In the first quarter of 2024, Yahoo and Gmail will enforce new requirements for bulk senders to authenticate their emails, enable easy unsubscription, and ensure they send only wanted emails. As LB Blair, Head of Deliverability at Email Industries, said, the update is long overdue.
In a recent update, Google stated that: “Gmail’s AI-powered defenses stop more than 99.9% of spam, phishing, and malware from reaching inboxes and block nearly 15 billion unwanted emails every day. But now, nearly 20 years after Gmail launched, the threats we face are more complex and pressing than ever”.
What are those threats, and how can you prepare for the soon-to-be-introduced requirements? Let’s dive in.
Google and Yahoo’s New Requirements for Bulk Senders
By the end of Q1 2024, both Google and Yahoo will require that bulk senders:
- Authenticate their email: High-volume senders will have to strongly authenticate their emails using well-established best practices. This helps close loopholes that attackers exploit, making email safer for everyone.
- Enable easy unsubscription: When it comes to stopping unwanted messages from an email sender, it shouldn’t be a challenge. Therefore, Google and Yahoo are introducing a rule that large senders must provide recipients with a one-click unsubscribe option for commercial emails. They are also required to process these requests within two days.
- Only send emails their recipients want: Gmail and Yahoo have already implemented various measures to prevent unwanted emails from reaching inboxes. To further enhance email security, a clear spam rate threshold will now be enforced. This industry-first measure will help ensure that senders remain below the threshold and Gmail and Yahoo users won’t be overwhelmed with spam emails. Predicted result? Even fewer spam emails in the inboxes.
Gmail has a 28% market share globally in the email field and, naturally, Google wants to protect their nearly 2 billion users from any spam or unwanted messages. When asked about the risks companies might face in case of failing to comply with the upcoming changes, Email Industries’ Founder Scott Hardigree said, “Companies must follow these requirements when sending emails to Gmail and Yahoo accounts. If they don’t, their messages won’t be delivered. This can be a significant problem for businesses, particularly given Gmail’s massive user base of 1.8 billion accounts.”
As Ozgur Tekin, Deliverability Consultant at Email Industries, explains, “These were already best practices, so if you weren’t doing those things, you might already be having issues. Since they will become requirements, I believe entities that don’t follow these practices will face challenges reaching subscribers’ inbox.”
Who Are Bulk Senders, and How Will Google and Yahoo’s New Requirements Affect Them?
Bulk senders send more than 5,000 emails per day, which, if you’ve been in email for a while, is not a large number, especially for eCommerce senders etc.
Many bulk senders still overlook the importance of securing and setting up their systems correctly, inadvertently making it easier for malicious actors to exploit their resources without detection. To mitigate these risks, it is crucial to implement sender validation by leveraging email authentication standards to verify the identity of the email sender.
Sender validation is a critical component of email authentication, as it helps to ensure that emails are sent from legitimate sources and not from malicious actors. The new requirements from Yahoo and Gmail will enforce the need for bulk senders to authenticate their emails, making it easier for recipients to identify and trust the source of the email.
The Email Industry Works Together on Security Measures
Both Google and Yahoo have been working together on creating improved security measures. As Yahoo states in their article, “we are not alone in our quest to improve the email experience for users anywhere, keeping emails safe, user friendly and spam-free”.
“We firmly believe that users worldwide deserve a more secure email environment, with fewer unwanted messages for an improved overall experience. We look forward to working with peers across the industry to boost the adoption of these email standards that benefit everyone.”
Neil Kumaran, Group Product Manager, Gmail Security & Trust
“No matter who their email provider is, all users deserve the safest, most secure experience possible. In the interconnected world of email, that takes all of us working together. Yahoo looks forward to working with Google and the rest of the email community to make these common sense, high-impact changes the new industry standard.”
Marcel Becker, Senior Director of Product Management at Yahoo
Next Steps for Email Marketing Professionals
As email marketing professionals, everyone needs to embrace these changes and take proactive steps to ensure that the email campaigns are compliant with all new requirements. This might include updating email authentication protocols, reviewing email lists to ensure that recipients have actively opted-in to receive emails, and providing clear and easy-to-use unsubscribe options. By doing so, marketers can not only comply with the new requirements but also improve their email marketing results.
By no means should marketers wait with introducing changes to their email marketing until the last moment. In fact, Ozgur Tekin advises that implementing these security measures now would give email marketing professionals a chance to fix their authentication issues ahead of time.
“You will be able to see what your configuration in different ESPs looks like. If you wait until the last moment, you may experience deliverability issues which can harm your reputation and eventually your revenue. Mitigation from one platform to another can be even more challenging if you do it at the last moment.”
Ozgur Tekin, Deliverability Consultant at Email Industries
Email Authentication Requirements and Recommendations
Bulk email senders must comply with Google’s well-established best practices to authenticate the sender’s contact details. According to the company, this will help plug the loopholes used by spammers.
Here’s how Google and Yahoo recommend bulk email senders authenticate their email signatures.
Set Up SPF Authentication
Sender Policy Framework (SPF) authentication allows the recipient’s email server to block email spoofing and phishing attempts. You must add the SPF records to your domain’s DNS settings. The recipient’s email server checks the SPF records to validate the sending domain. If your IP addresses match the DNS records, your emails will likely be delivered.
Set Up DKIM Authentication
DomainKeys Identified Mail (DKIM) authentication uses cryptographic keys to validate the message content and ensure your emails aren’t tampered with during transmission. The sending domain creates a unique digital signature of the email content, which the recipient’s mail server validates using the public key. If the signals match, the email reaches the inbox.
