Google and Yahoo's Requirements
Google and Yahoo's Requirements
2024 marks a turning point in the fast-paced world of email deliverability, as this is the year when Google and Yahoo updated their sender requirements. With the enforcement period now underway, ISPs have begun progressively rejecting emails that do not comply with these stringent new regulations.
If you fail to comply with sender rules, your messages may not be delivered, as a result of which you will receive a specific error code from Google with an explained reason for rejection:
Error Code |
Description |
---|---|
4.7.27 | SPF isn’t set up for your sending domains or IP addresses. All senders must use either SPF or DKIM authentication for outgoing messages. Bulk senders must use both SPF and DKIM authentication for outgoing messages. |
4.7.30 | DKIM isn’t set up for your sending domains or IP addresses. All senders must use either SPF or DKIM authentication for outgoing messages. Bulk senders must use both SPF and DKIM authentication for outgoing messages. |
4.7.23 | Your domain or IP address doesn’t have valid forward and reverse DNS records. This is a requirement for all senders. |
4.7.29 | Messages aren’t sent over a secure TLS connection. This is a requirement for all senders. |
4.7.32 | The domain in the From: header of your messages isn’t aligned with either the SPF domain or the DKIM domain. This is a requirement for bulk senders. |
source: https://support.google.com
Both providers began enforcing those rules gradually through the year’s first half. The real question is, how well are you prepared?
Visualizing the background, in 2024, Gmail has over 1,8 million users worldwide, while Yahoo Mail has 227,8 million users, as earthweb.com reports. However, in 2023, 45,6% of all emails were classified as unsolicited junk mail. Furthermore, highlighting security concerns, Gmail’s anti-malware solutions intercepted 18 million phishing and malware emails in just one week during the 2020 pandemic.
Mailbox providers have long emphasized the need to change this situation by introducing good sender practices. Finally, they announced the start of enforcing them as requirements at the 59th Messaging, Malware, Mobile Anti-Abuse Working Group meeting in New York, held in October 2023.
Understanding this context helps clarify the rationale behind the new sender rules. These requirements help ISPs effectively route your emails to the right place. Ultimately, these new rules aim to safeguard both users and senders and reduce inbox overload.
“We firmly believe that users worldwide deserve a more secure email environment, with fewer unwanted messages for an improved overall experience. We look forward to working with peers across the industry to boost the adoption of these email standards that benefit everyone.” – Neil Kumaran, Group Product Manager, Gmail Security & Trust
All senders should be especially aware of requirements and adapt those rules to their email strategies, despite the fact, that the initial regulations were directed primarily at bulk senders.
A bulk sender typically is an entity or organization that sends approximately more than 5000 emails in a short period. This group often includes businesses, marketers, and organizations that engage in email marketing campaigns, newsletters, and other mass email communications.
Google’s perspective is clear-cut: you will be labeled as a bulk sender permanently if you have sent large volumes of emails (over 5,000 daily) from your primary sending domain at least once. Conversely, Yahoo needs to provide a more precise definition.
“For the purposes of enforcement, a “sender” is viewed at the authenticated domain or From header domain level. However, we will use all of the information available (content, IP, etc.) to review sender compliance. A “bulk” sender is classified as an email sender sending a significant volume of mail. We will not specify a volume threshold.” – source: Senders Yahooinc FAQs
Considering Yahoo, their requirements apply to all domains and consumer email brands hosted by Yahoo Mail. Yahoo Japan is a separate entity.
W are fully aware that keeping up with all requirements is quite challenging, so we have prepared this deliverability factsheet. You will find here the beginnings of the most important updates from Google and Yahoo. We did this as We belive that understanding the past helps us better understand the future and maximize our email communication. Rest assured, we will update you on any developments in this space.
Back in the day, SPAM took control over the world of email, leading to full mailboxes. In 2011, SPAM accounted for a horrifying 80,26% of email traffic. Back then, senders often neglected to obtain consent, purchasing unverified recipient databases. Gmail and Yahoo rewarded senders with high open rates (OR) and click-through rates (CTR), but there were no strict rules on reaching inboxes, leading to what we now refer to as the “Spray and Pray Era.”
BIMI, known as Brand Indicators for Message Identification, is a new email security standard introduced in July 2021 and quickly adopted by providers like Gmail or Apple Mail. It protects your emails from unauthorized use and helps recipients quickly identify legitimate emails from trusted senders, enhancing brand recognition. How exactly, you shall ask?
When you send an email, the mailbox provider authenticates it. “If the message passes authentication, the mailbox provider queries the DNS for a corresponding BIMI record. If a BIMI record is present, the mailbox provider can use the brand (logo) to display that message in the inbox.” – source: BIMI Group Org
Two key steps to implement BIMI are:
▪️ A DMARC policy set to p=reject or p=quarantine.
