What do Google and Yahoo's requirements mean for you?

Google and Yahoo are turning what was once considered best practices for email authentication into mandatory requirements—and senders who don’t comply with the new requirements will start to see issues getting their emails delivered in 2024. If you want to make sure your emails keep making it to the inbox, keep on reading. 

Why Google and Yahoo are changing the rules for email senders 

Properly authenticating your emails has always been a best practice, but not all senders are using the tools available to protect their emails. And that’s a major problem: If senders don’t properly authenticate their emails, they’re making it incredibly easy for bad actors to impersonate domains and to send phishing—and that will damage your sending reputation.

Gmail and Yahoo are on a mission to protect their users from spam and unwanted emails, but if senders fail to properly secure their systems and leave the door for exploitation wide open, that job is a whole lot harder. That’s why Gmail and Yahoo decided that proper email authentication and following deliverability best practices are no longer a nice-to-have. If you want to ensure your emails continue to make it to the inbox, you’ll have to comply with key best practices for email authentication and spam prevention. According to the inbox providers, that means:

1. Making sure that you're authenticating your emails using DKIM, SPF, and DMARC

Make sure you're regularly reviewing your sending sources in DMARC Digests to ensure that they are set up with DKIM and SPF. The dashboard makes it easy for you to quickly identify which sources are DMARC compliant and whether you have both DKIM and SPF set up.

Gmail and Yahoo will start requiring DMARC for all bulk senders who send more than 5,000 messages a day, but even if you aren’t sending at that volume, we encourage you to set up DMARC anyway. Here’s a step-by-step walkthrough of how you can set up DMARC for your domain. Gmail and Yahoo don't require strict DMARC policies, so you can get started with a “p=none” policy. With that policy in place, you can start monitoring who’s sending email using your domain without receivers taking any action just yet.

If you're not already signed up, take advantage of our 14-day free trial so that you can get a clearer picture of what you need to do and we'll be here to help guide you along the way.

2. Reducing spam and maintaining a spam complaint rate under 0.3%.

Gmail will require senders to keep the spam complaint rate below 0.3%. If a larger share of your recipients mark your emails as spam, your sender reputation will decrease—and you’ll have a harder time reaching the inbox.

To keep an eye on your spam report data from Gmail users, you’ll have to register your domain with a dedicated service, Google’s Postmaster Tools. Registering your domain is free, only takes a minute, and once you’re set up and Google has collected some email data, you can see aggregated spam report information in your Postmaster account.

If you see your user-reported spam rate grow beyond 0.1%, that shows that there’s room for improvement. If you see your spam rate approach 0.3%, that’s a sign you should urgently take action.

3. Allowing people to unsubscribe from your marketing and promotional mailings by clicking just one link and honor unsubscribes within two days.

Check in with your ESP to make sure you're all set on this front. 

Additional requirements:

There are some additional requirements, which your ESP will hopefully handle for you, so be sure to check in with them about:

• Ensuring that sending domains or IPs have valid forward and reverse DNS records
• Use a TLS connection for transmitting email
• Format messages according to the Internet Message Format standard
• Not impersonating Gmail From: headers.

Do these changes affect me?

Gmail and Yahoo’s new requirements primarily target large bulk senders, and if you’re diving into their requirements in detail, you’ll see that some of them will only apply to high-volume senders who send more than 5,000 emails a day. If you’re a smaller sender or only send transactional email, you’re less likely to be impacted by the changes—but that doesn’t mean you can ignore them.

What’s required for large senders today will likely become a requirement for all senders in the future. Plus, operating in the “barely compliant” zone, hoping the authorities don’t look at you too closely because you’re a small fish is rarely a good strategy. We believe this isn’t just true when you do your taxes, but for sending email, too.

So whether you send one email or a few million, protecting your domains, avoiding spam, and following deliverability best practices is the key to keeping your subscribers safe and your email program healthy.

FAQs

Q. When will these changes take place?