How to Prepare for Gmail and Yahoo! Sender Requirements Before February 2024?

Gmail has announced significant changes in the requirements for email senders to maintain a good reputation and proper classification of messages in user inboxes starting from February 1, 2024. Similar changes will be implemented by Yahoo! Mail in Q1 2024

Major global providers are gearing up to send a clear signal – it’s time to implement requirements previously considered best practices to enhance email users’ security and significantly reduce the amount of SPAM reaching our inboxes every day.

This is not surprising, especially considering the prior promotion of the BIMI standard, which we have been assisting our clients in implementing for over 2 years. Particularly, Gmail has emphasized the importance of fully securing the sender’s brand and its marking in the inbox. It’s worth noting that brands with implemented BIMI display their logo in the inbox, along with a clear indication that the sender is verified.

We believe that there will be a tightening of requirements within the DMARC authentication, moving from “p=none” policy to a more restrictive one. It’s advisable to familiarize yourself with these changes now to avoid being surprised by an increased number of bounced messages or messages classified as SPAM, she adds. The DMARC change will be a significant challenge for many senders. Some express concerns that organizing processes within their email systems will take at least a few weeks.

Katarzyna Garbaciak, COO EmailLabs

New Requirements for Gmail and Yahoo! Mail – Who Will Be Affected?

When Will The Changes For Senders Take Effect?

Requirements for sender authentication (SPF, DKIM, and DMARC), domain alignment, and spam complaint level requirements will come into effect in February. On the other hand, the one-click unsubscribe requirement will be effective from June 1, 2024. Google strongly emphasizes implementing these requirements earlier and not waiting until the final date. Quoting Google documentation:

“If you send more than 5,000 emails per day before February 1, 2024, follow the guidelines in this article as soon as possible. Meeting the sender’s requirements before the deadline may improve your email delivery.”

Yahoo! Mail provides a less precise timeframe, stating it will be within the first quarter of the new year.

What Exactly Will Change For Senders?

Google and Yahoo have been making significant efforts to enhance email security and reduce spam for years. The introduced changes aim to provide even better protection for email recipients and tighten the implementation of anti-spam filters. The modifications include:

First of all: Authenticate Your Domain!

The most crucial and challenging change involves email authentication. Mandatory SPF and DKIM authentication are being introduced for all senders.

Bulk senders will be required to implement DMARC authentication, at least with a “p=none” policy. This will now be a mandatory requirement, as opposed to a previously recommended practice.

Messages sent by bulk senders must undergo domain alignment in the DMARC record. This means that the Envelope From (Return-Path) domain must be the same as the Header From (From address) domain or that the DKIM domain is the same as the Header From domain. We recommend that highlighted elements be consistent.

How to Configure DMARC?

Setting up DMARC involves three essential steps besides the purely technical aspects of adding a DMARC record.

1. Evaluate the infrastructure responsible for sending email messages.
   This includes mail servers and external services sending emails on behalf of the sender, such as server infrastructure providers like EmailLabs or marketing automation platforms.
2. Creating a Custom DMARC Policy for Each Protected Domain.
   DMARC adds rules to the organization’s DNS record, instructing receiving servers on handling email messages sent from a specific domain. The DMARC policy itself can be set to “reject,” “quarantine,” or “none”:
   • Reject: The message will be rejected if it fails authentication tests and is not authorized by the sender.
   • Quarantine: Messages will be directed to the SPAM folder until they pass authentication checks and are authorized by the sender.
   • None: The receiving server takes no action on messages that fail authentication checks.
     

     Depending on the DMARC policy, the email message may be delivered, placed in the spam folder, or rejected outright.

      

3. Publishing the DMARC Record in the DNS of Your Domain:
   To achieve this, access the DNS settings in the Admin Console and insert a TXT record resembling the following:
   v=DMARC1; p=quarantine; rua="[email protected]"; ruf="mailto:[email protected]"

In this record, the “v” tag signifies the DMARC version in use (typically “DMARC1”), the “p” tag indicates the DMARC policy and the “rua” and “ruf” tags specify the email addresses designated to receive reports related to DMARC activities – “rua” for aggregate reports and “ruf” for failure/forensic reports. If you employ the rua/ruf tag, it’s essential to use the “mailto:” prefix.

Read detailed instructions on how to set up DMARC correctly.

