The Current State of Email Policy Changes
Google and Yahoo have indicated that beginning April 1, 2024 they will begin to actively enforce the new policy changes. Our teams have worked hard to ensure that we are within the expected boundaries of the policies, and we will continue to monitor.
Beginning February 1, 2024 Google will update their requirements for mass senders to ensure that all emails sent are both DKIM signed and the sender is allowed by SPF (check out the Reference Terms to learn more). Due to these changes, and previous issues experienced with email spam services, we are in the end stages of evaluating and updating our outbound email policies.
Understanding the Reasons for Change
Google is one of the largest email providers, and once their requirements change, all other email service providers will follow in quick succession; Yahoo has already indicated their intentions to match the updated policies put forth by Google. These new requirements impact all credit unions, as well as our cooperative as a whole.
If we all as a cooperative (CU*Answers and each credit union individually) do not reasonably comply with the new requirements, which indicate that less than .3% of our mailings are allowed to be sent to spam to avoid being blocked as a spammer, email sent from CU*BASE and CU*Answers/Xtend services will be blocked as spam. This information is then reported back to all spam list providers, such as Spamhaus and others, and we are again blocked from sending emails. This could take months to resolve, during which time we are not able to send emails to members.
This can be a complex field of information, but understand that if we do not change the way that we are handling outbound emails, we all risk more delays and potential shutdown of member alerts, notices, eStatements, and more. We must update our systems, and potentially your credit union’s system, to adapt to changes in technology and requirements. Member communication via email is critical, so we must use every tool in our arsenal in order to provide these services to our members.
Our Response to the Policy Changes
Changes to Configuring Credit Union FROM: Email Addresses – Active with 23.12 release
Beginning in December when your credit union receives the 23.12 CU*BASE release, Tool #233 Configure CU FROM Email Addresses will be deactivated, and all credit union email address changes will be completed as a back office configuration.
Changes to email addresses can be requested using the Store
In order to use your custom domain, our team must validate that the email meets the DNS requirements set forth by current regulatory and email provider standards.
Your Email Domain Must Include
- Proper and Valid SPF Record
- To verify you have a proper SPF record, please review this AnswerBook article. Specifically your SPF record must be valid, and have the directive: “include:spf.cuanswers.com” or equivalent. Need help? Network Services can validate or set up your DNS records.
- DKIM Records
- If you do not have a DKIM Key record for “cubasemail” in your DNS table, you can purchase a key on the CU*Answers store. We will work with you to implement your DKIM key.
- If Requirements Are Met
- Once your “From:” email address has been validated, Network Services will approve your request and a Client Services Representative will be in contact to confirm the change in email address.
- If Requirements Are NOT Met
- If your “From:” email address does not meet the required standards, a member of our Network Services team will be in contact to discuss options to bring your email up to standard before your request can proceed. Additional charges may apply.
Changes to Email Domains for Credit Unions Temporarily Moved to Member Reach – Completed December 18, 2023
As a reminder, during our response to the Spamahus incident, we placed credit unions into the Member Reach service as a temporary stopgap to quickly regain the ability to deliver mass email for all credit unions – this was not a permanent solution. Credit unions who were temporarily utilizing the Member Reach domain, but are not Member Reach clients, will be moved to the new @creditunion-notifications.com before the end of December. Your credit union name will be the sender, such as myfavoritecreditunion@creditunion-notifications.com.
Following this change, if you wish to subscribe to Member Reach services, contact Xtend. If you wish to update your email domain, follow the steps outlined in the Store.
This change was completed Monday, December 18. You can read more in the Client News post.
Transparency on the Resulting Volume of Bounce Backs Due to the Recent Migration – Resolved
We’re seeing a higher than usual number of mail bounce backs and alerts from the changes made in CU*BASE to migrate people away from sending as memberreach.com to creditunion-notifications.com. We expect these to clear up over time. Many of the messages are due to rate limiting on the email recipient side and should process through over time. As we move forward, this will become less of a problem as recipient systems learn to expect this volume of email from the new domain.
