Google and Yahoo’s Email Sender Requirements in 2024 [Updated Enforcement Timeline]

2024 marks a turning point in the fast-paced world of email deliverability, as this is the year when Google and Yahoo updated their sender requirements. With the enforcement period now underway, ISPs have begun progressively rejecting emails that do not comply with these stringent new regulations.

If you fail to comply with sender rules, your messages may not be delivered, and you will receive a specific error code from both providers with a clarified reason for rejection:

Error Code	Description
4.7.27	SPF isn’t set up for your sending domains or IP addresses. All senders must use either SPF or DKIM authentication for outgoing messages. Bulk senders must use both SPF and DKIM authentication for outgoing messages.
4.7.30	DKIM isn’t set up for your sending domains or IP addresses. All senders must use either SPF or DKIM authentication for outgoing messages. Bulk senders must use both SPF and DKIM authentication for outgoing messages.
4.7.23	Your domain or IP address doesn’t have valid forward and reverse DNS records. This is a requirement for all senders.
4.7.29	Messages aren’t sent over a secure TLS connection. This is a requirement for all senders.
4.7.32	The domain in the From: header of your messages isn’t aligned with either the SPF domain or the DKIM domain. This is a requirement for bulk senders.

source: Support Google Com

Both providers began enforcing those rules gradually through the year’s first half. The real question is, how well are you prepared?

The Reasons Behind Google and Yahoo Requirements 

Visualizing the background, in 2024, Gmail has over 1,8 million users worldwide, while Yahoo Mail has 227,8 million users, as earthweb.com reports. However, in 2023, 45,6% of all emails were classified as unsolicited junk mail. Furthermore, highlighting security concerns, Gmail’s malware scanners intercepted 18 million phishing and malware emails in just one week during the 2020 pandemic.

Mailbox providers have long emphasized the need to change this situation by introducing good sender practices. Finally, they announced the start of enforcing them as requirements at the 59th Messaging, Malware, Mobile Anti-Abuse Working Group meeting in New York, held in October 2023.

Understanding this context helps clarify the rationale behind the new sender rules. These requirements help ISPs effectively route your emails to the right place. Ultimately, these new rules aim to safeguard both users and senders and reduce inbox overload.

“We firmly believe that users worldwide deserve a more secure email environment, with fewer unwanted messages for an improved overall experience. We look forward to working with peers across the industry to boost the adoption of these email standards that benefit everyone.” – Neil Kumaran, Group Product Manager, Gmail Security & Trust

New Providers Rules Affect Not Only Bulk Senders

All senders should be especially aware of requirements and adapt those rules to their email strategies, despite the fact, that the initial regulations were directed primarily at bulk senders. 

 

Google’s perspective is clear-cut: you will be labeled as a bulk sender permanently if you have sent large volumes of emails (over 5,000 daily) from your primary sending domain at least once. Conversely, Yahoo needs to provide a more precise definition.

“For the purposes of enforcement, a “sender” is viewed at the authenticated domain or From header domain level. However, we will use all of the information available (content, IP, etc.) to review sender compliance. A “bulk” sender is classified as an email sender sending a significant volume of mail. We will not specify a volume threshold.” – source: Senders Yahooinc FAQs

Considering Yahoo, their requirements apply to all domains and consumer email brands hosted by Yahoo Mail. Yahoo Japan is a separate entity.

Above all, further updates from both providers have shown that all senders must be cautious. As it is “Better safe than sorry,” You better mark your calendar with all essential deadlines.

The Google and Yahoo New Requirements Enforcement Timeline and Key Updates 

W are fully aware that keeping up with all requirements is quite challenging, so we have prepared this deliverability factsheet. You will find here the beginnings of the most important updates from Google and Yahoo. We did this as We belive that understanding the past helps us better understand the future and maximize our email communication. Rest assured, we will update you on any developments in this space.

December 2011 – Spray and Pray Era

Back in the day, SPAM took control over the world of email, leading to full mailboxes. In 2011, SPAM accounted for a horrifying 80,26% of email traffic. Back then, senders often neglected to obtain consent, purchasing unverified recipient databases. Gmail and Yahoo rewarded senders with high open rates (OR) and click-through rates (CTR), but there were no strict rules on reaching inboxes, leading to what we now refer to as the “Spray and Pray Era.”

