Skip to main content
All CollectionsHelp ArticlesDonor ManagementEmail Communications
How do I authenticate my e-mail to comply with Anti-Spam requirements?
How do I authenticate my e-mail to comply with Anti-Spam requirements?
Updated over 2 months ago

E-mail marketing is one of the most effective tools a nonprofit organization can utilize to stay connected with donors, boost fundraising appeals, and send important updates to those supporting their mission.

However, e-mail marketing faces big changes in 2024 that may impact you and your organization. We have created a handy resource to help explain these changes and what they might mean for you.

1) What changes are Google and Yahoo making to sending bulk e-mail messages?

Google and Yahoo have announced that they require e-mail senders to implement specific e-mail authentication methods.

Nonprofits who send more than 5,000 messages per day to Gmail or Yahoo accounts must meet the following requirements:

  • SPF and DKIM e-mail authentication must be set up for your domain

  • sending domains (or IP addresses) must have valid forward and reverse DNS records

2) What is e-mail authentication?

E-mail authentication ensures an e-mail being sent is legitimate and is not an attempt to send spam, phishing attempts, or other malicious communications.

3) Why are Google and Yahoo making these changes mandatory?

These requirements are designed to help prevent your messages from going to your contact’s spam folders and prevent any attempts to impersonate your organization by "bad actors." They are meant to help ensure verified, authentic e-mails are successfully delivered to your recipients’ inboxes – and invalid, junk e-mails have a more difficult time hitting inboxes.

While these changes are now required, these authentication tools have always been considered a part of “best practices” for bulk e-mail deliverability. They also help Google and Yahoo move towards a safer, more standardized global e-mail ecosystem - acting as part of a greater initiative ensuring these companies align with global cybersecurity standards moving forward.

Additionally, while these changes are now a requirement through Google and Yahoo, other ISPs (internet service providers) and e-mail clients are also beginning to enact stronger authentication requirements. These changes will likely become requirements for other e-mail clients in the future.

Learn more about these new guidelines here (Google) or here (Yahoo).

4) What does this mean for my organization?

If you send one e-mail to over 5,000 Gmail or Yahoo email recipients, you will now be subject to these new requirements moving forward – even if you do not send e-mails of that volume frequently, or ever again.

If this is the case for your organization, and you do not comply with these requirements, your e-mails are more likely to be quarantined or flagged as "Junk" or "Spam" by e-mail clients, meaning they may not reach their intended recipients.

5) What steps can I take to implement these changes for my future e-mail blasts?

To comply with these new changes, confirm that your SPF, DKIM, and DMARC records are set up for your sending domain. (If you are unfamiliar with these terms, scroll down for more information!)

Network for Good is working to release additional tools to help confirm that your organization remains compliant with these guidelines; however, your organization is (and will remain) responsible for ensuring these records are set up correctly within your organization’s domain.

We have created a quick reference chart to help explain what steps you and your organization may need to take below.

Questions to ask yourself:

How many e-mails are you sending?

Are you using the default noreply@networkforgood.com e-mail as the “from” email address in email messaging?

Are you using an e-mail with a custom domain (such as director@myorganization.org) as the “from” email address in e-mail messaging?

less than 5,000 e-mails per day*

At this time, you are not required to make any changes - but, we highly recommend you obtain a custom domain and authenticate that domain with both DKIM and SPF records.

Confirm you have authenticated your domain with DKIM verification.

more than 5,000 e-mails per day*

Obtain a custom domain and authenticate that domain with both DKIM and SPF records.

Confirm you have authenticated your domain with DKIM, SPF, and DMARC records.

*Note: One e-mail blast to 5,000 recipients still counts as 5,000 e-mails, since it is being sent out to 5,000 individual e-mail addresses!

We also recommend signing up for Postmaster Tools, a free service through Gmail. Postmaster Tools reports on "Spam" rates associated with the e-mail you use to send communications. Because Gmail does not inform us when an e-mail recipient reports a message as "Spam", Postmaster Tools provides that reporting so you can stay on top of any potential risks – such as keeping your "Spam" rate below (ideally) 0.3%.

6) What happens if we do not implement these authentication tools?

Messages sent without proper authentication may have increased “bounce” rates or messages being sent to Junk or Spam folders more frequently.

7) What is SPF e-mail authentication and how do I set it up for my organization?

SPF (or “Sender Policy Framework”) is an e-mail authentication tool that helps prevent scammers from sending unauthorized messages that appear to come from your organization’s domain.

Tip: Visit your domain host's website for more detailed information about the SPF setup process.

8) What is DMARC e-mail authentication and how do I set it up for my organization?

DMARC (or “Domain-based Message Authentication, Reporting & Conformance”) is an e-mail authentication tool that helps e-mail clients understand what to do with messages sent from your domain that do not pass SPF or SKIM authentication.

DMARC is particularly helpful in helping you identify senders who may be maliciously impersonating your domain and helps e-mail providers understand whether an e-mail that fails those authentication methods should be delivered to a spam folder, or ultimately rejected.

Tip: Visit your domain host's website for more detailed information about the SPF setup process.

9) What is DKIM e-mail authentication?

DKIM (or “DomainKeys Identified Mail”) is an e-mail authentication tool that allows e-mail clients to verify that the domain owner listed on the e-mail is the person (or organization) who owns that domain.

Questions about setting up DKIM for your domain? Click here.

10) What is a DNS record?

DNS (or “Domain Name System”) records are designed to help a domain (or subdomain) point to an IP address. For example, a small business may use a DNS record to have the URL 'examplestore.smallbusiness.com' direct site visitors to an online store, like Amazon or eBay.

11) How will this affect my e-mail recipients?

Aside from adding security to sent messages and increasing confidence that any e-mails sent from your organization are legitimate, there should not be much impact on your contacts.

Despite the minimal anticipated impact, you may want to let your contacts know if your “from” e-mail address will be updated.

12) Is this only impacting Network for Good or Bonterra customers? Does this only impact nonprofits?

No, this change impacts all bulk mail senders from organizations that send e-mails to 5,000 or more Google or Yahoo recipients.

13) Does this only affect customers in the United States? Does it only affect my contacts in the United States?

These changes affect all mail senders, no matter where the e-mail was created or is being received.

14) What else should we know about these changes?

  • these new requirements apply to e-mails sent to 5,000 or more Gmail or Yahoo e-mail addresses ​​

  • if you send one e-mail to over 5,000 Gmail or Yahoo e-mail recipients, you are subject to these new requirements – even if you do not send e-mails of that volume frequently (or ever again)​

  • Google and Yahoo have announced additional requirements concerning sending bulk e-mails; while most of these are already built into 'Donor Management' and the 'Email Blasts' feature, you may want to familiarize yourself with those additional requirements here

15) Where can I learn more about these updates?

Here are some great resources you can check out for relevant updates:

Did this answer your question?