Navigating the new email sending requirements for Google and Yahoo
Updated 2/6/24
On October 3rd, 2023, both Gmail and Yahoo announced updates to their sender requirements to minimize the amount of spam received by users. These changes will go into effect in February 2024, marking a significant step in ensuring a safer and more secure email environment for all users.
As an email sender, staying up-to-date with these changes is crucial for ensuring your email practices align with the new requirements. While this guidance was initially intended to apply to senders who send 5000 emails a day, this guidance has been updated such that any senders who send a regular email to their subscribers will be subject to these guidelines. Per Gmail’s recently updated Email Sender Guidelines FAQ: “Senders who meet the above criteria at least once are permanently considered bulk senders.”
This guide will provide you with all the necessary information you need to continue sending emails without disruption.
What’s changing for Gmail and Yahoo
In a nutshell, both Gmail and Yahoo will now require senders to follow stricter authentication protocols for sending emails to their users. They will implement the following email sending requirements:
- Senders must authenticate all emails using SPF, DKIM, and DMARC. This helps verify that emails come from you (the sender) and not a spammer.
- Unsubscribe links and one-click unsubscribe options will be mandatory. This gives recipients an easy way to opt out of future emails. If you’re already using Customer.io Journeys’ default unsubscribe functionality, you’re compliant with this requirement.
- Spam rate thresholds will be enforced. If you consistently send emails with a high spam rate, your messages will be rejected or sent to the spam folder.
- Gmail: Maximum spam complaint rate of 0.3%.
- Yahoo: Maximum spam complaint rate of 0.3%.
The exact evaluation periods for these new thresholds have yet to be released. Still, it’s worth noting that meeting these complaint thresholds will result in some form of blocking being applied to your emails for a certain period of time.
Another important point to consider is that even if senders meet or exceed a spam complaint rate of 0.1%, they will still experience reputation damage and negative impacts on deliverability with all non-Gmail inbox providers.
What you need to do before the changes go into effect
With these imminent changes, it’s essential to understand what you need to do to ensure your emails continue to reach your recipients. Here’s a step-by-step guide on what you need to do.
1) Configure SPF and DKIM on your domain
If you’re using your own custom SMTP for sending emails, you must configure Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) on your domain.
These are crucial email authentication methods that help in preventing your emails from being flagged as spam. You can follow the instructions provided by your email service provider to configure SPF and DKIM.
If you’re already sending emails from Customer.io Journeys’ default network, and your sending domain is authenticated and verified, then no action is required on your part.
2) Create a DMARC record on your root domain
Gmail and Yahoo have highlighted a crucial requirement for senders who send over 5000 emails in a single day at any given point: a basic DMARC (Domain-based Message Authentication, Reporting, and Conformance) policy.
A DMARC policy is a DNS text (TXT) record technical specification that helps prevent email spoofing and phishing attacks. It allows domain owners to specify how email receivers handle unauthenticated emails from their domain. By implementing a DMARC policy, domain owners can protect their brand reputation and improve email deliverability by instructing email receivers on how to handle emails that fail authentication checks.
To satisfy Gmail and Yahoo’s upcoming requirements, you must create the minimum DMARC record: “v=DMARC1; p=none“
This record says, “We have a DMARC policy, but no further instructions are given when SPF/DKIM are not aligned.”
If you are unsure if your domain currently has a DMARC policy in place, you can quickly look that up using an online tool. MXToolbox’s DMARC Check Tool is one of many options available.
(You will want to check for DMARC on your root domain. If you are sending from notify.example.com, enter example.com in the search field.) Your root domain is your sending domain without any subdomains. DMARC policies configured on the root domain automatically apply to all subdomains by default.
To set it up is easy. Navigate to your domain name registrar’s DNS records configuration and create this record:
- Type: TXT
- Host: _dmarc.mydomain.com (replace mydomain.com come with your root domain)
- Value: “
v=DMARC1; p=none“
Pro tip: You may already have this DMARC policy in place, but it is the bare minimum configuration. For those who wish to expand this configuration, learn more information on DMARC policies. It is possible that Google and Yahoo will expand their requirements so that a reject or quarantine policy is required, so we encourage you to create a fully fleshed out DMARC policy and benefit from the protection DMARC provides.
3) Ensure that all emails contain options to unsubscribe
As of June 1st, 2024, there are two things you’ll need to incorporate in all the emails you send: one-click unsubscribe header, an unsubscribe link, and a List-Unsubscribe header. (As mentioned, if you’re already using Journeys’ default unsubscribe functionality, this is taken care of automatically).
Important note: If you are utilizing your own custom domain for HTTP link tracking, you will need to configure HTTPS link tracking. If you are using our default link tracking domain, no action needs to be taken.
What if I’m using a custom unsubscribe system?
If you’re using something other than the default unsubscribe functionality, your emails still need to abide by these new rules. Here are a couple of handy resources for making sure they meet Google and Yahoo’s new requirements:
- Custom Unsubscribe Links: staying compliant with list-unsubscribe-post (RFC 8058) requirements
- Adding custom headers to emails in Customer.io
Per Google’s most recent updated guidance, your one-click unsubscribe implementation must adhere to RFC 8058.
4) Take proactive measures to decrease your spam rates now
Ensuring low spam rates is crucial to adhering to Gmail and Yahoo’s new requirements. The best way to achieve this is to strictly follow recommended email deliverability best practices.
Here’s a quick overview of what they are:
- Monitor your performance. Keep a close eye on your email delivery rates, open rates, and spam complaint rates. If you notice any sudden changes, investigate immediately to prevent further issues.
- Manage bounces. To maintain a healthy email practice, we recommend keeping your overall bounce percentage below 5% and, ideally, below 2%.
- Mind your frequency. While keeping your audience informed is important, try not to overwhelm them with too many emails. Balance is key.
- Keep your IP and domain reputation high. A low reputation often results in your emails getting filtered into the spam folder.
- Maintain a healthy email list: Higher engagement rates will reduce the likelihood of spam complaints. Use double opt-in, engagement filters, and a sunset policy to keep your list health and engagement high:
- Set good messaging expectations: Make sure it is clearly indicated on your sign up forms what kinds of messages new subscribers will receive. Leave any opt-in boxes unchecked by default.
- Send relevant content: Always strive to send targeted, personalized, and interesting content to your audience to improve engagement.
Embracing change for better email deliverability
By following these best practices, you’ll be well-prepared to meet Gmail and Yahoo’s new email sending requirements.
Remember, these changes are designed to create a safer and more secure email environment for everyone, and your compliance plays a crucial role in achieving this goal.Ready to become a deliverability expert? Sign up for our 5-part deliverability series now.