Google and Yahoo have recently announced new requirements for bulk senders, which will be coming into force on February 1, 2024. The goal? Make inboxes even safer and less cluttered with spam.

These new guidelines apply to domain owners who send more than 5000 emails daily to personal accounts that end in @gmail.com, @googlemail.com, @yahoo.com, @ymail.com, or work or school accounts from Google Workspace. It’s worth mentioning that all emails count towards your daily email sending volume, regardless of their nature – marketing or transactional.

Both email service providers have set three main requirements to ensure email delivery: email authentication, easy unsubscribing, and a low spam rate. Google has stricter guidelines, so if you take action to adhere to those, you will also align with Yahoo’s requirements.

Implement Email Authentication

In 2022, Google started requiring that emails sent to a Gmail address must have at least some form of authentication. Now, the three key email authentication protocols, SPF, DKIM, and DMARC, will be mandatory.

SPF

SPF is a protocol that allows domain owners to specify which mail servers are authorized to send emails on behalf of their domain.

DKIM

DKIM allows the sender to sign an email digitally. The recipient’s mail server can then verify the signature to ensure the message hasn’t been altered in transit and that it actually originated from the claimed sender.

DMARC

DMARC builds on SPF and DKIM by providing a framework for domain owners to specify how an email from their domain should be handled if it fails SPF or DKIM authentication checks. It also includes reporting mechanisms to provide visibility into authentication failures.

To pass the new email authentication requirements, you should have a valid DMARC record with an enforcement policy of at least p=none. If you’re unsure whether your domain has any of the mentioned protocols in place, a quick scan with our Domain Scanner tool will give you all the information you need.

We at EasyDMARC are thrilled to witness this increased focus on email authentication as a way to protect organizations from impersonation, malicious messages, and deliverability issues. It’s worth noting that in July 2023, Microsoft announced a significant step in the same direction. They have started honoring DMARC enforcement policies for both consumer and enterprise customers.

Make Unsubscribing Easy

Email users shouldn’t have to jump through hoops to stop receiving unwanted emails. Now, marketing and subscribed messages must support a one-click unsubscribe mechanism and include a clearly visible unsubscribe link in the email body. The second link, however, doesn’t have to be one-click.

In case the user opts out of receiving emails, the sender has to comply with their request and take them off the mailing list in a maximum of two days.

Stay Under The Spam Threshold

Spam rates should be kept at or below 0.3%, that’s a rate of 3 in 1000. Ideally, it should be under 0.1%. Future messages from your domain are more likely to be reported as spam if they are frequently flagged as such. Therefore, sending emails to people who actually want to receive emails from you and avoiding unsolicited messages is your best bet.

Additional Requirements

Some additional requirements include:

• Ensuring that sending domains or IPs have valid PTR records.
• Formatting messages according to the Internet Message Format standard.
• Not impersonating Gmail From: headers.
• Adding ARC headers to outgoing emails if you regularly forward emails. 

For more details and instructions on each requirement, you can check out Google’s Email Sender Guidelines.

Some of these new mandates are applicable to all senders, regardless of their email-sending volume. Here’s a comparison between the guidelines for senders of less than 5000 emails per day and bulk senders.

What Happens If You Don’t Follow The Requirements

If your emails don’t meet the required standards by February 2024, they will likely be flagged as spam or rejected by the recipient’s email provider. This could result in a significant decrease in the number of emails reaching your audience, affecting your communication and marketing efforts.

Non-compliance may also lead to damage to your sender reputation, which is essential for determining whether your emails should be delivered to the inbox, spam folder, or rejected. Failing to adhere to the new guidelines may result in a lower sender score, making it harder for your legitimate emails to stand out in already crowded inboxes.

Repeated violations could even lead to your domain or IP address being blacklisted, severely affecting your ability to send any emails to users of these services. It’s crucial to prioritize compliance with these authentication requirements to maintain a positive sender reputation and ensure the successful delivery of your emails.

What You Should Do To Prepare

To prepare for the upcoming changes and ensure your emails continue to reach your audience, take the following steps:

• Implement SPF, DKIM, and DMARC protocols correctly.
• Ensure that your marketing messages include a one-click unsubscribe mechanism.
• Clean out your email sending lists regularly to eliminate users who opt out.
• Check your email campaign analytics regularly to keep spam rates below the recommended thresholds.
• Ensure that your team is aware of the new requirements and understands the importance of compliance.

Before the recent mandate, inbox providers had long recommended these guidelines as best practices. By making these necessary adjustments to your email practices, you can safeguard your sender reputation, maintain optimal deliverability, and continue building trust with your audience.

The post Google And Yahoo New Email Authentication Requirements appeared first on EasyDMARC.

*** This is a Security Bloggers Network syndicated blog from EasyDMARC authored by Ani Avetisyan. Read the original post at: https://easydmarc.com/blog/google-and-yahoo-new-email-authentication-requirements/