Set Up DMARC Authentication
Domain-based Message Authentication, Reporting, and Conformance (DMARC) takes email security up a notch. It combines the functions of SPF and DKIM authentication with custom policies, allowing the sender to analyze and investigate potential threats before spammers damage the brand’s reputation.
Set Up ARC Authentication
Authenticated Received Chain (ARC) verifies the previous authentication status of forwarded messages. If a forwarded message passes SPF and DKIM validation but fails ARC authentication, Google treats the message as unauthenticated. We recommend setting up ARC authentication if you forward messages in bulk.
Use a TLS Connection for Transmitting Email
Transport Layer Security (TLS) is a standard security protocol that encrypts electronic mail for secure delivery. This is already taken care of if you’re using a reputable email service provider. If you manage mail servers independently, talk to your IT team or mail provider.
Don’t Impersonate in the “From” Header
Google blocks messages containing multiple email addresses in the “From” header. This prevents spammers from impersonating legitimate senders, a practice known as email spoofing. We recommend following the Internet Message Format to avoid getting entangled in Google’s latest security web.
Infrastructure Configurations
Your sending IP must have a pointer (PTR) record to verify if the hostname is associated with the sending domain. Every IP address must be mapped with a PTR record, and the specified hostname must have a forward DNS referring to the sending IP address.
PTR records are used to configure reverse DNS. If you’re using an email service provider, this will be automatically handled. But if you manage company servers independently, publish the PTR records on your sending domains and IPs.
The activity of senders using a shared IP address affects the reputation of every sender sharing that IP. Therefore, the negative reputation of one sender can directly impact your sender reputation, for no fault of yours. If you’re using a shared IP, keep these in mind.
- Ensure the shared IP isn’t on any major internet blocklists. Emails sent from blocked IP addresses are more likely to be marked as spam.
- If you use an email service provider for the shared IP, use Google Postmaster Tools to monitor the IP address’ reputation.
Minimize Spam Rates
Google recommends bulk email senders keep spam rates below 0.1% in Postmaster Tools and never exceed 0.3%. Google Postmaster Tools provide detailed insights when you send an email to Gmail clients. You can analyze data like:
- Spam complaints
- Reasons for lower delivery rates
- Your IP or domain reputation and its impact on email deliverability
- Whether your emails are authenticated
Here’s how we recommend you minimize spam complaints on Yahoo and Google.
- Sign up on Yahoo’s Complaint Feedback Loop and Google’s Postmaster Tools to monitor spam rates
- Avoid cold emailing
- Verify the contacts on your mailing list before launching an email campaign
- Personalize your emails
- Set custom tracking domains
- Identify subscribers that don’t respond to your emails and launch a retargeting campaign
- Simplify unsubscribing
Maintaining a low spam rate increases a sender’s trust score and makes them immune to sudden spikes in user feedback. Conversely, maintaining a high spam rate will lead to increased spam classification. However, it may take a while for the improvements to reflect on Google’s spam reports.
It’s interesting to note that Google doesn’t monitor open rates and cannot verify the accuracy of open rates reported by third parties. Low open rates might not be an accurate indicator of spam classification or deliverability issues.
Add One-Click Unsubscribe Button
Bulk senders must add a one-click unsubscribe link in the email header and a clear link in the body. Google has set a deadline for June 1st, and we recommend updating your existing campaigns to enable one-click unsubscribe for customers.
Enabling people to unsubscribe from mailing lists can help reduce spam complaints and improve open, clickthrough, and engagement rates and sending efficiency. One-click unsubscribe makes it easy for people to opt out of your business communications when they change their minds.
Here are some more unsubscribe methods Google recommends:
- Allow people to review individual email lists they’re a part of. Let them unsubscribe from individual lists or all at once.
- Automatically unsubscribe people who have multiple bounced messages.
Email Industries Helps Improve Email Deliverability
Email Industries has been a part of the email community for more than 20 years. The experience we’ve gathered over those years and thousands of successfully solved email deliverability problems allow us to support companies of all needs and sizes in their email marketing efforts.
We help companies audit their configurations with different Email Service Providers (ESPs), conduct tests and monitor reputation, spam rate, authentication results. We guide them to implement changes in order to make sure they are all aligned with the upcoming changes.
“The use of authentication protocols, such as SPF, DKIM, and DMARC, has been a long-standing desire of mailbox providers, and Email Industries has long recognized it as a best practice. For businesses that have yet to implement these measures, there has never been a better time to prepare for Google and Yahoo’s mandate.”, says Scott Hardigree.
Frequently Asked Questions
Do the requirements apply to me if I send 5,000 emails from multiple accounts?
The bulk sender requirement only applies if you send over 5,000 emails daily from a single domain. So, if you send 2,500 emails from a Gmail account and 2,500 emails from your Yahoo account, these rules don’t apply to you. However, we strongly suggest following Google’s recommendations since these are the best practices.
What happens if I fail to comply?
Failing to comply with the latest bulk-sending recommendations will affect your sender reputation and email deliverability and jeopardize your brand name and trust score.
Why are there new requirements for bulk senders?
Spammers pose a significant threat to genuine email users. Mainstream email service providers like Google and Yahoo are actively working to keep your inboxes safe from malicious messages.
Reach out to our experts today and let’s find the best possible solution for your business to ensure your email deliverability stays on top or reaches it in no time.
Head of Growth at Email Industries