Are You Ready to Use New Email Sender Standards?
Over 99% of spam is effectively blocked by Gmail’s AI-powered spam filter, preventing billions of unsolicited emails from reaching the users’ inboxes every day. But the threat landscape is changing, which dictates stronger defenses are needed.
Email senders frequently fail to configure their systems properly, which makes them an easy target for attackers. In order to address this problem, Google and Yahoo put attention to a crucial component of email security: confirming the sender’s identity.
Some sort of authentication has been already required, which improved accuracy in thwarting billions of fraudulent messages sent to email users. That was the first step and there is still more to be done.
New Google Email Sender Requirements
Google is now putting new standards for all email senders in place, which will be effective starting from February 2024. With these requirements, email receivers can be sure that their mailboxes are safer and freer of spam.
It is to note that Google will have stronger standards for bulk email senders. Google defines a bulk sender as “any email sender that sends close to 5,000 messages or more to personal Gmail accounts within a 24-hour period.”
With that said, beginning from February 2024, Google will start to require that the senders sending emails to Gmail accounts:
1. Implement Email Authentication.
By removing vulnerabilities that attackers exploit, email authentication will eventually strengthen security for both senders and receivers.
- for any sender, authenticating emails with SPF or DKIM will become a requirement;
- bulk senders will be required to authenticate their emails with both SPF and DKIM protocols. Moreover, bulk senders will need to set up a DMARC record and pass SPF alignment or DKIM alignment.
If you are new to DMARC, we make it easy to generate a DMARC record with GlockApps DMARC Analyzer. Enter your domain name and create a DMARC record with a few mouse clicks. After you publish the DMARC record in DNS, you’ll start seeing the email authentication outcomes in your account at GlockApps. It allows you to effectively monitor your domain configuration and detect SPF, DKIM, and DMARC failures timely.
GlockApps DMARC Analytics: domains overview
It is important to note that Gmail will start using the DMARC enforcement policy set to ‘quarantine’. Therefore, senders should not impersonate Gmail’s headers in order to get their emails delivered.
2. Send Permission-Based Emails.
Since spam is being hated by all, Gmail has already included a number of tools to help its users filter unwanted messages. Now they will add an extra degree of security by applying a strict spam rate threshold that senders must be compliant with:
- any sender must stay below 0.1% and never hit 0.3%;
- a bulk sender must stay below 0.1%, or less than five complaints per 5,000 messages and never hit 0.3%.
The goal of this innovation is to safeguard Gmail users from receiving an excessive amount of unsolicited email communications. Email senders should therefore ensure they send messages that are wanted by their prospects in order to not cross the “red line.”
3. Allow to Unsubscribe with One Click.
It should be easy for a recipient to stop receiving unsolicited emails from a certain email sender. Thus, including an unsubscribe link into any marketing emails has been a best email practice for ages.
Google steps forward and strengthens this requirement for bulk email senders. Starting from February 2024 bulk senders must:
- put an unsubscribe link in a clearly visible place in the message body;
- allow one-click unsubscribe;
- handle unsubscribe requests within a two-day period.
Additionally, Google will have new requirements concerning PTR records, TLS connection to their server, message format, and email forwarding. They provide detailed information in their email sender guidelines.
New Yahoo Email Sender Requirements
Following Google, Yahoo is turning recommended email sender practices into required standards. If these new regulations are not followed, email senders may start having trouble delivering their email communications to Yahoo users from February 2024.
Like Google, Yahoo has different email requirements for bulk senders compared to small and medium size senders. With that said, you’ll want to double check the configuration of your email workflow to ensure it meets the new Yahoo’s email sender standards depending on the volume of emails you send.
New Yahoo Email Standards for All Senders
No matter what your sending volume per day is, you will be required to:
- Authenticate your emails with either SPF or DKIM.
- Stay under 0.3% for user complaint rate.
- Set up a valid forward and reverse DNS record for your sending IP address.
When it comes to an rDNS record, this aspect is typically handled by an email service provider.
New Yahoo Email Standards for Bulk Senders
Large volume senders will have to ensure they have these things set up:
1. Both SPF and DKIM authentications.
2. Valid DMARC record.
It’s acceptable to set the policy to “none.” Yahoo advises to include the rua= tag with valid email addresses to receive DMARC reports for analysis.
Also, DMARC must pass either based on SPF or DKIM alignment. To achieve this alignment, the “Header From” domain must align either with the Return-Path Domain or DKIM domain. Alignment in relaxed mode is acceptable.
3. Single click unsubscribe process.
The unsubscribe link must be placed in a clearly visible place in the email message. Unsubscribe requests must be processed within 2 days. The unsubscribe process handled via email is allowed.
4. Spam reported rate under 0.3%.
It is to note that Yahoo calculates spam complaint rate based on the emails delivered in the Inbox.
5. Valid forward and reverse DNS record.
Ensure that the reverse DNS reflects your domain name to some extent. Avoid using rDNS that resembles a dynamically-assigned IP.
Maintaining an email environment that is safer, easier to use, and free of spam requires ongoing cooperation and attention from everyone involved in email communication.
Whether you are a small, medium or a large sender, consider these innovations from Google and Yahoo as an additional check-up for your sending process configuration, destined to take care of problems that aren’t visible at first and guarantee that your email flow works properly.