2024 is shaping up to be THE year of safer email, starting with big email authentication policy updates from Google and Yahoo, which will take effect on February 1st, 2024. These policy changes will impact what email Google and Yahoo will accept and deliver to their users’ inboxes, in an effort to decrease spam and spoofing.
These changes primarily affect bulk email senders, which are defined as any email sender/domain that sends 5,000 or more messages to personal accounts within a 24-hour period. As of now (but this may change), Google is not counting emails sent to Google Workspace accounts in this number – just personal Gmail accounts.
It’s important to note that even if you don’t qualify as a bulk sender right now, this appears to be the way of the future for email. All of these updates are now considered email deliverability best practices and more email providers will likely roll out similar, or even more stringent, requirements in due time.
Key Changes to Google and Yahoo’s Email Guidelines
Google and Yahoo’s new policy updates center on three main elements: email authentication, easy unsubscribe, and spam complaints.
The first policy update affects your domain architecture. You now must use SPF, DKIM, and DMARC to authenticate your emails and prove they’re coming from a legitimate source. Alphabet soup, we know. Here’s a high level overview of what these records do:
- DKIM & SPF records verify whether mail is legitimate. They prove that the domain in your “from” address is, in fact, yours, and that a sender (this could be your own mail server, a bulk email provider, CMS, AMS, LMS, Community platform, etc.) has permission to send on your behalf.
- DMARC suggests what to do with mail that isn’t legitimate. To pass DMARC, a message must pass SPF and/or DKIM authentication and alignment. DMARC tells the receiving mail server what to do if an email from your domain fails DKIM or SPF but appears to be from your domain – a sign that it may be spoofed. Check out this great resource from Sendgrid to learn more about DMARC.
Google and Yahoo will now require that SPF, DKIM, and DMARC be in place for all bulk senders. If not, deliverability will be affected.
It now needs to be as easy as possible to unsubscribe from bulk emails, which Google defines as supporting one-click unsubscribes in email headers. No more burying unsubscribe links in tiny text in the footer! Also, all unsubscribes must be honored within two days.
The hope here is that by making it easy to unsubscribe, users will be less likely to hit the “spam” button, ensuring that legitimate email and senders are making it to inboxes.
Both Google and Yahoo are cracking down on spam, with advanced algorithms to identify and block spam. Senders with spam complaints averaging 0.3% or higher will start experiencing issues with deliverability, but you should always aim to maintain spam levels at 0.1% or below to ensure your emails are landing in your members’ inboxes.
How do you reduce your spam complaints?
- Make it easy to unsubscribe. The new one-click header policy should help with this.
- TELL your members to unsubscribe and NOT to mark emails as spam. Sometimes this is done innocently, but can have a big impact for your org. Let them know that!
- Monitor your undeliverables and remove them from your list in a timely manner.
- Respond promptly to members who request to be removed from lists.
- Be thoughtful about what you are sending and how often you are sending. Don’t give your recipients a reason to feel you are ‘spamming’ them!
Steps to Get Ready for Google & Yahoo’s Email Updates
- Determine IF and HOW these new requirements will apply to your organization, and make a plan for addressing them.
- Make it EASY to unsubscribe from your lists. Most bulk email senders, such as MailChimp, HubSpot, Constant Contact, Campaign Monitor, etc., are already on top of this, rolling out new templates, requirements, and functionality for one-click unsubscribes in email headers.
- Talk to your IT Director or Managed Services Provider about DMARC, DKIM and SPF.
- Make sure you have DKIM and/or SPF records for all systems that send emails from your domain.
- If you put in a DMARC policy, be sure to consider ALL of the systems that send out emails from your domain. Even a record of ‘none’ can affect deliverability. Here are examples of some systems that may send emails “from” your domain:
- Your official email server
- Your bulk email providers
- Your website (e.g., emails from forms)
- MatrixMaxx/any AMS
- Community platforms
- Custom applications
What happens if I don’t comply?
If these new requirements apply to your organization and you don’t comply, your bulk emails will be delayed, blocked, or directed to spam.
While these words and changes might feel big and menacing, remember that the email providers have put them in place to reduce spam AND make it harder to spoof your domain and fool email recipients. Now is the time to audit your systems, policies, and procedures to make sure that you are in compliance, no matter how well you followed the best practices in the past.
Email authentication makes everyone less vulnerable to spoofing and spam attacks, easy unsubscribe helps to keep our spam rate low, and cracking down on spam helps us clear unwanted and potentially malicious emails.
As always, we are here for you if you have questions or need help navigation the brave, new world of DMARC!