Changes to Email Domains for Credit Union Email Addresses That Are Noncompliant – Completed
We have moved credit union custom domains that do not meet compliance standards to the @creditunion-notifications.com email domain. Any noncompliant credit unions using custom domains have since been configured with appropriate DKIM records. Remember that if your credit unions wishes to use a custom domain, you can start that process by visiting the Store.
One-Click Unsubscribe Considerations – Completed
The goal remains to make any transitions or updates as simple as possible for everyone, while still performing the utmost due diligence in complying with the updated policies, and any subsequent policy changes. We have developed a new methodology to comply with the change to the requirements for “one click unsubscribe”, and as a result members will see a new option to unsubscribe from emails. These unsubscribe requests are then referenced by CU*BASE when the following email of that same type is sent. Knowledge Base items and further documentation on this process will be coming soon.
Implementation of GoAnywhere Changes – Completed January 28
On Sunday, January 28, we will perform GoAnywhere maintenance (this link will open a protected network-only alert); this maintenance is routine, but will include changes that will impact our email processes. Related changes are also included in the annual file maintenance (this link will open a protected network-only alert) on Sunday. With this framework deployed, our teams will then activate changes throughout the week. Additional deployments or maintenance windows may occur as needed.
Credit union staff and members will not have to take any action, but we advise that you stay aware of these changes and any potential impacts to member emails.
Note that in accordance with the new requirements, members will soon see an updated unsubscribe option in emails that are sent from CU*BASE.
As we deploy these changes we intend to keep impact minimal, however, we have posted an alert (secured network-only) that will be updated as needed. This alert will serve to keep clients informed of any issues or complications that may arise as part of this change, which may include the temporary inability for CU*Answers and/or our network clients to send/receive emails as intended. We strongly encourage clients to refer to this alert if they encounter any issues on or after February 1st, as CU*Answers will not be sending out individual emails for each update to the alert.
Resources and Additional Information
Reference Terms
DNS | Domain Name System: A DNS turns domain names, such as mycreditunion.com, into IP addresses. This system is often referred to as the “phonebook of the internet” and allows users to access web pages in their browsers.
SPF | Sender Policy Framework: A DNS record that lists what hosts and IP addresses are allowed to send messages on your behalf (such as CU*Answers).
DKIM | DomainKeys Identified Mail: A digital watermark or signature that validates the email came from you and has not been tampered with. Emails can be signed multiple times in transit.; each signature is validated against a different DNS record presented in the client DNS entries.
DMARC | Domain-based Message Authentication, Reporting & Conformance: A DNS record that tells email providers:
- Where to deliver reports of who is sending on your behalf
- Based on settings, classify all emails without a DKIM signature as spam
- Classify all emails without a valid SPF source as spam
The Spamhaus Spam Blocking Event
As referenced above, in April of this year our outbound emails were blocked by Spamhaus, an event which halted outbound emails and resulted in updates to many of our policies regarding both credit union and member emails in CU*BASE. This was also an opportunity for our teams to evaluate our email programs and systems. You can read a timeline and synopsis of the event on the CU*BASE Alerts post. Note: the Alerts site is only accessible from a CU*BASE connected workstation.
Email Hygiene and Best Practices
Following our review of email standards, we updated our documentation and sent out a series of best practices.
Best Practices for Your Email Upkeep series
- Resources and Recommendations Coming Soon
- Configuration of ‘From’ Email Addresses (note that this information will be changing in CU*BASE release 23.12)
- Bounce Backs for Emails Sent via CU*BASE
- Handling Invalid Addresses
- Addresses Tied to eStatements
- Slow Delivery & Spam Markers
- Member Addresses Flagged Incorrectly
- Fake Email Addresses are NOT Allowed
Additional Resources
Email Best Practices, Procedures, and Handling of Wrong Email Addresses (online help overview)
Email Sender Guidelines (from Google)
Related Communications from Client News
CU*BASE Release 23.12 is Arriving Soon!
Important Changes Arriving with CU*BASE 23.12: Configuration of CU FROM Email Addresses
Temporary Member Reach CUs Moved to New Email Domain
Changes Coming to Client-Facing “FROM:” Addresses – Order a DKIM Signing Package by 1/8/24
