New e-mails authentication requirements from Google and Yahoo

Google and Yahoo recently announced significant changes to their e-mails authentication requirements. The aim of these adjustments is to strengthen the security of online communications, a major issue in the current context of cybercrime.

The two giants are emphasizing the adoption of advanced authentication protocols, in particular DMARC (Domain-based Message Authentication, Reporting, and Conformance). DMARC relies on the existing SPF and DKIM standards, providing a robust method for verifying e-mails’ authenticity and reducing the risk of identity theft and phishing.

To implement these new requirements, Google and Yahoo will adjust their algorithms to give priority to e-mails from domains that have correctly implemented DMARC. The aim of this measure is to improve the deliverability of authenticated e-mails, reinforcing users’ trust in the security of their e-mail inboxes.

The new guidelines will apply from February 1, 2024 to all senders who send more than 5,000 emails per day. They underline Google and Yahoo’s commitment to fight against online threats, in particular phishing, a common method used by cybercriminals to deceive users and gain access to their sensitive information. By adopting stricter e-mails authentication requirements, these companies are strengthening users’ protection against malicious attacks.

It is now essential for domains holders and players in the digital world to comply with these new guidelines, in order to contribute to the creation of a safer and more secure Internet for all.

Nameshield’s experts are at your disposal to assist you in deploying this protocol.

[New gTLD] Launch of .NEW by Google

Following the launch of .APP, .PAGE, and .DEV among others, Google (Charleston Road Registry), launches the new extension .NEW in Sunrise period as of October 15, 2019.

Conditions for registration of a .NEW

In order to use a .NEW domain name, you will need to acquire an SSL certificate and deploy HTTPS. For reminder, the .NEW extension is included on the HSTS pre-upload list, requiring HTTPS protocol on all .NEW domain names (more details in the article “Google makes HTTPS encryption mandatory for its 45 new TLDs : .dev / .app / .how…”).

All domains on .NEW must resolve to action generation or online creation flows. Once resolved, the web user should be able to ‘create’ something without any further navigation. For example, docs.new proposes a dedicated page proposing the direct use of Google online word-processing software allowing a new document creation page.

Any .NEW domain will need to be live within 100 days of registration.

If these conditions are not respected, the registry will consider the registration as non-compliant with the registration policy. In this case, the name will be placed on hold. The registrant will then be notified to correct and apply these conditions, if no action is taken, the domain will be blocked then deleted.

Launch calendar

Sunrise period: from October 15, 2019 to January 14,2020
LRP (Limited Registration Period): from January 14 to July 14, 2020
General availability: from July 21, 2020

For more information on the conditions for registration of your .NEW, don’t hesitate to contact us.

The .DEV available to all

After the launches of the .APP and .PAGE, Google launched .DEV on January 16, its new extension dedicated to developers and technology, following the calendar below:

Sunrise period: from 2019/01/16 to 2019/02/19
EAP (Early Access Program): from 2019/02/19 to 2019/02/28
General availability: from 2019/02/28

Since February 28, 2019, the .DEV is in general availability and already has more than 64 000 domain names’ registrations according to Domain Name Wire.

To promote this new extension and for the Google I/O 2019 , its annual event for developers (which will be held on May 7-9, 2019 at the Shoreline Amphitheatre in Mountain View), Google proposes the free registration for 1 year of a .DEV domain name for all ticket booked. But the registrations resulting of this promotional campaign only represent a small part of the 64 000 .DEV domain names registered.

During the last months, Google itself has launched or relaunched many of its websites in .DEV: web.dev, opensource.dev, flutter.dev…

Other companies have also chosen to register their domain names in .DEV like Mozilla with mdn.dev, Salesforce with crm.dev and Level Access with accessibility.dev.

The HTTPS mandatory for all .DEV domain names

As mentioned in a previous article by Christophe GERARD, Nameshield’s Security Product Manager, as reminder, Google in its goal of a more secure Internet, makes HTTPS encryption mandatory for all its new extensions: .APP, .PAGE, .HOW, .DEV… (More details in this article).

Thus, .DEV extension is included on the HSTS pre-upload list, requiring HTTPS protocol on all .DEV domain names.

Therefore, in order to use a .DEV domain name, you will need to acquire a SSL certificate and deploy HTTPS.

From tools to platforms, programming languages to blogs, this extension will allow you to present your projects. Don’t hesitate to contact a Nameshield’s consultant for any questions regarding the conditions for the registration of your .DEV.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_25904574_14	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
ppwp_wp_session	30 minutes	No description
visit	30 minutes	No description

Conditions for registration of a .NEW

Launch calendar

The HTTPS mandatory for all .DEV domain names

Nameshield uses cookies