Gmail has announced significant changes in the requirements for email senders to maintain a good reputation and proper classification of messages in user inboxes starting from February 1, 2024. Similar changes will be implemented by Yahoo! Mail in Q1 2024
Major global providers are gearing up to send a clear signal – it’s time to implement requirements previously considered best practices to enhance email users’ security and significantly reduce the amount of SPAM reaching our inboxes every day.
This is not surprising, especially considering the prior promotion of the BIMI standard, which we have been assisting our clients in implementing for over 2 years. Particularly, Gmail has emphasized the importance of fully securing the sender’s brand and its marking in the inbox. It’s worth noting that brands with implemented BIMI display their logo in the inbox, along with a clear indication that the sender is verified.
We believe that there will be a tightening of requirements within the DMARC authentication, moving from “p=none” policy to a more restrictive one. It’s advisable to familiarize yourself with these changes now to avoid being surprised by an increased number of bounced messages or messages classified as SPAM, she adds. The DMARC change will be a significant challenge for many senders. Some express concerns that organizing processes within their email systems will take at least a few weeks.
Katarzyna Garbaciak, COO EmailLabs
It’s worth noting that Gmail has precisely specified that the changes will take effect on February 1, 2024. The giant emphasizes the importance of implementing the requirements earlier and not waiting until the specified date. Quoting Google’s documentation:
“If you send more than 5,000 emails per day before February 1, 2024, follow the guidelines in this article as soon as possible. Meeting the sender’s requirements before the deadline may improve your email delivery.”
Yahoo! Mail provides a less precise timeframe, stating it will be within the first quarter of the new year.
For years, Google and Yahoo have been making significant efforts to enhance email security and reduce spam. The introduced changes aim to provide even better protection for email recipients and tighten the implementation of anti-spam filters. The modifications include:
The most crucial and challenging change involves email authentication. Mandatory SPF and DKIM authentication are being introduced for all senders.
Bulk senders will be required to implement DMARC authentication, at least with a “p=none” policy. This will now be a mandatory requirement, as opposed to a previously recommended practice.
Messages sent by bulk senders must undergo domain alignment in the DMARC record. This means that the Envelope From (return path) domain must be the same as the Header From (FROM address) domain or that the DKIM domain is the same as the Header From domain.
Setting up DMARC involves three essential steps besides the purely technical aspects of adding a DMARC record.
v=DMARC1; p=quarantine; rua="[email protected]"; ruf="mailto:[email protected]"
In this record, the “v” tag signifies the DMARC version in use (typically “DMARC1”), the “p” tag indicates the DMARC policy and the “rua” and “ruf” tags specify the email addresses designated to receive reports related to DMARC activities – “rua” for aggregate reports and “ruf” for failure/forensic reports. If you employ the rua/ruf tag, it’s essential to use the “mailto:” prefix.
Read detailed instructions on how to set up DMARC correctly.
|Simple Opt-In Process||When users subscribe to your emails, make the process simple and transparent. Clearly state what they are signing up for and ensure they have full control over their subscription preferences.|
|Allow one-click Unsubscribes||Provide a clear and accessible unsubscribe option in every email you send. Make it as straightforward as possible for users to opt out of your emails. Failing to do so can lead to user frustration and spam complaints.|
|Respect User Choices||Honor unsubscribe requests promptly. Continuing to send emails to recipients who have unsubscribed is not only against best practices but can also result in email deliverability issues.|
Google specifies that it should not exceed 0.3% according to the data displayed in Google Postmaster (Spam Rate tab). Yahoo! Mail does not provide exact numbers. This requirement will apply to all senders.
The spam rate is the percentage of email messages marked as spam by users compared to the total emails delivered to the inbox for active users. If many emails are directly delivered to spam folders, the spam rate may be low, even if users continue to mark your emails in their inbox as spam.
We recommend that you read Emaillabs’ Anti-spam Policy. The level of spam complaints specified therein must not exceed 0.1%, so our approach to this metric is very strict.
The tightening of sender classification criteria and fundamentals is a natural consequence of the increasing volume of emails and spam. The number of threats related to brand impersonation in email communication is also on the rise.
Google and Yahoo! Mail have been encouraging senders to adopt the BIMI standard for the past three years. Google rewards senders who implement the VMC certificate with an additional blue checkmark that appears alongside the logo and sender’s address, confirming that the message is from a sender who is also the domain owner.
However, to enjoy the BIMI standard and display a logo in the Yahoo! Mail inbox, which is somewhat more lenient and does not require VMC, it is mandatory to implement DMARC with a restrictive policy. The new rules don’t go that far; requiring DMARC with a “p=none” policy is sufficient. However, it is expected that in the next step, email giants may tighten these rules further.
Gmail and Yahoo have long rewarded senders with high open rates (OR) and click-through rates (CTR), whose messages are widely shared. Now, however, it has become clear that a certain era is coming to an end – the era of sending messages to unverified recipient lists, inactive subscribers, and those not engaging in our communication. A tough time is approaching for senders who don’t know their customers, don’t segment them based on needs and preferences, and don’t create personalized communication.
Until now, there was no point in hiding the unsubscribe option for fear of an increased spam complaint rate. Now the bar has been raised. Gmail already represents 40-50% of the database for most clients. Senders can’t afford to create uninteresting, unattractive messages; not only will it be very easy to unsubscribe from such communication, but a spam complaint rate above 0.3% will result in unwanted emails being directed to spam or not delivered.
Regardless of the size of their email campaigns, every one of our clients must perform sender authentication in the Emaillabs panel.
To do this, go to the Administrator tab > Sender Authorization.
If you haven’t completed domain authorization yet, be sure to read the instructions in this regard
Every sender must authenticate their mailings through proper SPF and DKIM configuration. Additionally, it is crucial to monitor the spam complaints level in accordance with the requirements. Instead of using free domains, it is advisable to purchase a corporate domain and conduct mailings from it.
Additionally, mass senders must align with the other recommendations announced by Gmail and Yahoo! Mail, which include:
Gmail has announced significant changes in the requirements for email senders to maintain a good reputation and proper classification of messages in user inboxes starting from February 1, 2024....
Vercom S.A. public joint-stock company to which the EmailLabs project belongs, has been assessed and certified to be compliant with the ISO/IEC 27001 and ISO/IEC 27018 standards. The Vercoms’...
The increasing number of phishing attacks each year, and the projection that this trend will continue to escalate, aren’t likely to astonish anyone. This can be attributed, in part,...
In an effort to bolster email security and protect users from malicious messages, Google and Yahoo are set to implement stringent email authentication requirements beginning in 2024. Email marketing...