One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8394335 |
| Date de publication | 2023-10-11 17:00:26 (vue: 2023-10-11 15:07:24) |
| Titre | Google et Yahoo ont défini un court terme pour répondre aux nouvelles exigences d'authentification par e-mail.Es-tu prêt? Google and Yahoo Set a Short Timeline to Meet New Email Authentication Requirements. Are You Ready? |
| Texte | If you have a Gmail or Yahoo account, you probably know how cluttered your inbox can get with unsolicited email and other email that is clearly trying to defraud you. If you have ever thought to yourself “why can\'t these companies do a better job blocking these fraudulent messages and make it easier for me to receive less unsolicited mail?”, you are not alone. The good news is: Google and Yahoo are doing something about it, and things are about to change. The bad news is: If your company sends email to Google and Yahoo users, you may have some work to do and not a lot of time to do it. Google has announced that starting February 2024, Gmail will require email authentication to be in place when sending messages to Gmail accounts. If you\'re a bulk sender who sends more than 5,000 emails per day to Gmail accounts, you\'ll have even more requirements to meet. You\'ll also need to have a DMARC policy in place, ensure SPF or DKIM alignment, and you\'ll need to make it easy for recipients to unsubscribe (one-click unsubscribe). (You can access Google\'s detailed Email Sender Guidelines here.) Yahoo is rolling out similar requirements. The company recently announced that it will require strong email authentication to be in place by early 2024 to help stem the flow of malicious messages and reduce the amount of low value emails cluttering users\' inboxes. Are you prepared to meet these requirements? Here\'s what you should know. New Google and Yahoo email requirements The new requirements are broken down into two categories. All senders will need to follow the first set. Depending on how much email you send per day, there are also additional rules. Applicable to all senders: Email authentication. This is a critical measure to help prevent threat actors from sending email under the pretense of being from your organization. This tactic is referred to as domain spoofing and, if left unprotected, allows cyber criminals to weaponize sending domains for malicious cyber attacks. SPF is an email authentication protocol designed to prevent email spoofing, a common technique used in phishing attacks and email spam. As an integral part of email cybersecurity, SPF enables the receiving mail server to check whether incoming email comes from an IP address authorized by that domain\'s administrator. DKIM is a protocol that allows an organization to take responsibility for transmitting a message by signing it in a way that mailbox providers can verify. DKIM record verification is made possible through cryptographic authentication. Low SPAM rates. If recipients report your messages as SPAM at a rate that exceeds the new .3% requirement, your messages could be blocked or sent directly to a SPAM Folder. Requirements for senders of more than 5,000 messages per day: SPF and DKIM must be in place. Companies that send to Gmail or Yahoo must have Sender Policy Framework (SPF) or DomainKeys Identified Mail (DKIM) authentication methods implemented. Companies must have a DMARC policy in place. DMARC, which stands for Domain-based Message Authentication, Reporting and Conformance, is an email authentication standard that provides domain-level protection of the email channel. DMARC authentication detects and prevents email spoofing techniques used in phishing, business email compromise (BEC) and other email-based attacks. DMARC builds on the existing standards of Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). It is the first and only widely deployed technology that can make the header “from” domain trustworthy. The domain owner can publish a DMARC record in the Domain Name System (DNS) and create a policy to tell receivers what to do with emails that fail authentication Messages must pass DMARC alignment. This means that the sending Envelope From domain is the same as the Header From domain, or that the DKIM domain is the same as the Header From domain. Messages must include one-click unsubscribe. For s |
| Envoyé | Oui |
| Condensat | 000 100 2024 5322 about accelerated access account accounts achieving actions actors additional address adheres administrator aligned alignment all allows alone also amount announced applicable applications are attacks authentication authorized bad based bec behalf being better blocked blocking body brand broken builds bulk business but can categories change changes channel check clearly click close closest cluttered cluttering combined comes common communicate companies company competitors compromise conformance consultants contact contain could create creation criminals critical cryptographic current customers cyber daily day day: days day deadline defense defense defraud deliverability deliveries depending deployed designed destination detailed detects determine directly dkim dmarc dns doing domain domainkeys domains domains domain don down each early easier easy efd effectively efficiently either email emails email cybersecurity enables ensure envelope even ever exceeds existing experience experienced fail february first five flow folder follow format fortune forward forwarding framework fraud fraudulent from from: gap gaps get glance gmail going good google greater guide guidelines happens has have header headers help helping help here highly hosted how how proofpoint identified impact impersonation implement implementation implemented inbox inboxes include includes incoming industry initiated integral in phishing attacks in postmaster is: job journey know leader learn left less let level link list lot low made mail mailbox make malicious management may means measure meet message messages messages methods minimize miss more much must name need new news next non not one ones only organization other our dmarc out over overall own owner part partners party pass path per phishing place policy possible prepared pretense prevent prevents prevent email probably proofpoint protect protection protocol provide providers provides publish quarantine rate rates reaching ready receive receivers receiving recently recipients record records reduce referred relay relies rely report reported reporting reputation requesting require required requirement requirements requirements resources responsibility reverse rfc rolling rules same secure send sender senders senders: sending sends sent server services set setting short should signed significantly signing similar simplify single solution some something spam spf spoofing standard standards standard stands starting status statuses stem step streamline strong subscribed system tackled tactic take taken technique techniques technology tell than then these things third thought threat through time timeline tools tools below transactional transmitting trustworthy trying two under unprotected unsolicited unsubscribe used user users valid value verification verify visible visit way weaponize what when whether which who widely will within wizard today work would yahoo you your yourself “from” “why |
| Tags | Spam Threat |
| Stories | Yahoo |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.