There’s been a lot of activity and announcements related to email compliance/ security and integration with 3rd party applications (like Pixifi) more broadly. In light of this, we want to ensure everyone is clear on what’s happening and provide helpful guidance.
Table of Contents:
- Gmail Introduces New Requirements for bulk senders (5k messages to gmail addresses per day)
- What's happening?
- Who does it apply to?
- How does Pixifi fit in and what action is required in general?
- Why are other third-party applications (mainly CRMs) anticipating issues with sending email?
- Beginning September 30, 2024: third-party apps that use only a password to access Google Accounts and Google Sync will no longer be supported
- What's happening?
- Who does it apply to?
- How does Pixifi fit in and what action is required in general?
- Why are other third-party applications (mainly CRMs) anticipating issues with sending email?
Gmail Introduces new requirements for bulk senders (5k messages to gmail addresses per day) (Source)
What's happening?
"Starting February 2024, Gmail [and Yahoo] will require the following for senders who send 5,000 or more messages a day to Gmail accounts: Authenticate outgoing email, avoid sending unwanted or unsolicited email, and make it easy for recipients to unsubscribe."
You can view the specific requirements here: Google, Yahoo
Who does it apply to?
This is mostly relevant for businesses with very large scale email marketing activities (5k+ sent emails per day) so the typical Pixifi user should not be concerned. Furthermore, there is no action needed within Pixifi
How does Pixifi fit in and what action is required in general?
If you use Pixifi itself to send emails (translation: emails you send to your customers appear as sent by notify@pixifi.com): we are already in compliance (and have been for a long time) thanks to our partner SendGrid.
If you set up Custom SMTP in Pixifi (translation: emails you send through Pixifi appear as sent by yourname@yourstudio.com
) and would like to proactively comply, regardless of the 5k emails per day condition, here are the required actions (here is the full / detailed breakdown from Google):
- Define or add an SPF record to your domain
- Turn on DKIM for your domain
- Add a DMARC record to your domain
Here is a breakdown by scenario:
- If your email address ends in @gmail.com or @yahoo.com: Google and Yahoo themselves are already compliant with these new rules (they wrote the rules!)
- If you use Google Workspace with a custom domain (translation: yourname@yourstudio.com, provided by Google VERSUS yourstudio@gmail.com): Here is a step-by-step guide
- If you use Office 365 with a custom domain: Here are the step-by-step guides for Setting up SPF, Setting up DKIM and Setting up DMARC
- If you use a custom SMTP provider like Postmark, SendGrid, Mailgun, etc.: please consult their documentation. It is extremely likely that they had you set up SPF when you signed up.
- If you use another third-party email provider (Fastmail, Protonmail, Bluehost, Rackspace, etc.): please consult their documentation or reach out to their support in order to figure out how best to set up SPF and DKIM.
Once you are done, there is no action whatsoever required in Pixifi, as these changes do not impact the inputs for Custom SMTP Settings - screenshot'd below:
Why are other third-party applications (mainly CRMs) anticipating issues with sending email?
Some CRM providers send emails on your behalf through their email servers, but make it look as if the email came from you directly. This can easily run afoul of the new rules. Pixifi has always clearly sent emails from notify@pixifi.com or sent email through your own email provider. From the perspective of these new rules, emails sent with Pixifi through your own email provider are identical to those emails you send manually.
Beginning September 30, 2024: third-party apps that use only a password to access Google Accounts and Google Sync will no longer be supported (Source)
What's happening?
In essence, Google does not want their users entering their exact password for Gmail, etc., into other applications, as in the event these other applications have a security breach, the Google users' credentials would be compromised.
Who does it apply to?
All 3rd party applications (like Pixifi).
How does Pixifi fit in and what action is required in general?
Pixifi uses Google's 2-step authentication (2FA) and an app-specific password to connect with Google (vs asking you to enter your exact Google credentials into Pixifi), and we are not identified as a 'Less Secure Application or LSA', so there's no cause for concern.
With that said, we will be building and integrating Google OAuth in Q224 of this year, as it is a less technically cumbersome approach for everyone.
Why are other third-party applications (ie other CRMs) anticipating issues with sending email?
Other CRMs may not currently offer an acceptable way to ‘authenticate’ your Google or Yahoo account, which is most likely caused by using your exact login credentials (whereas Pixifi uses 2-factor authentication and an app-specific password). As a result, you can no longer connect the CRM with your Google or Yahoo account, thus disrupting email integration.