Oct 30, 202311:50 AM - edited Dec 11, 20234:10 PM
HubSpot Product Team
Google/Yahoo Auth Requirements - We're here for you!
Hey folks - Google and Yahoo have announced that they will be enforcing new email sender requirements come February 2024. Here is a post that outlines guidelines and best practices to help set you all up for success. Please continue using this thread to ask questions, help each other, and share concerns! You can see the announcements here - Google & Yahoo
unfortunately, I couldn't join the Admin HUG on this topic and pose my question there but you said you're following the community article and this would be the best way to reach you. So, I' hoping you can help with our dilemma.
We have a bit of a struggle with these updates internally as our IT doesn't want to add SPF for HubSpot to our top level domains (internal policy, no exceptions). However, we have a few use cases for which we need to send from our TLDs instead of a subdomain as we usually do. One would be using our marketeers' actual email addresses (firstname.lastname@company.com) as the from address by using personalization token {owner.email} to send out automated marketing emails.
Side note: The personal email addresses are also connected by the users in HubSpot, not sure if this makes a difference here.
For the TLDs, DKIM and DMARC are added but no SPF for HubSpot. As the Google and Yahoo updates states, without SPF they would be blocked or sent to SPAM.
However, when we ran a test and send out one of those emails to ourselves, we received an SPF pass for the sender IP.
We did a separate SPF check and actually, this domain/ sender IP is not authorized in regard to SPF.
We're fairly confused now as to why the email received an SPF pass by the receiving provider when it doesn't have SPF.
According to RFC standards, SPF should be verified on the 'return path domain', not the 'from domain'. If you are sending over our shared network then we have configured SPF on your 'return path domain,' and if you are sending from a dedicated IP then you have configured it yourself during the IP configration process. That said, Google/Yahoo are likely following RFC best practice and only checking for SPF on the 'return path domain' which is why you are passing SPF without configuring it on the 'from domain'.
The reason we encourage customers to configure SPF on the 'from domain' is because we know there are providers who check for it here despite that being against RFC best practice. All of this is to say that as far as Google/Yahoo are concerned you should be good to go.
Google/Yahoo Auth Requirements - We're here for you!
Hey folks! I wanted to share all the new resources available to help you understand and manage your email sending at HubSpot. Please continue using this blog post as a space to ask questions, but know that the most complete/updated information on these topics will be covered in the articles below.
Understanding email sending in Hubspot- Learn about how the various email tools in HubSpot work to better understand how your emails are sending on the backend.
Overview of email authentication- Deep dive into the different components of email authentication - DKIM, SPF, DMARC - to better understand how these systems work and why configuration is important.
Do you have any more info on the one-click unsubscribe? The default ones in husbpot shows one link for managing email preferences, another link to unsubscribe from all. Is that enought to fulfill the requirements? Thanks
Google/Yahoo Auth Requirements - We're here for you!
Hello! You can be 100% compliant with the new Google/Yahoo requirements without SPF alignment. As far as I know, this has not been called out as a requirement by either compay. The dedicated IP offering will be your best option for SPF alignment with Hubspot.
Google/Yahoo Auth Requirements - We're here for you!
Hey
I was just looking at the Google requirements.
Do we need to manually do anything in HubSpot in regard to this or is it inside the email code and handled by HubSpot itself:
ARC headers indicate that the message was forwarded and identify you as the forwarder. Mailing list senders should also add a 'List-ID:' header, which specifies the mailing list, to outgoing messages.
Google/Yahoo Auth Requirements - We're here for you!
Aside from authenticating any emails with SPF, DKIM, and DMARC, and enable easy unsubscription for new email contacts. What about the current contact lists we have? Do we need to request contacts to re-subscribe? Or does another email need to go out to subscribers?