

Yahoo announcement on their changes

One-click Unsubscribe documentation

Braze blog post about changes

Braze webinar reviewing changes

Confirmation from Braze Product team on upcoming one-click unsubscribe functionality (Bonfire post - does require login)

Google resources on DMARC setup

Google resources on one-click unsubscribe

Yahoo resources on one-click unsubscribe

MAAWG working group blog post

WordtotheWise blog post

‍