NEW REQUIREMENTS TAKE EFFECT FEBRUARY 1st: Email Policy Updates, Best Practices, and Compliance

We are in the final week before  these changes take effect. Please read the following information carefully. 

On Sunday, January 28, we will perform GoAnywhere maintenance (this link will open a protected network-only alert); this maintenance is routine, but will include changes that will impact our email processes. Related changes are also included in the annual file maintenance (this link will open a protected network-only alert) on Sunday. With this framework deployed, our teams will then activate changes throughout the week. Additional deployments or maintenance windows may occur as needed.

What You Will Need To Do

Credit union staff and members will not have to take any action, but we advise that you stay aware of these changes and any potential impacts to member emails.

Note that in accordance with the new requirements, members will soon see an updated unsubscribe option in emails that are sent from CU*BASE.

As we deploy these changes we intend to keep impact minimal, however, we have posted an alert (secured network-only) that will be updated as needed.  This alert will serve to keep clients informed of any issues or complications that may arise as part of this change, which may include the temporary inability for CU*Answers and/or our network clients to send/receive emails as intended.  We strongly encourage clients to refer to this alert if they encounter any issues on or after February 1st, as CU*Answers will not be sending out individual emails for each update to the alert.


The Current State of Email Policy Changes

Beginning February 1, 2024 Google will update their requirements for mass senders to ensure that all emails sent are both DKIM signed and the sender is allowed by SPF (check out the Reference Terms to learn more). Due to these changes, and previous issues experienced with email spam services, we are in the end stages of evaluating and updating our outbound email policies.

Understanding the Reasons for Change

Google is one of the largest email providers, and once their requirements change, all other email service providers will follow in quick succession; Yahoo has already indicated their intentions to match the updated policies put forth by Google. These new requirements impact all credit unions, as well as our cooperative as a whole.

If we all as a cooperative (CU*Answers and each credit union individually) do not reasonably comply with the new requirements, which indicate that less than .3% of our mailings are allowed to be sent to spam to avoid being blocked as a spammer, email sent from CU*BASE and CU*Answers/Xtend services will be blocked as spam. This information is then reported back to all spam list providers, such as Spamhaus and others, and we are again blocked from sending emails. This could take months to resolve, during which time we are not able to send emails to members.

This can be a complex field of information, but understand that if we do not change the way that we are handling outbound emails, we all risk more delays and potential shutdown of member alerts, notices, eStatements, and more. We must update our systems, and potentially your credit union’s system, to adapt to changes in technology and requirements. Member communication via email is critical, so we must use every tool in our arsenal in order to provide these services to our members.

What We Are Doing Now

Changes to Configuring Credit Union FROM: Email Addresses – Active with 23.12 release

Beginning in December when your credit union receives the 23.12 CU*BASE release, Tool #233 Configure CU FROM Email Addresses will be deactivated, and all credit union email address changes will be completed as a back office configuration.

Changes to email addresses can be requested using the Store

In order to use your custom domain, our team must validate that the email meets the DNS requirements set forth by current regulatory and email provider standards.

Your Email Domain Must Include

Proper and Valid SPF Record
To verify you have a proper SPF record, please review this AnswerBook article. Specifically your SPF record must be valid, and have the directive: “include:spf.cuanswers.com” or equivalent. Need help? Network Services can validate or set up your DNS records.
DKIM Records
If you do not have a DKIM Key record for “cubasemail” in your DNS table, you can purchase a key on the CU*Answers store. We will work with you to implement your DKIM key.
If Requirements Are Met
Once your “From:” email address has been validated, Network Services will approve your request and a Client Services Representative will be in contact to confirm the change in email address.
If Requirements Are NOT Met
If your “From:” email address does not meet the required standards, a member of our Network Services team will be in contact to discuss options to bring your email up to standard before your request can proceed. Additional charges may apply.

Changes to Email Domains for Credit Unions Temporarily Moved to Member Reach – Completed December 18, 2023

As a reminder, during our response to the Spamahus incident, we placed credit unions into the Member Reach service as a temporary stopgap to quickly regain the ability to deliver mass email for all credit unions – this was not a permanent solution. Credit unions who were temporarily utilizing the Member Reach domain, but are not Member Reach clients, will be moved to the new @creditunion-notifications.com before the end of December. Your credit union name will be the sender, such as myfavoritecreditunion@creditunion-notifications.com.