▪️ Register a trademark logo (VMC) for your brand logo.
Google will include your verified logo by the From Name, and on a mobile device, it may display the logo at the top of the expanding list of messages. At the same time, it is worth remembering that each mailbox provider can decide not to display your logo if they consider your sender reputation questionable.
Google has extended CSE by introducing S/MIME in Gmail, allowing customers to send and receive encrypted emails. To implement this solution, You need to enable the Gmail API.
S/MIME (Secure/Multipurpose Internet Mail Extensions) is a widely accepted, highly secure protocol accessible since 1995. The industry uses it to sign and encrypt emails digitally. From the recipient’s perspective, the S/MIME key is a checkmark or ribbon icon, which ensures message integrity and security.
Google Workspace users and Gmail owners may see a blue checkmark next to senders who have implemented BIMI (Brand Indicators for Message Identification). This new feature makes it easier for users to spot trustworthy senders based on the BIMI standard. Moving your mouse over the badge, you’ll see the message:
“This sender has verified ownership of the domain and logo in the profile image.”
This follows efforts to protect recipients from increasing phishing attempts. Since Google announced support for the BIMI standard in July 2021, it has not been entirely clear how to distinguish verified senders from the ones who have uploaded their logo to their Google Workspace profile. It’s worth noting that a similar blue verified sender checkmark was introduced at Yahoo Mail six months after Google did.
Sender Verification In Google – Blue Verified Checkmarks Will Appear In Gmail
It was revealed at the 59th annual M3AAWG conference in New York that Google and Yahoo are tightening their rules for accepting email traffic, and the senders will need to adjust to find their way to inbox in 2024.
What exact sender requirements have caused so much buzz in the realm of email? Read along; we will clarify it all step by step.
In December 2023, Google required all senders to use a TLS connection for transmitting emails. Transport Layer Security (TLS) is a protocol that encrypts email messages to secure data transmission via email against potential interception.
By default, Gmail always tries to send messages over a secure TLS connection, but to establish a secure end-to-end TLS connection, the sending and receiving servers (A.K.A.), sent to and from domains and addresses should use TLS. It takes two to tango. Sorry.
What Is StartTLS?
Pro Tip: Google says this change will not impact mail routes that were previously created. This also means admins can test their SMTP outbound routes’ TLS configuration before deployment, and they no longer need to wait for messages to bounce.
Additional details are accessible here.
Starting February 1, 2024, mailbox providers began applying the rules without strict enforcement. Google and Yahoo anticipated senders would utilize this time to make any necessary adjustments to ensure compliance before rejecting non-compliant traffic. Since then, email senders like you must adhere to specific Gmail and Yahoo standards to maintain a good reputation and correctly classify emails in users’ inboxes. Below, we list the updates that have been announced in February 2024.
List of Google Updates to be Implemented since February 2024:
▪️ Mandatory SPF and DKIM authentication
▪️ Gmail From: header impersonation
▪️ Domain Alignment
▪️ Valid forward and reverse DNS records
▪️ Messages formatted according to RFC 5322
▪️ Send an e-mail over a secure TLS connection
▪️ Spam Complaints below 0,3% verified in Google Postmasters Tools
▪️ Not sending from free mailboxes
List of Yahoo Updates to be Implemented Since the First Quarter of 2024:
▪️ Set up SPF and DKIM records for each of your sending domains
▪️ For high-volume senders, set up DMARC in p=none policy
▪️ Domain Alignment
▪️ Spam Complaints below 0,3%
▪️ Enable Easy Unsubscription
FYI: More detailed information on each requirement can be found in the following sections of this article.
Maximize your email deliverability and security with EmailLabs!
Google released an update to Postmaster Tools that you should use to check your compliance status for Gmail. New Google Postmasters Tool dashboards provide detailed information about your email delivery and message format:
▪️ SPF and DKIM Authentication
▪️ From header alignment
▪️ DMARC Authentication
▪️ Encryption
▪️ User-reported spam rate
▪️ DNS record
▪️ One-click unsubscribe – coming soon
▪️ Honor unsubscribe – coming soon
Google announced that they would start rejecting a percentage of non-compliant email traffic and gradually increase the rejection rate since April. As you can see, if you’re a bulk sender, there is no excuse; if you fail to meet the sender requirements, you will face consequences. That is why they suggested that senders use the temporary failure enforcement period to prepare in advance to make any changes required to be compliant.
