If you are an email marketer or a brand that sends a lot of emails, you might already be aware of the upcoming updates discussed in the collaborative announcements from Gmail and Yahoo that will be implemented in February 2024.
Most of these mandates are actually standard best practices that you might already be following. So, if you’re doing email marketing the right way, the update wouldn’t really bother you much. However, if you’re not, this guide will teach you everything Gmail and Yahoo want you to do to make your emails compliant.
Table of contents
Why have Google and Yahoo announced these updates?
Gmail and Yahoo want to protect their users from spam, unwanted and phishing emails and email authentication plays an important role in making that happen. If senders don’t secure their systems and emails, it becomes very easy for bad actors to exploit the system.
Protecting the inboxes from spam and malicious emails makes their email experience safer. These updates won’t only protect recipients from malicious emails but also help you and your organization from being impersonated and your emails will be less likely to be marked as spam.
Will it affect you and when?
Gmail and Yahoo’s new rules are mainly targeting bulk email senders. If you're someone who sends 5000+ emails/day to Gmail and Yahoo users, then you're going to get affected by it. However, if you’re a smaller sender or focus only on transactional emails that don’t sum up to that number, you might not feel the impact of these new updates yet.
However, ignoring these updates completely isn’t really wise. What has become mandatory for bulk senders might become mandatory for you too, in the future. It’s also a good idea to keep your servers, your organization and your recipients safe from the bad actors out there by authenticating your emails.
Yahoo requires all bulk email senders to comply with the requirements within the first quarter of 2024 while Google requires the same within February 2024 itself.
Here are some other important dates from Google that you must know about.
|Senders get temporary errors on some of the non-compliant email traffic
|Gmail will reject a percentage of non-compliant email traffic and gradually increase the rejection rate
|June 1, 2024
|Deadline to implement one-click unsubscribe in all commercial and promotional messages
What have Gmail and Yahoo announced for 2024?
Important personnel from both Yahoo and Google have emphasized on the importance of the safety of email users’ inboxes from malicious emails and also on senders sending properly authenticated emails. Look at what they had to say:
We firmly believe that users worldwide deserve a more secure email environment, with fewer unwanted messages for an improved overall experience.
-Neil Kumaran, Group Product Manager, Gmail Security & Trust
No matter who their email provider is, all users deserve the safest, most secure experience possible.
-Marcel Becker, Sr. Dir. Product, Yahoo
What happens if you don’t comply?
The short answer is that if you don’t comply with these requirements, your emails will be rejected with specific error codes or end up in spam. This will affect your deliverability rates negatively impacting your email ROI.
What this basically means is that if you are not in compliance with these updates, your emails won’t get delivered to your recipients’ inboxes. This will result in the deterioration of your brand image and poor performance of your email campaigns, whatever might be the goal.
What are the requirements for compliance?
The requirements from Gmail and Yahoo can be broken down into simple points:
Authenticate your emails using DKIM, SPF and DMARC
Reduce spam rate and keep spam complaint rate under 0.3%
Allow recipients to unsubscribe with one click
Comply with RFC 5322, PTR records and rDNS
Use TLS connection for transmitting emails
How can you make yourself compliant?
If you’re not an email marketing nerd, you might not be aware of some or all of the terms mentioned in the above points. So, let us break it down for you.
Authenticate your emails
Email authentication is a series of security measures implemented to reassure email clients that emails sent to the users are actually from the source that they claim to be from and prevent your emails from being marked as spam.
This is something that you can set up yourself but before that, here's how you can check if your emails are authenticated or not.
- Send an email to your Gmail account.
- Open the email and click on “Show Original” to inspect the authentication results for SPF, DKIM, and DMARC.
- If everything is set, you will see something like this.
- If any of these records are missing or fail, it may be because of common issues like absent records, typos, incomplete SPF records, or duplicate entries.
If you're using Mailmodo as your ESP, you don't have to worry as Mailmodo always mandates the setup of DKIM, SPF, and DMARC for its users, ensuring a layer of security and trustworthiness for your email campaigns.
However, if you're not a Mailmodo user, you can fix this by obtaining the correct SPF and DKIM records from your Email Service Provider (ESP) and ensuring that these records are accurately entered in your domain's DNS settings, typically managed through platforms like GoDaddy or Google Domains.
You can read ahead to know about the different authentication methods and a step-by-step on how to update them manually.
- Sender Policy Framework (SPF): SPF helps the receiving servers confirm that the IP that an email is coming from is allowed to send emails on your behalf. You can have your ESP or your IT team to create a TXT record (list of IPs allowed to send emails on your behalf) and set up your SPF for you.
If you want to set it up manually, you can check out help section from Google where it defines the steps or you can see the video below.
- DomainKeys Identified Mail (DKIM): DKIM assigns a private digital signature for each email and lets ensures that the message was not altered in any way during the transit.
The originating email server has the 'private DKIM key,' which can be verified by the receiving mail server with the other half of the key, called the 'public DKIM key.'
If you’re using Gmail, you can follow the simple steps mentioned in their help section to turn on DKIM for your domain.