Simple Opt-In Process	When users subscribe to your emails, make the process simple and transparent. Clearly state what they are signing up for and ensure they have full control over their subscription preferences.
Allow one-click Unsubscribes	Provide a clear and accessible unsubscribe option in every email you send. Make it as straightforward as possible for users to opt out of your emails. Failing to do so can lead to user frustration and spam complaints.
Respect User Choices	Honor unsubscribe requests promptly. Continuing to send emails to recipients who have unsubscribed is not only against best practices but can also result in email deliverability issues.

Secondly: The Spam Complaint Rate (marking emails as SPAM) Must Be Very Low.

Google specifies that it should not exceed 0.3% according to the data displayed in Google Postmaster (Spam Rate tab). Yahoo! Mail does not provide exact numbers. This req

uirement will apply to all senders.

The spam rate is the percentage of email messages marked as spam by users compared to the total emails delivered to the inbox for active users. If many emails are directly delivered to spam folders, the spam rate may be low, even if users continue to mark your emails in their inbox as spam.

We recommend that you read Emaillabs’ Anti-spam Policy. The level of spam complaints specified therein must not exceed 0.1%, so our approach to this metric is very strict.

The BIMI Standard and VMC Certificate

The tightening of sender classification criteria and fundamentals is a natural consequence of the increasing volume of emails and spam. The number of threats related to brand impersonation in email communication is also on the rise.

Google and Yahoo! Mail have been encouraging senders to adopt the BIMI standard for the past three years. Google rewards senders who implement the VMC certificate with an additional blue checkmark that appears alongside the logo and sender’s address, confirming that the message is from a sender who is also the domain owner.

Sender Verification In Google – Blue Verified Checkmarks Will Appear In Gmail

However, to enjoy the BIMI standard and display a logo in the Yahoo! Mail inbox, which is somewhat more lenient and does not require VMC, it is mandatory to implement DMARC with a restrictive policy. The new rules don’t go that far; requiring DMARC with a “p=none” policy is sufficient. However, it is expected that in the next step, email giants may tighten these rules further.

End of Spray and Pray

Gmail and Yahoo have long rewarded senders with high open rates (OR) and click-through rates (CTR), whose messages are widely shared. Now, however, it has become clear that a certain era is coming to an end – the era of sending messages to unverified recipient lists, inactive subscribers, and those not engaging in our communication. A tough time is approaching for senders who don’t know their customers, don’t segment them based on needs and preferences, and don’t create personalized communication.

Until now, there was no point in hiding the unsubscribe option for fear of an increased spam complaint rate. Now the bar has been raised. Gmail already represents 40-50% of the database for most clients. Senders can’t afford to create uninteresting, unattractive messages; not only will it be very easy to unsubscribe from such communication, but a spam complaint rate above 0.3% will result in unwanted emails being directed to spam or not delivered.

How to Prepare for Google and Yahoo Changes?

Google and Yahoo have announced the changes in recent weeks. We realize that the period is intense and demanding for many of you. Nevertheless, it is a good idea to start adjusting to the new requirements as soon as possible. If you are an EmailLabs customer, you can already prepare for the upcoming changes. Here’s a quick guide on where to start.

Free Sending Domain Setup Configurator

ATTENTION: We have released a free sender domain authentication configurator. To prepare for the upcoming changes from Google and Yahoo, please log in to your panel and complete the authorization today. Ensure that the configuration includes all domains from which you send messages. You can find the configurator in the EmailLabs dashboard under the Administrator tab > Sender Authorization.

Here, you will generate all the entries, including DMARC, which must then be added to your domain’s DNS settings. Similar steps need to be taken for each new domain from which you will be sending emails. You may need the support of an administrator or IT department. Don’t wait until the end of January; take the first step today and notify the relevant individuals in your organization. It may turn out that implementing the necessary settings will take more than 2 weeks, and you won’t meet the deadline of February 1.

Do you not know how to correctly add entries to DNS for a domain registered with your hosting provider? Check out the ready-implement instructions!

1. Authorizing the domain hosted by Cloudflare
2. Authorizing the domain hosted by GoDaddy
3. Authorizing the domain hosted by cyber_Folks
4. Authorizing the domain hosted by home.pl
5. Authorizing the domain hosted by nazwa.pl
6. Authorizing the domain hosted by OVHcloud
7. Authorizing the domain hosted by zenbox.pl