Control unauthenticated mail from your domain
To help fight spam and abuse, Gmail uses email authentication to verify if a message was actually sent from the address it appears to be sent from. As part of the DMARC initiative, Google allows domain owners to help define how we handle unauthenticated messages that falsely claim to be from your domain.
What you can doDomain owners can publish a policy telling Gmail and other participating email providers how to handle messages that are sent from your domain but aren’t authenticated. By defining a policy, you can help combat phishing to protect users and your reputation.
On the DMARC website, learn how to publish your policy, or see the instructions for Google Apps domains.
Here are some things to keep in mind:
- You'll receive a daily report from each participating email provider so you can see how often your emails are authenticated and how often invalid emails are identified.
- You might want to adjust your policy as you learn from the data in these reports. For example, you might adjust your actionable policies from “monitor” to “quarantine” to “reject” as you become more confident that your own messages will all be authenticated.
- Your policy can be strict or relaxed. For example, eBay and PayPal publish a policy requiring all of their mail to be authenticated in order to appear in someone's inbox. In accordance with their policy, Google rejects all messages from eBay or PayPal that aren’t authenticated.
More about DMARCDMARC.org was formed to allow email senders to influence unauthenticated mail by publishing their preferences in a discoverable and flexible policy. It also enables participating email providers to provide reports so that senders can improve and monitor their authentication infrastructure.
Google is participating in DMARC along with other email domains like AOL, Comcast, Hotmail, and Yahoo! Mail. In addition, senders like Bank of America, Facebook, Fidelity, LinkedIn, and Paypal have already published policies for Google and other receivers to follow.
For more information, please refer to this post in the Official Gmail Blog.