Your credit union is a bulk email sender. Consider all the types of emails that are sent from your credit union directly, or on behalf of your credit union including e-statement notifications, member marketing, password reset, multi-factor authentication, rate change notifications, member-defined alerts, and many more. Even credit unions with modest active member counts can generate ten thousand emails in a month, if not more.

All these emails require active management of your email lists by your team to ensure these messages are compliant with ever-changing internet requirements, or you may soon find that email providers such as Google, Microsoft, and others may choose to actively block your ability to send any emails to recipients on their platforms, and that could be devastating to your business.

What do you need to know?

We all know how email is actively abused by bad actors: phishing attacks, unwanted spam, impersonation, and outright fraud activity are costing organizations big time. So much so, that email providers are stepping in to enforce standards to try to protect their users.

Google has announced that beginning in February 2024, they will require bulk email senders (that’s every credit union) to implement a set of practices and technologies to provide additional assurances to recipients that the emails are authentic and genuine. They will require the following:

1. That senders authenticate email to help prevent email spoofing and spam. This is done with a technology called Domain Keys Identified Mail (DKIM for short). DKIM is a configuration that detects when email has been modified or when unauthorized changes are made to the FROM address (that’s your credit union’s brand!).
2. That senders enable easy unsubscription. Members should be able to unsubscribe from your email list with just one click of a link within each email.
3. That senders stay under the email provider’s “spam” threshold. Email providers such as Google and Microsoft will start actively blocking senders that they perceive are sending too much bulk email they consider “spam.” This one is tougher because there is no industry standard for this threshold and each provider can determine their own configuration and may or may not publish what those are. Google recently published their threshold spam rate is 0.3%.

What do you need to do?

Whether your credit union sends bulk email directly or through a third-party provider such as your core processor, the credit union is still responsible for ensuring messages sent on its behalf are compliant with internet standards. Failure to do so could result in companies such as Google and Microsoft actively blocking all emails coming from the sender (i.e. the credit union and/or the vendor).

There are specific steps each credit union should take now to ensure good email hygiene and an ongoing ability to reach your members by email.

1. Maintain good email lists.
   • Never put a known bad email address on your email lists! This sounds obvious, but many credit unions will allow bad email addresses because “something” is required in the member’s contact record. Don’t do it!
   • Don’t email members that don’t want your emails. This one is hard because we also have requirements to ensure that members get certain notifications. But email providers will rate a member’s complaint about your email habits over your legal responsibility to send a notification to your member. Something will eventually give, but there isn’t a law that prevents Google from blocking your ability to send email.
   • Clean up your email lists. Periodically validate member emails and remove those that are no longer valid or have ongoing delivery problems.
2. Implement technical controls.
   • Implementing proper Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting and Conformance (DMARC) is critical to ensure your continued ability to send emails to your members. They also have the benefit of improving your email reputation and providing message authentication to your members.
   • Contact your IT department today to have them review these settings to ensure they are properly configured.

Email once began as a simple technology and preventing fraud was never considered. The technologies that help improve email’s reputation and trustworthiness have been bolted on over the last few years and although the solutions are inelegant, they are now becoming required. Your credit union needs to understand these configurations and ensure they are properly implemented so that you can continue your email relationships with your members.