- Domain-based Message Authentication, Reporting, and Conformance (DMARC): DMARC allows domain owners to outline their authentication practices and the specific actions to be taken and a way to report the email when it isn’t authenticated. The sender’s From header must be aligned with either the SPF domain or the DKIM domain and a valid DMARC will still fail if the DKIM or SPF fails. This will prevent spammers from impersonating you.
You can check out Google's help section on how to define your DMARC if you need to set it up for yourself.
- Authenticated Received Chain (ARC): If you regularly forward emails, including using mailing lists or inbound gateways, add ARC headers to outgoing emails. ARC headers indicate the message was forwarded and identify you as the forwarder.
You should also add a List-id: header, which specifies the mailing list, to outgoing messages. If a forwarded message passes all authentication, but ARC shows that it previously failed authentication, it will be treated as unauthenticated.
Make unsubscription easy
In the past, we’ve seen email senders hide their subscribe button to make it difficult for users to opt-out. Moving forward, as a sender, this is something you’ll have to change.
- Allow one-click unsubscriptions: This basically means that you’ll have to include an unsubscribe link in the header of your emails to allow them to opt out with a single click. This needs to be supported by your ESP. However, it isn't required for transactional emails.
Here's how you can check if your email has that:
- On the top right of your email, click on three dots.
- Then Click on “Show Original.
- Search for “Link-Unsubscribe” and you will see the following:
If you don't have them and need to set up a one-click unsubscribe in Gmail, include both of these in the headers of your outgoing messages.
If you're using Mailmodo, you'll be happy to know that it adds the list-unsubscribe header to every email sent via its platform.
- Process unsubscribe requests within 2 days: Gmail has given a strict timeline on the number of days you have to process unsubscribe requests, which is two days. So you need to make sure that your ESP does that within that time frame or do it on a day-to-day basis if you’re doing it manually.
Lower spam rates
We’ve also received a number on the spam rate that, if you exceed, you’ll be penalized. You need to make sure to make sure that the spam complaints against you don’t cross 0.3%.
Spam rates can become high if you keep emailing non-opt-in users, ignoring unsubscribe requests, targeting inactive users, or failing to provide clear unsubscribe options.
You can measure the spam rates in Gmail Postmaster tool by following the steps below:
- Set up your domain on the Gmail Postmaster tool.
- Navigate to “Spam Rate”.
- Here, you can see the daily spam complaint rate. Note: Yahoo is also launching its own Postmaster tool
Here are some things that you can do to make sure that your spam rates remain low:
Send emails to only the people who opted in
Implement a double opt-in process for subscribers
Make it easy to unsubscribe by implementing one-click unsubscription
Divide your email list into segments and send relevant emails to each segment
Regularly clean your email list and remove inactive subscribers.
If you're using Mailmodo, it can integrate with Google Postmaster directly and offer insights into your domain's reputation and tell you if your domain reputation is bad, low, medium, or high.
Comply with RFC 5322 standard
You must format messages according to Internet Format Standard (RFC 5322). To ensure that:
Every message includes a valid Message-ID.
Message headers like From, To, Subject and Date occur only once in a message.
Have a PTR record
Ensure that your sending domains and IP addresses have valid forward and reverse DNS records, also referred to as PTR records. This helps verify that the sending hostname and the sending IP address are actually associated with each other.
You must also set up valid reverse DNS records of your sending server IP addresses that point to your domain. You can check for a PTR record with the Google Admin Toolbox Dig tool.
Mailmodo has already done these by default so if you're using Mailmodo, you don't have to worry about PTR records and RFC 5322. However, if you're not a Mailmodo user and your emails are not showing up in a Gmail inbox, then you might want to ask your ESP to look into it.
Encrypt your emails
Transport Layer Security (TLS) is a secure layer that encrypts emails and prevents unauthorized access to them when they are in transit over internet connections. It is a more secure and updated version of Secure Sockets Layer (SSL).
TLS encryption is basically under your ESP's control but you can check out if your email uses TLS by opening the email and clicking on the small arrow next to your name underneath the sender's address.
The absence of TLS encryption can be due to oversight or limitations within your ESP.
You can set up TLS in your Google admin console by going to Menu > Apps > Google Workspace > Gmail > Compliance and selecting TLS and configuring it. You can also check out the detailed steps to set up TLS in Google Workspace.
If it’s not set up and you are not using Gmail, you can talk to your email service provider to get it enabled.
However, if you're using Mailmodo,you don't have to worry as Mailmodo ensures that emails sent through its platform are TLS encrypted, aligning with best practices and enhancing deliverability.
You can also check out the other best practices outlined by Gmail and Yahoo themselves below:
The changes can be overwhelming for some email marketers who don’t follow the best practices that were initially outlined by Gmail and Yahoo. However, we know for sure that these updates are going to affect most of us, but for the better. It will create a safer space for the exchange of relevant and useful information.
It is also a well-informed update and this guide outlines the essential steps you should take to make yourself compliant with the same. You must also check out the other best practices to better your email marketing game and reduce any chances of inconveniences in the future.