It’s time to implement a one-click unsubscribe in marketing messages honored within two days. Otherwise, you will notice issues that will undoubtedly reflect your email deliverability. If you are surprised, please note that Google has already prolonged this deadline. How will providers enforce this, you ask? The good news is that Google will not automatically reject marketing traffic or classify them as spam simply because they fail to comply with the one-click unsubscribe requirement. However, they do foreshadow this:
“unwanted messages that don’t use one-click unsubscribe are more likely to be reported as spam by recipients. An increase in messages marked as spam increases the chances that future messages from the same sender are delivered to spam.” – Email sender guidelines FAQ, Google.
Allowing the unsubscribe option straight from the recipient’s inbox provides a positive change for mailbox users overwhelmed with unsolicited emails. Besides, you should prefer people to unsubscribe instead of reporting you as a spammer…
List of Google Sender Requirements Fully Enforced Since June 2024:
▪️ DMARC record with a minimum policy (p=none)
▪️ One-click unsubscribe in marketing messages processed within 2 days
Yahoo Sender Requirement that Takes Effect since June 2024:
▪️ One-click unsubscribe in marketing messages processed within 2 days
All 2024 Email Sender Requirements from Yahoo are listed here.
For detailed, step-by-step instructions on each requirement, refer to our earlier publication:
How to Prepare for Gmail and Yahoo! Sender Requirements Before February 2024.
Below, we summarize the crucial must-knows for the best message deliverability.
All senders should add SPF and DKIM authentication to their domain and IP address. As the industry folks like to say: No Auth, No Entry. Bulk senders must implement DMARC authentication, at least with a “p=none” policy. No questions asked.
FYI: You can use the free sending domain configurator to set up DMARC in the EmailLabs dashboard. Check detailed instructions.
Domain alignment means that the Envelope From domain (return_path) must match the Header From (From address) domain, or the DKIM domain must align with the Header From domain.
Google recommends that all senders fully align DMARC to SPF and DKIM.
“It’s likely that DMARC alignment with both SPF and DKIM will eventually be a sender requirement. ” – support.google.com
The spam rate represents the percentage of email messages designated as spam by users to the emails successfully delivered to active user inboxes. It’s important to note that even if users mark emails as spam in their inbox, if a significant portion of emails are directed to spam folders upon delivery, it may result in a lower spam rate.
The spam complaint rate should not exceed 0,3% displayed in Google Postmaster Tools. Yahoo! Mail does not provide precise thresholds for acceptable spam rates, but they expect all senders to keep their complaint rates low.
We recommend that you read Emaillabs’ Anti-Spam Policy. The level of spam complaints specified therein must not exceed 0.1%, so our approach to this metric is very strict.
All senders who forward messages from other accounts or services to Gmail should add Authenticated Received Chain (ARC) headers, as Google clarifies:
“If you manage a forwarding service, including mailing lists or inbound gateways, add ARC headers to outgoing email. ARC headers indicate the message was forwarded and identify you as the forwarder. Mailing list senders should also add a List-id: header, which specifies the mailing list, to outgoing messages.”
When the original email content is changed in the forwarded messages, SPF or DKIM authentication can fail. Overall, ARC checks authentication for forwarded messages and helps ensure messages are delivered to the final recipients.
It’s imperative for all messages, regardless of the sender’s size, to adhere to the RFC 5322 standard. This standard is widely recognized and defines the format of emails, headers, content, message body, and attachments.
For example, defined by 5322 standards, header fields encompass vital details like sender, recipient, subject line, date, and additional metadata, offering essential information about the message:
Header |
Description |
---|---|
From | Sender’s email address |
To | Recipient’s email address |
Subject | Summary of the content or purpose of the email. |
CC | Address to which a copy of the message should be sent |
BCC | Address to which a copy of the message, hidden for other recipients, will be sent |
Both providers have mandated that senders facilitate a quick and seamless opt-out process from marketing communications starting June 2024. To comply, it’s imperative to incorporate a one-click unsubscribe option. You should process unsubscribe requests promptly, preferably within 2 days. Overall, sending emails to unsubscribed recipients is against best practices and can result in issues with email deliverability.
In the EmailLabs administration panel, there is a ‘List-Unsubscribe’ option. This functionality allows you to include an ‘unsubscribe’ button directly in an email message. See detailed instructions.
The purpose of domain warm-up is to enhance your domain reputation and establish trust with ISPs, ensuring that your emails are delivered directly to recipients’ inboxes without being flagged by spam filters.
When initiating e-mail sending from a new domain with no established reputation, ISPs may exhibit caution, limiting the volume of messages you can send until you prove reliability.
Pro Tip: Increase your sendings slowly and warm up your dedicated IP address to avoid deliverability troubleshooting and email throttling.
