Who has an email account Gmail o Yahoo it is clear how the inbox can be full of unsolicited messages, if not explicit attempts at fraud. And in all likelihood, users of these services have wondered many times whether their provider could do something to at least reduce the amount of junk mail, and with it the risk of scams. Google and Yahoo are doing something about this to change the situation; The bad news is that companies that communicate via email with Google and Yahoo users will have to take action, and quickly. So, the cybersecurity revolution that concerns us is coming email authentication.
Gmail will require email authentication
Google announced that starting in February 2024, Gmail will require email authentication to send messages to your accounts. For mass senders sending more than 5,000 emails per day to Gmail accounts, additional authentication requirements will need to be met. You will also need to adopt a DMARC policy, ensure SPF and DKIM alignment, and make it easy for recipients to unsubscribe, with one click.
Yahoo will also require email authentication
Yahoo is introducing similar requirements and recently announced that it will require strong email authentication by early 2024 to help stem the flow of malicious messages and reduce the amount of low-value messages filling users’ inboxes.
The floor goes to Matt Cooke, Cybersecurity Strategist at Proofpoint
What will be the impact of this decision on the authentication landscape and, more generally, the security of electronic communications? This is the point of view of Matt Cooke, Cybersecurity Strategist di Proofpoint.
“The new email security requirements announced by Google and Yahoo are just the beginning. Starting in February, it will no longer be possible to guarantee the arrival of emails if the companies involved do not take their authentication seriously. To date, very few have asked the people and businesses they communicate with to authenticate their emails. Now, this will become (and must become) a shared practice.
Email authentication offers IT teams a way to add value and strengthen business partnerships. In essence, companies can tell each other: “If you see an email that appears to be from us and it doesn’t pass the authentication process, trash it – we will only communicate with you that way.”
The importance of password request
The statement continues Matt Cooke, Cybersecurity Strategist di Proofpoint.
“We’ve become accustomed to banks saying they never ask for passwords, following the number of scams where people have handed theirs over over the phone. Imposter fraud is a significant problem for businesses, where scammers pretend to be someone else (possibly after finding the business details on Linkedin), tricking people into paying an invoice or sending money on a wrong account.
Email authentication represents a way for companies to solve this problem, effectively clarifying the official communication channel. Anything that does not follow this process, or does not pass the necessary checks, may be eliminated, because in all likelihood it is an attempted scam by someone trying to impersonate another reality.”
As mentioned, the announcement by Google and Yahoo is just the beginning of a process on which all companies should converge. You need to authenticate your emails, to prove you are who you say you are. If all organizations do this, we can see huge benefits in making emails more trustworthy and eliminating scammers from our inboxes.”