On February 9th Google updated an old post detailing email authentication adoption from 2013 (90% of all emails authenticated at the time) to show freshly updated 2016 numbers. This updated data reveals that 97% of all emails received by their services are being authenticated with at least one form of authentication.
Traditionally not authenticating your emails didn’t really hurt your email deliverability, it definitely did not help, but it didn’t really hurt you either. However based on a review of these numbers, add to this that other major commercial email providers are seeing the same type of adoption, it’s likely that we will see a shift in the requirements to getting mail delivered to these vendors. Authenticate your email or expect to go to the junk folder, or even be blocked from delivering.
Adding these authentication numbers with Gmail’s recent changes to visually show email recipients if messages were transmitted over unencrypted channels with an open red lock icon, described here by Laura at Word to the Wise.
DMARC:
As a final thought to prove that authentication works and that ISPs are focusing more or the accuracy and presence of these types of records, Gmail has announced further support of DMARC’s p=reject policies for their domains in 2016. Mail.ru also announced upcoming DMARC p=reject changes on the DMARC discussion lists, starting with my.ru on March 1, and moving to their other domains including; mail.ua, bk.ru, inbox.ru, list.ru and finally mail.ru.
“Google is committed to email authentication. In June of 2016, we will be taking a big step by moving gmail.com to DMARC policy p=reject.” said John Rae-Grant, Lead Product Manager for Gmail. “We are pleased to be supporting the ARC protocol to help mailing list operators adapt to the need for strong authentication.”
Remember when Yahoo and AOL first rolled out p=reject policies several ESPs and their clients email delivery where impacted by the policy updates. Impact from these upcoming policy changes can still be mitigated before the policies are put in place. If you are using these domains to send email consider registering new domains, or using your corporate email domains to properly authenticate your emails.