Google and Yahoo have announced new rules for bulk email senders. The move sees the mailbox providers turn what many consider best practices for email authentication into mandatory requirements.
The new guidelines come into effect in February 2024, after which Google and Yahoo will begin to block and aggressively filter incoming emails that don’t meet domain authentication and procedural requirements. They will focus on the following critical areas:
- Email authentication using DKIM, SPF, and DMARC
- Recommended thresholds for keeping spam low
- One-click unsubscribe functionality
- ARC headers to authenticate email forwarding
Senders that already include an unsubscribe link in their messages have until June 1, 2024, to implement one-click unsubscribe in all promotional messages.
Why are these new rules being implemented?
Proper authentication of emails has always been a best practice. However, not all senders use the protocols available to safeguard their emails. This is a significant problem because if senders fail to authenticate their emails, they make it easy for any malicious entity to impersonate domains and send phishing emails, adversely impacting the sender reputation and user experience.
Google and Yahoo want to protect users from spam and unwanted emails. However, if senders do not adhere to all authentication policies, this becomes considerably harder. This is why Google and Yahoo have decided to make it mandatory for bulk email senders to comply with key best practices for email authentication and spam prevention.
Details of the new bulk sender requirements
As mentioned earlier, the new bulk sender requirements will be effective starting February 2024. Gmail and Yahoo users comprise a significant chunk of a bulk email sender’s database. As a sender, if you want to keep reaching these users, you must review current sending practices that are in place and make the necessary changes where required.
Gmail and Yahoo’s guidelines are broadly similar, with only some minor differences. This blog outlines the new requirements so you can understand how to become compliant with them.
Email authentication requirements
Under the new rules, Google and Yahoo will require bulk email senders to use what Google calls ‘well-established best practices’ to authenticate the sender of the emails. This means bulk senders must use SPF and DKIM, along with DMARC. According to Google, doing so could shut loopholes that could be exploited. While email authentication can be a tricky subject to tackle, it is crucial to the inbox experience.
The authentication protocols help Google and Yahoo identify the sender by connecting the message to a specific sending domain.
- Sender Policy Framework (SPF) – This is a list of sources approved to send emails on behalf of a domain. SPF helps prevent spoofing by allowing senders to identify email servers permitted to send emails from their domain.
- Domain Keys Identified Mail (DKIM) – DKIM refers to a set of public and private keys that connect a sender to a specific domain by adding an encrypted digital signature in the email header.
- Domain-based Message Authentication, Reporting, and Conformance (DMARC) – DMARC helps domain owners specify actions when email authentication failures occur. It also helps enable reporting on email authentication results.
Not all senders use the three authentication protocols discussed above. However, following the implementation of the new rules, every bulk email sender must have all authentications in place. Google and Yahoo have given bulk email senders time until the February 1, 2024, to comply.
Monitoring spam rates
Under the new requirements, bulk email senders must keep their reported spam rate below 0.3%. Maintaining a low reported spam rate will become crucial if bulk email senders want to ensure the deliverability and success of their email campaigns. Spam rates can be kept low by following some of the best practices listed below:
- Asking users for double opt-in confirmation
- Updating email lists to ensure hygiene
- Educating users about whitelisting senders
- Avoiding spam trigger words and phrases in email
- Tracking and responding to feedback loops
- Monitoring and analyzing of metrics regularly
- Using a reputable email service provider (ESP)
Though not related to spam, another best practice to follow is verifying your email adheres to RFC 5322 standards for formatting. Gmail takes a proactive stance against malicious or spam emails by blocking messages that feature multiple headers of the same type or duplicate headers. Spammers and other malicious entities often employ duplicate headers to impersonate legitimate senders. Gmail’s vigilant approach, blocking non-RFC 5322 compliant messages, serves as a protective barrier, shielding email users from potential spam and phishing threats.
Bulk email senders are also expected to include a mechanism by which recipients can unsubscribe easily. They can do this by adding an easy-to-find link within the email. The new unsubscribing guidelines will allow recipients to quickly opt out of receiving messages. The implementation of these guidelines will also help improve deliverability and engagement rates.
Google has recommended the inclusion of the following headers in outgoing messages.
- List-Unsubscribe-Post and List-Unsubscribe (support one-click unsubscribe [RFC 8058]
- support “mailto” unsubscribe [RFC 2369]
Additionally, it has recommended allowing recipients to review individual mailing lists and unsubscribe from them individually or all at once.
Should email marketers be concerned?
Experienced email marketers will look at the new requirements and not bat an eye. This is because senders who understand authentication and good email practices will have little to be concerned about. However, there is a catch. The requirements are applicable at the domain level – they apply to all emails sent by the organization using a particular domain. It includes sales teams, business development representatives, and representatives relying on outbound/ cold email tactics.
Most users prefer and even like hearing from brands via email. However, the inbox is becoming overcrowded; with the increase in spamming, phishing, and spoofing, it is even dangerous. With these measures, Google and Yahoo want to protect their users from all types of risks. More robust authentication requirements allow mailbox providers like Google and Yahoo to counter threats like email spoofing, where hackers impersonate well-known brands and attempt to scam recipients.
Apart from the risks mentioned above, there are cases where legitimate senders cross the line by (a) emailing contacts without consent, making it hard for recipients to opt out, or (b) simply sending an unhealthy amount of emails. Allowing recipients to unsubscribe from marketing emails easily gives them greater control over who can send them messages.
Our take on the Google Yahoo email policy updates
The new requirements are primarily applicable to bulk senders, and a little digging will show that some of these requirements only apply to high-volume senders (more than 5000 emails). If you are a low-volume sender, you are far less likely to be impacted by the changes. However, complying with the authentications and best practices will always benefit everyone.
Additionally, while the bulk sender requirements are new, the idea behind them isn’t. Responsible email senders have always pursued effective authentication, obtaining consent from contacts and making it easy for recipients to opt out. As email marketers, we want recipients to trust the messages we send them instead of fearing to open them or ignoring them altogether.
All in all, the new bulk email sending policies will benefit email marketers in the long run.
As Gmail said in its announcement,
“These changes are like a tune-up for the email world, and by fixing a few things under the hood, we can keep email running smoothly. But just like a tune-up, this is not a one-time exercise. Keeping email more secure, user friendly, and spam-free requires constant collaboration and vigilance from the entire email community.”
Connect with us to understand how you can benefit from our expertise and experience while adapting to the Google and Yahoo email policy changes in 2024. Serving over 6,500 customers across 40 countries, Netcore delivers 500 million emails every day.