July 2021 – Introduction of BIMI Standard

BIMI, known as Brand Indicators for Message Identification, is a new email security standard introduced in July 2021 and quickly adopted by providers like Gmail or Apple Mail. It protects your emails from unauthorized use and helps recipients quickly identify legitimate emails from trusted senders, enhancing brand recognition. How exactly, you shall ask? 

When you send an email, the mailbox provider authenticates it. “If the message passes authentication, the mailbox provider queries the DNS for a corresponding BIMI record. If a BIMI record is present, the mailbox provider can use the brand (logo) to display that message in the inbox.” – source: BIMI Group Org

Two key steps to implement BIMI are: 

▪️ A DMARC policy set to p=reject or p=quarantine.

▪️ Register a trademark logo (VMC) for your brand logo.

Google will include your verified logo by the From Name, and on a mobile device, it may display the logo at the top of the expanding list of messages. At the same time, it is worth remembering that each mailbox provider can decide not to display your logo if they consider your sender reputation questionable.  

December 2022 – New S/MIME Migration Options for Gmail Client-Side Encryption (CSE)

Google has extended CSE by introducing S/MIME in Gmail, allowing customers to send and receive encrypted emails. To implement this solution, You need to enable the Gmail API. 

S/MIME (Secure/Multipurpose Internet Mail Extensions) is a widely accepted, highly secure protocol accessible since 1995. The industry uses it to sign and encrypt emails digitally. From the recipient’s perspective, the S/MIME key is a checkmark or ribbon icon, which ensures message integrity and security. 

May 2023 – Blue Checkmark for Senders that Have Adopted BIMI 

Google Workspace users and Gmail owners may see a blue checkmark next to senders who have implemented BIMI (Brand Indicators for Message Identification). This new feature makes it easier for users to spot trustworthy senders based on the BIMI standard. Moving your mouse over the badge, you’ll see the message:

“This sender has verified ownership of the domain and logo in the profile image.”

This follows efforts to protect recipients from increasing phishing attempts. Since Google announced support for the BIMI standard in July 2021, it has not been entirely clear how to distinguish verified senders from the ones who have uploaded their logo to their Google Workspace profile. It’s worth noting that a similar blue verified sender checkmark was introduced at Yahoo Mail six months after Google did.

Sender Verification In Google – Blue Verified Checkmarks Will Appear In Gmail

October 2023 – The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) 59th General Meeting 

It was revealed at the 59th annual M3AAWG conference in New York that Google and Yahoo are tightening their rules for accepting email traffic, and the senders will need to adjust to find their way to inbox in 2024. 

What exact sender requirements have caused so much buzz in the realm of email? Read along; we will clarify it all step by step. 

December 2023 – TLS Connection for Transmitting Emails

In December 2023, Google required all senders to use a TLS connection for transmitting emails. Transport Layer Security (TLS) is a protocol that encrypts email messages to secure data transmission via email against potential interception. 

By default, Gmail always tries to send messages over a secure TLS connection, but to establish a secure end-to-end TLS connection, the sending and receiving servers (A.K.A.), sent to and from domains and addresses should use TLS. It takes two to tango. Sorry.

What Is StartTLS?

Pro Tip: Google says this change will not impact mail routes that were previously created. This also means admins can test their SMTP outbound routes’ TLS configuration before deployment, and they no longer need to wait for messages to bounce.

Additional details are accessible here. 

February 2024 – Beginning of Enforcement of New Rules

Starting February 1, 2024, mailbox providers began applying the rules without strict enforcement. Google and Yahoo anticipated senders would utilize this time to make any necessary adjustments to ensure compliance before rejecting non-compliant traffic. Since then, email senders like you must adhere to specific Gmail and Yahoo standards to maintain a good reputation and correctly classify emails in users’ inboxes. Below, we list the updates that have been announced in February 2024.

List of Google Updates to be Implemented since February 2024:

▪️ Mandatory SPF and DKIM authentication

▪️ Gmail From: header impersonation

▪️ Domain Alignment

▪️ Valid forward and reverse DNS records

▪️ Messages formatted according to RFC 5322

▪️ Send an e-mail over a secure TLS connection

▪️ Spam Complaints below 0,3% verified in Google Postmasters Tools

▪️ Not sending from free mailboxes

 

List of Yahoo Updates to be Implemented Since the First Quarter of 2024:

▪️ Set up SPF and DKIM records for each of your sending domains

▪️ For high-volume senders, set up DMARC in p=none policy

▪️ Domain Alignment

▪️ Spam Complaints below 0,3% 

▪️ Enable Easy Unsubscription

 

FYI: More detailed information on each requirement can be found in the following sections of this article.

