eCommerce retailers at risk due to new email security rules
Recent research suggests that a quarter of eCommerce retailers might suffer a fall in email deliverability due to failing to adhere to Yahoo and Google's newly implemented email authentication measures in February 2024. The study, conducted by EasyDMARC, evaluated the top 1,000 global eCommerce retailers and discovered that only 75.4% have a Domain-based Message Authentication, Reporting, and Conformance (DMARC) policy in place. This protocol is vital for ensuring safe email delivery, mitigating cyber threats, and promoting revenue growth.
In February 2024, both Yahoo Mail and Google Gmail confirmed that they would require bulk senders to apply measures, such as the DMARC standard, to maintain email deliverability. Consequently, phishing and spoofing attempts are likely to be thwarted as emails attempting to misuse sender domains will be either discarded or redirected to spam folders. If eCommerce retailers fail to comply with these refreshed standards, their email delivery may experience a negative impact. This shift could potentially harm customer engagement and sales, given the significant role of email in their marketing and communication strategies.
Email marketing still ranks among the most successful sales tactics for retail companies, with four billion daily email users and an ROI of up to $42 for every dollar spent. Considering the newly enforced guidelines, EasyDMARC analysed the DMARC policies of the leading 1,000 global online stores to gauge how well retailers have protected their critical revenue drivers. Their findings revealed that merely 75% have adhered to this essential security protocol.
The onus is now on eCommerce platforms to appreciate the vital association between cybersecurity compliance, brand reputation and their bottom line. This is because poor email deliverability tends to negatively affect more than just awareness. It could erode customer trust in the platforms, which may result in direct loss of sales. Yahoo has suggested that the full impact of the updated measures may not have been registered yet due to the gradual enforcement timeline across the first half of 2024. This gives businesses a short window to adjust and fully adopt DMARC standards before experiencing the full brunt of reduced deliverability.
Commenting on the study, Gerasim Hovannisyan, EasyDMARC's CEO, stated, "Many people view DMARC and email authentication measures through the lens of security, seeing them primarily as tools to guard against malicious actors. However, while it is an effective way of fending off phishing and spoofing, the stakes extend far beyond security alone for retailers." Hovannisyan went on to emphasise the need for adopting these measures is crucial to maintaining competitiveness, safeguarding revenue and preserving essential customer connections, saying, "It's not just about protection; it's about ensuring uninterrupted engagement and preserving the trust that fuels relationships and revenue."
EasyDMARC's research offers further insight: 75% of retailers have DMARC and are unaffected by the changes in Google and Yahoo's email authentication policies. Of those who did have DMARC, 39% do not have an active policy, while 25% have a policy of quarantining failed checks. Thus, instead of the email reaching the recipient's inbox, it is placed in a separate area, such as a spam folder. This policy provides an additional protective layer while limiting the risk of false positives. Additionally, 35% exhibit the most robust form of DMARC protection which rejects emails not passing verification and blocks unauthorised emails from reaching recipients.