Best practices, Email Authentication, Gmail
Best practices, Email Authentication, Gmail
Gmail has announced significant changes in the requirements for email senders to maintain a good reputation and proper classification of messages in user inboxes starting from February 1, 2024. Similar changes will be implemented by Yahoo! Mail in Q1 2024
Major global providers are gearing up to send a clear signal – it’s time to implement requirements previously considered best practices to enhance email users’ security and significantly reduce the amount of SPAM reaching our inboxes every day.
This is not surprising, especially considering the prior promotion of the BIMI standard, which we have been assisting our clients in implementing for over 2 years. Particularly, Gmail has emphasized the importance of fully securing the sender’s brand and its marking in the inbox. It’s worth noting that brands with implemented BIMI display their logo in the inbox, along with a clear indication that the sender is verified.
We believe that there will be a tightening of requirements within the DMARC authentication, moving from “p=none” policy to a more restrictive one. It’s advisable to familiarize yourself with these changes now to avoid being surprised by an increased number of bounced messages or messages classified as SPAM, she adds. The DMARC change will be a significant challenge for many senders. Some express concerns that organizing processes within their email systems will take at least a few weeks.
Katarzyna Garbaciak, COO EmailLabs
Domain-Based Message Authentication Reporting and Conformance combines two existing email authentication mechanisms, SPF and DKIM, and adds a layer of policy.
It’s worth noting that Gmail has precisely specified that the changes will take effect on February 1, 2024. The giant emphasizes the importance of implementing the requirements earlier and not waiting until the specified date. Quoting Google’s documentation:
“If you send more than 5,000 emails per day before February 1, 2024, follow the guidelines in this article as soon as possible. Meeting the sender’s requirements before the deadline may improve your email delivery.”
Yahoo! Mail provides a less precise timeframe, stating it will be within the first quarter of the new year.
For years, Google and Yahoo have been making significant efforts to enhance email security and reduce spam. The introduced changes aim to provide even better protection for email recipients and tighten the implementation of anti-spam filters. The modifications include:
The most crucial and challenging change involves email authentication. Mandatory SPF and DKIM authentication are being introduced for all senders.
Bulk senders will be required to implement DMARC authentication, at least with a “p=none” policy. This will now be a mandatory requirement, as opposed to a previously recommended practice.
Messages sent by bulk senders must undergo domain alignment in the DMARC record. This means that the Envelope From (return path) domain must be the same as the Header From (FROM address) domain or that the DKIM domain is the same as the Header From domain.
Setting up DMARC involves three essential steps besides the purely technical aspects of adding a DMARC record.
Depending on the DMARC policy, the email message may be delivered, placed in the spam folder, or rejected outright.
v=DMARC1; p=quarantine; rua="[email protected]"; ruf="mailto:[email protected]"
In this record, the “v” tag signifies the DMARC version in use (typically “DMARC1”), the “p” tag indicates the DMARC policy and the “rua” and “ruf” tags specify the email addresses designated to receive reports related to DMARC activities – “rua” for aggregate reports and “ruf” for failure/forensic reports. If you employ the rua/ruf tag, it’s essential to use the “mailto:” prefix.
Read detailed instructions on how to set up DMARC correctly.
Simple Opt-In Process | When users subscribe to your emails, make the process simple and transparent. Clearly state what they are signing up for and ensure they have full control over their subscription preferences. |
Allow one-click Unsubscribes | Provide a clear and accessible unsubscribe option in every email you send. Make it as straightforward as possible for users to opt out of your emails. Failing to do so can lead to user frustration and spam complaints. |
Respect User Choices | Honor unsubscribe requests promptly. Continuing to send emails to recipients who have unsubscribed is not only against best practices but can also result in email deliverability issues. |
Google specifies that it should not exceed 0.3% according to the data displayed in Google Postmaster (Spam Rate tab). Yahoo! Mail does not provide exact numbers. This requirement will apply to all senders.
The spam rate is the percentage of email messages marked as spam by users compared to the total emails delivered to the inbox for active users. If many emails are directly delivered to spam folders, the spam rate may be low, even if users continue to mark your emails in their inbox as spam.
We recommend that you read Emaillabs’ Anti-spam Policy. The level of spam complaints specified therein must not exceed 0.1%, so our approach to this metric is very strict.
The tightening of sender classification criteria and fundamentals is a natural consequence of the increasing volume of emails and spam. The number of threats related to brand impersonation in email communication is also on the rise.
Google and Yahoo! Mail have been encouraging senders to adopt the BIMI standard for the past three years. Google rewards senders who implement the VMC certificate with an additional blue checkmark that appears alongside the logo and sender’s address, confirming that the message is from a sender who is also the domain owner.
Sender Verification In Google – Blue Verified Checkmarks Will Appear In Gmail
However, to enjoy the BIMI standard and display a logo in the Yahoo! Mail inbox, which is somewhat more lenient and does not require VMC, it is mandatory to implement DMARC with a restrictive policy. The new rules don’t go that far; requiring DMARC with a “p=none” policy is sufficient. However, it is expected that in the next step, email giants may tighten these rules further.
Gmail and Yahoo have long rewarded senders with high open rates (OR) and click-through rates (CTR), whose messages are widely shared. Now, however, it has become clear that a certain era is coming to an end – the era of sending messages to unverified recipient lists, inactive subscribers, and those not engaging in our communication. A tough time is approaching for senders who don’t know their customers, don’t segment them based on needs and preferences, and don’t create personalized communication.
Until now, there was no point in hiding the unsubscribe option for fear of an increased spam complaint rate. Now the bar has been raised. Gmail already represents 40-50% of the database for most clients. Senders can’t afford to create uninteresting, unattractive messages; not only will it be very easy to unsubscribe from such communication, but a spam complaint rate above 0.3% will result in unwanted emails being directed to spam or not delivered.
Regardless of the size of their email campaigns, every one of our clients must perform sender authentication in the Emaillabs panel.
To do this, go to the Administrator tab > Sender Authorization.
If you haven’t completed domain authorization yet, be sure to read the instructions in this regard
Every sender must authenticate their mailings through proper SPF and DKIM configuration. Additionally, it is crucial to monitor the spam complaints level in accordance with the requirements. Instead of using free domains, it is advisable to purchase a corporate domain and conduct mailings from it.
Additionally, mass senders must align with the other recommendations announced by Gmail and Yahoo! Mail, which include:
Best practices, Email Authentication, Gmail
Gmail has announced significant changes in the requirements for email senders to maintain a good reputation and proper classification of messages in user inboxes starting from February 1, 2024....
Vercom S.A. public joint-stock company to which the EmailLabs project belongs, has been assessed and certified to be compliant with the ISO/IEC 27001 and ISO/IEC 27018 standards. The Vercoms’...
The increasing number of phishing attacks each year, and the projection that this trend will continue to escalate, aren’t likely to astonish anyone. This can be attributed, in part,...
Out of all the things that can go wrong when sending out marketing emails, having your emails end up in the recipient’s spam folder is arguably the most dreaded...
Email Authentication, Security
DMARC is an email authentication protocol that is designed to give domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. Spoofing occurs...
With the emergence of the Covid-19 pandemic, many brands have been challenged to adapt in a short period to the changed reality and new consumer attitudes. That meant reorganizing...
Best practices, Sending Reputation
Are your email campaigns not getting the results you were hoping for? Low open rates and high bounce rates can be frustrating, but it may be possible to turn...
In an effort to bolster email security and protect users from malicious messages, Google and Yahoo are set to implement stringent email authentication requirements beginning in 2024. Email marketing...