March 2024 – Update on Google Postmaster Tools 

Google released an update to Postmaster Tools that you should use to check your compliance status for Gmail. New Google Postmasters Tool dashboards provide detailed information about your email delivery and message format: 

▪️ SPF and DKIM Authentication

▪️ From header alignment 

▪️ DMARC Authentication

▪️ Encryption 

▪️ User-reported spam rate

▪️ DNS record

▪️ One-click unsubscribe – coming soon 

▪️ Honor unsubscribe – coming soon

April 2024 – Enforcing the Rules Even More Strictly

Google announced that they would start rejecting a percentage of non-compliant email traffic and gradually increase the rejection rate since April, and that is what they did. 

“For example, if 75% of a sender’s traffic meets our requirements, we’ll start rejecting a percentage of the remaining 25% of traffic that isn’t compliant.” – source: Support Google Com

As you can see, there is no excuse; if you fail to meet the sender requirements, you will face consequences. 

June 2024 – One-Click List-Unsubscribe Header

It’s time to implement a one-click unsubscribe in marketing messages honored within two days. Otherwise, you will notice issues that will undoubtedly reflect your email deliverability. If you are surprised, please note that Google has already prolonged this deadline, so we expect they will strongly force senders to implement this starting in June.

Allowing the unsubscribe option straight from the recipient’s inbox provides a positive change for mailbox users overwhelmed with unsolicited emails. Besides, you should prefer people to unsubscribe instead of reporting you as a spammer…

List of Google Sender Requirements Fully Enforced Since June 2024:

▪️ DMARC record with a minimum policy (p=none)

▪️ One-click unsubscribe in marketing messages processed within 2 days

 

Yahoo Sender Requirement that Takes Effect since June 2024:

▪️ One-click unsubscribe in marketing messages processed within 2 days

All 2024 Email Sender Requirements from Yahoo are listed here.

You might feel slightly overwhelmed with all those changes, but we are here to help with more in-depth knowledge … as mentioned earlier, staying on top of these changes is really a challenge.

The Must-Do’s of New Sender Rules for 2024

For detailed, step-by-step instructions on each requirement, refer to our earlier publication:
How to Prepare for Gmail and Yahoo! Sender Requirements Before February 2024.

Below, we summarize the crucial must-knows for the best message deliverability.

Set up Domain Authorization – No Auth, No Entry 

All senders should add SPF and DKIM authentication to their domain and IP address. As the industry folks like to say: No Auth, No Entry. Bulk senders must implement DMARC authentication, at least with a “p=none” policy. No questions asked. 

FYI: You can use the free sending domain configurator to set up DMARC in the EmailLabs dashboard. Check detailed instructions.

Align Your Domain

Domain alignment means that the Envelope From domain (return_path) must match the Header From (From address) domain, or the DKIM domain must align with the Header From domain. 

Google recommends that all senders fully align DMARC to SPF and DKIM.

“It’s likely that DMARC alignment with both SPF and DKIM will eventually be a sender requirement. ” – Support Google Com

Keep your Spam Complaint Rate Below 0,3 %

The spam rate represents the percentage of email messages designated as spam by users to the emails successfully delivered to active user inboxes. It’s important to note that even if users mark emails as spam in their inbox, if a significant portion of emails are directed to spam folders upon delivery, it may result in a lower spam rate.

The spam complaint rate should not exceed 0,3% displayed in Google Postmaster Tools. Yahoo! Mail does not provide precise thresholds for acceptable spam rates, but they expect all senders to keep their complaint rates low.

We recommend that you read Emaillabs’ Anti-Spam Policy. The level of spam complaints specified therein must not exceed 0.1%, so our approach to this metric is very strict.