Having just absorbed the Google and Yahoo sender requirements, you should feel assured as an email marketer and rest easy… However, compiling a list of “don’ts” is important to ensure you have a comprehensive landscape of sender rules and recommendations for effective email communication.
▪️ Forget about @googlemail – Google has changed its DMARC policy to “p=quarantine,” so sending from addresses such as @gmail or @googlemail will no longer be allowed.
▪️ Avoid mixing different content purposes – avoid mixing different types of content within the same message. For example, refrain from including promotions in sales confirmation messages.
▪️ Do not impersonate domains – never impersonate other domains or senders without explicit permission. Engaging in such practices, known as spoofing, may prompt Gmail to mark your messages as spam.
▪️ Do not purchase e-mail addresses – avoid purchasing email addresses from other companies, as it can lead to unsolicited messages. Sending emails to individuals who haven’t opted in can significantly increase the risk of being perceived as SPAM by recipients and Internet Service Providers (ISPs).
▪️ Don’t forget about default opt-ins – Be mindful of restrictions on automatic opt-ins in certain countries and regions. Before implementing such practices, ensure compliance with local regulations. Consider adopting Double Opt-in methods as a safer alternative to Default Opt-Ins.
Adapting to the sender requirements announced for 2024 is crucial for maintaining effective email communication. The list of those guidelines is extensive, but If you included previous good sender practices in your email strategy, all those requirements should be familiar.
Otherwise, you’d better catch up quickly. Doing so will be extremely challenging for individuals operating in the “grey area” who rely on external databases and send emails to unverified recipient lists.
In conclusion, if you fail to do so, you will encounter significant deliverability issues requiring extensive troubleshooting. Your emails may hard bounce or be marked as spam. The good news is that providers will deliver information with error codes that name the problem and explain the compliance failure.
Our EmailLabs Team’s Mission is to support you in finding your way to the inbox, and we will keep you updated with all the sender requirements in 2024.
If you require any help adjusting to new Google and Yahoo requirements or are encountering troubleshooting issues, we are ready to help.
Good luck and happy deliverability! 💌
We are pleased to announce that MessageFlow, a product from the Vercom S.A. group, has received the prestigious CSA (Certified Senders Alliance) Certification. This recognition not only underscores the...
We are proud to announce that Vercom S.A., the company behind the EmailLabs project, successfully passed an audit for compliance with the latest ISO/IEC 27001:2022 and ISO/IEC 27018:2019 standards....
The increasing number of phishing attacks each year, and the projection that this trend will continue to escalate, aren’t likely to astonish anyone. This can be attributed, in part,...
Out of all the things that can go wrong when sending out marketing emails, having your emails end up in the recipient’s spam folder is arguably the most dreaded...
Email Authentication, Security
DMARC is an email authentication protocol that is designed to give domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. Spoofing occurs...
With the emergence of the Covid-19 pandemic, many brands have been challenged to adapt in a short period to the changed reality and new consumer attitudes. That meant reorganizing...
Best practices, Email Marketing
Email marketing is a powerful tool for businesses to connect with their audience, promote products, and drive conversions. However, simply sending out an email campaign is not enough to...
With the release of iOS 18 on September 16, 2024, Apple has introduced a long-anticipated update to Apple Mail: tabbed inboxes. While this feature isn’t a novelty – Gmail...
We are pleased to announce that MessageFlow, a product from the Vercom S.A. group, has received the prestigious CSA (Certified Senders Alliance) Certification. This recognition not only underscores the...
Best practices, Email Marketing
Email marketing is a powerful tool for businesses to connect with their audience, promote products, and drive conversions. However, simply sending out an email campaign is not enough to...
With the release of iOS 18 on September 16, 2024, Apple has introduced a long-anticipated update to Apple Mail: tabbed inboxes. While this feature isn’t a novelty – Gmail...
Gmail users may soon benefit from a game-changing feature called Shielded Email, designed to enhance privacy and combat spam. While the feature has not yet been officially launched, recent...
Are you frustrated with the constant struggle of your emails getting blocked by Gmail? Have you ever wondered about the reasons behind this issue and, more importantly, how to...
In the ever-evolving landscape of email management, Google has announced an exciting upgrade to Gmail’s summary cards, aimed at improving user experience and streamlining inbox navigation. The latest enhancements,...
Entering the world of email communication, you’ll encounter many terms that initially seem straightforward and intuitive. However, some of these can be pretty challenging. Accurately distinguishing between them is...
Attaching a folder to an email may seem complicated at first glance, especially if you’re trying to send multiple files or an entire project’s documents to a colleague or...
Best practices, Deliverability
In today’s digital age, email has become an integral part of our personal and professional communication. We rely heavily on emails to send important messages, documents, and updates. But...