Following this change, if you wish to subscribe to Member Reach services, contact Xtend. If you wish to update your email domain, follow the steps outlined in the Store.

This change was completed Monday, December 18. You can read more in the Client News post

Transparency on the Resulting Volume of Bounce Backs Due to the Recent Migration – Resolved

We’re seeing a higher than usual number of mail bounce backs and alerts from the changes made in CU*BASE to migrate people away from sending as memberreach.com to creditunion-notifications.com. We expect these to clear up over time. Many of the messages are due to rate limiting on the email recipient side and should process through over time. As we move forward, this will become less of a problem as recipient systems learn to expect this volume of email from the new domain.

Changes to Email Domains for Credit Union Email Addresses That Are Noncompliant – Completed

We have moved credit union custom domains that do not meet compliance standards to the @creditunion-notifications.com email domain. Any noncompliant credit unions using custom domains have since been configured with appropriate DKIM records. Remember that if your credit unions wishes to use a custom domain, you can start that process by visiting the Store.

One-Click Unsubscribe Considerations

The goal remains to make any transitions or updates as simple as possible for everyone, while still performing the utmost due diligence in complying with the updated policies, and any subsequent policy changes. We have developed a new methodology to comply with the change to the requirements for “one click unsubscribe”, and as a result members will see a new option to unsubscribe from emails. These unsubscribe requests are then referenced by CU*BASE when the following email of that same type is sent. Knowledge Base items and further documentation on this process will be coming soon. 


Resources and Additional Information

Reference Terms

DNS | Domain Name System: A DNS turns domain names, such as mycreditunion.com, into IP addresses. This system is often referred to as the “phonebook of the internet” and allows users to access web pages in their browsers.

SPF | Sender Policy Framework: A DNS record that lists what hosts and IP addresses are allowed to send messages on your behalf (such as CU*Answers).

DKIM | DomainKeys Identified Mail: A digital watermark or signature that validates the email came from you and has not been tampered with. Emails can be signed multiple times in transit.; each signature is validated against a different DNS record presented in the client DNS entries.

DMARC | Domain-based Message Authentication, Reporting & Conformance: A DNS record that tells email providers:

  • Where to deliver reports of who is sending on your behalf
  • Based on settings, classify all emails without a DKIM signature as spam
  • Classify all emails without a valid SPF source as spam

Read more about DMARC

The Spamhaus Spam Blocking Event

As referenced above, in April of this year our outbound emails were blocked by Spamhaus, an event which halted outbound emails and resulted in updates to many of our policies regarding both credit union and member emails in CU*BASE. This was also an opportunity for our teams to evaluate our email programs and systems. You can read a timeline and synopsis of the event on the CU*BASE Alerts post. Note: the Alerts site is only accessible from a CU*BASE connected workstation.

Email Hygiene and Best Practices

Following our review of email standards, we updated our documentation and sent out a series of best practices.

Best Practices for Your Email Upkeep series

Additional Resources

Email Best Practices, Procedures, and Handling of Wrong Email Addresses (online help overview)

Email Sender Guidelines (from Google)


Related Communications from Client News

CU*BASE Release 23.12 is Arriving Soon!

Important Changes Arriving with CU*BASE 23.12: Configuration of CU FROM Email Addresses

Temporary Member Reach CUs Moved to New Email Domain

Changes Coming to Client-Facing “FROM:” Addresses – Order a DKIM Signing Package by 1/8/24

Changes Coming to Client-Facing “FROM:” Addresses – Order a DKIM Signing Package by 1/8/24 (Reminder)

Updated
January 26, 2024

Check Out the New Recipes We’re Cooking in the Kitchen!

Check Out the New Recipes We’re Cooking in the Kitchen!

Have you visited the Kitchen lately?  If not, we invite you to take a look at a few of our latest projects: Account Aggregation Features for Online Banking Artificial Intelligence Strategies Debit Card Round-up Enhancements Unique Account Identifiers Vendor Interfaces We’re Working On Additionally, there have been significant updates to the following recipes: ANR/NSF Fees… Read more »

Dec 19, 2023