Manage your Forwarding with ARC Message Headers

All senders who forward messages from other accounts or services to Gmail should add Authenticated Received Chain (ARC) headers, as Google clarifies:

“If you manage a forwarding service, including mailing lists or inbound gateways, add ARC headers to outgoing email. ARC headers indicate the message was forwarded and identify you as the forwarder. Mailing list senders should also add a List-id: header, which specifies the mailing list, to outgoing messages.” 

When the original email content is changed in the forwarded messages, SPF or DKIM authentication can fail. Overall, ARC checks authentication for forwarded messages and helps ensure messages are delivered to the final recipients. 

Stay Compliant with RFC 5322 Principles

It’s imperative for all messages, regardless of the sender’s size, to adhere to the RFC 5322 standard. This standard is widely recognized and defines the format of emails, headers, content, message body, and attachments. 

For example, defined by 5322 standards, header fields encompass vital details like sender, recipient, subject line, date, and additional metadata, offering essential information about the message:

Header	Description
From	Sender’s email address
To	Recipient’s email address
Subject	Summary of the content or purpose of the email.
CC	Address to which a copy of the message should be sent
BCC	Address to which a copy of the message, hidden for other recipients, will be sent

Enable One-Click List-Unsubscribe 

Both providers have mandated that senders facilitate a quick and seamless opt-out process from marketing communications starting June 2024. To comply, it’s imperative to incorporate a one-click unsubscribe option. You should process unsubscribe requests promptly, preferably within 2 days. Overall, sending emails to unsubscribed recipients is against best practices and can result in issues with email deliverability.

In the EmailLabs administration panel, there is a ‘List-Unsubscribe’ option. This functionality allows you to include an ‘unsubscribe’ button directly in an email message. See detailed instructions.

Warm-Up Your Email Sending Domain

The purpose of domain warm-up is to enhance your domain reputation and establish trust with ISPs, ensuring that your emails are delivered directly to recipients’ inboxes without being flagged by spam filters.

When initiating e-mail sending from a new domain with no established reputation, ISPs may exhibit caution, limiting the volume of messages you can send until you prove reliability.

Pro Tip: Increase your sendings slowly and warm up your dedicated IP address to avoid deliverability troubleshooting and email throttling.

The Don’t of Sending Practices in 2024

Having just absorbed the Google and Yahoo sender requirements, you should feel assured as an email marketer and rest easy… However, compiling a list of “don’ts” is important to ensure you have a comprehensive landscape of sender rules and recommendations for effective email communication.

▪️ Forget about @googlemail – Google has changed its DMARC policy to “p=quarantine,” so sending from addresses such as @gmail or @googlemail will no longer be allowed.

▪️ Avoid mixing different content purposes – avoid mixing different types of content within the same message. For example, refrain from including promotions in sales confirmation messages.

▪️ Do not impersonate domains – never impersonate other domains or senders without explicit permission. Engaging in such practices, known as spoofing, may prompt Gmail to mark your messages as spam.

▪️ Do not purchase e-mail addresses – avoid purchasing email addresses from other companies, as it can lead to unsolicited messages. Sending emails to individuals who haven’t opted in can significantly increase the risk of being perceived as SPAM by recipients and Internet Service Providers (ISPs).

▪️ Don’t forget about default opt-ins – Be mindful of restrictions on automatic opt-ins in certain countries and regions. Before implementing such practices, ensure compliance with local regulations. Consider adopting Double Opt-in methods as a safer alternative to Default Opt-Ins.

Learn About Sender Requirements in Less than 20 Minutes

Consequences of Non-Compliance with Guidelines for Senders

Adapting to the sender requirements announced for 2024 is crucial for maintaining effective email communication. The list of those guidelines is extensive, but If you included previous good sender practices in your email strategy, all those requirements should be familiar.

Otherwise, you’d better catch up quickly. Doing so will be extremely challenging for individuals operating in the “grey area” who rely on external databases and send emails to unverified recipient lists.

In conclusion, if you fail to do so, you will encounter significant deliverability issues requiring extensive troubleshooting. Your emails may hard bounce or be marked as spam. The good news is that providers will deliver information with error codes that name the problem and explain the compliance failure.

Our EmailLabs Team’s Mission is to support you in finding your way to the inbox, and we will keep you updated with all the sender requirements in 2024.

If you require any help adjusting to new Google and Yahoo requirements or are encountering troubleshooting issues, we are ready to help.

Good luck and happy deliverability! 💌