Best practices, Email Authentication, Gmail

How to Prepare for Gmail and Yahoo! Sender Requirements Before February 2024?

Katarzyna Garbaciak, 13 November 2023


Gmail has announced significant changes in the requirements for email senders to maintain a good reputation and proper classification of messages in user inboxes starting from February 1, 2024. Similar changes will be implemented by Yahoo! Mail in Q1 2024

Major global providers are gearing up to send a clear signal – it’s time to implement requirements previously considered best practices to enhance email users’ security and significantly reduce the amount of SPAM reaching our inboxes every day.

This is not surprising, especially considering the prior promotion of the BIMI standard, which we have been assisting our clients in implementing for over 2 years. Particularly, Gmail has emphasized the importance of fully securing the sender’s brand and its marking in the inbox. It’s worth noting that brands with implemented BIMI display their logo in the inbox, along with a clear indication that the sender is verified.

We believe that there will be a tightening of requirements within the DMARC authentication, moving from “p=none” policy to a more restrictive one. It’s advisable to familiarize yourself with these changes now to avoid being surprised by an increased number of bounced messages or messages classified as SPAM, she adds. The DMARC change will be a significant challenge for many senders. Some express concerns that organizing processes within their email systems will take at least a few weeks.

Katarzyna Garbaciak, COO EmailLabs


Domain-Based Message Authentication Reporting and Conformance combines two existing email authentication mechanisms, SPF and DKIM, and adds a layer of policy.

New Requirements for Gmail and Yahoo! Mail – Who Will Be Affected?

Gmail and Yahoo! Mail have announced that the changes concern what they refer to as ‘bulk senders.’ Only Gmail has clarified what this term exactly means. Specifically, a bulk sender is someone who sends over 5000 messages per day to their clients or subscribers.

Consideration is given to emails sent from a specific domain. However, upon closer examination of Google’s documentation, it is evident that the changes will have a broader impact. If you send messages to anyone using Yahoo! Mail or Gmail (as well as Workspace, formerly G Suite), you must adhere to the new requirements.

Consequences of Non-Compliance with Gmail and Yahoo! Mail Requirements

The sender’s failure to comply will have significant consequences, primarily impacting their sending reputation, which can be monitored, for instance, through the Google Postmaster Tool. Understanding the concept of sender reputation is crucial; this tool serves as a reliable benchmark for evaluating the sender’s quality and email delivery practices. It effectively illustrates the response to communications and engagement levels and indicates the spam complaint rate.

In practical terms, a sender’s lack of preparedness may result in penalties such as message rejection, redirection to the recipient’s spam folder, or, in more severe cases, the non-delivery of their emails altogether. It underscores the importance of sender readiness and emphasizes the need for compliance to maintain a positive sending reputation.

5 Ways to Check Sending Reputation

When Will The Changes For Senders Take Effect?

It’s worth noting that Gmail has precisely specified that the changes will take effect on February 1, 2024. The giant emphasizes the importance of implementing the requirements earlier and not waiting until the specified date. Quoting Google’s documentation:

“If you send more than 5,000 emails per day before February 1, 2024, follow the guidelines in this article as soon as possible. Meeting the sender’s requirements before the deadline may improve your email delivery.”

Yahoo! Mail provides a less precise timeframe, stating it will be within the first quarter of the new year.

What Exactly Will Change For Senders?

For years, Google and Yahoo have been making significant efforts to enhance email security and reduce spam. The introduced changes aim to provide even better protection for email recipients and tighten the implementation of anti-spam filters. The modifications include:

First of all: Authenticate Your Email!

The most crucial and challenging change involves email authentication. Mandatory SPF and DKIM authentication are being introduced for all senders.

Bulk senders will be required to implement DMARC authentication, at least with a “p=none” policy. This will now be a mandatory requirement, as opposed to a previously recommended practice.

Messages sent by bulk senders must undergo domain alignment in the DMARC record. This means that the Envelope From (return path) domain must be the same as the Header From (FROM address) domain or that the DKIM domain is the same as the Header From domain.

How to Configure DMARC?

Setting up DMARC involves three essential steps besides the purely technical aspects of adding a DMARC record.

  1. Evaluate the infrastructure responsible for sending email messages.
    This includes mail servers and external services sending emails on behalf of the sender, such as server infrastructure providers like EmailLabs or marketing automation platforms.
  2. Creating a Custom DMARC Policy for Each Protected Domain.
    DMARC adds rules to the organization’s DNS record, instructing receiving servers on handling email messages sent from a specific domain. The DMARC policy itself can be set to “reject,” “quarantine,” or “none”:

    • Reject: The message will be rejected if it fails authentication tests and is not authorized by the sender.
    • Quarantine: Messages will be directed to the SPAM folder until they pass authentication checks and are authorized by the sender.
    • None: The receiving server takes no action on messages that fail authentication checks.

      Depending on the DMARC policy, the email message may be delivered, placed in the spam folder, or rejected outright.


  3. Publishing the DMARC Record in the DNS of Your Domain:
    To achieve this, access the DNS settings in the Admin Console and insert a TXT record resembling the following:
    v=DMARC1; p=quarantine; rua="[email protected]"; ruf="mailto:[email protected]"

In this record, the “v” tag signifies the DMARC version in use (typically “DMARC1”), the “p” tag indicates the DMARC policy and the “rua” and “ruf” tags specify the email addresses designated to receive reports related to DMARC activities – “rua” for aggregate reports and “ruf” for failure/forensic reports. If you employ the rua/ruf tag, it’s essential to use the “mailto:” prefix.

Read detailed instructions on how to set up DMARC correctly.

Simple Opt-In Process When users subscribe to your emails, make the process simple and transparent. Clearly state what they are signing up for and ensure they have full control over their subscription preferences.
Allow one-click Unsubscribes Provide a clear and accessible unsubscribe option in every email you send. Make it as straightforward as possible for users to opt out of your emails. Failing to do so can lead to user frustration and spam complaints.
Respect User Choices Honor unsubscribe requests promptly. Continuing to send emails to recipients who have unsubscribed is not only against best practices but can also result in email deliverability issues.

Secondly: The Spam Complaint Rate (marking emails as SPAM) Must Be Very Low.

Google specifies that it should not exceed 0.3% according to the data displayed in Google Postmaster (Spam Rate tab). Yahoo! Mail does not provide exact numbers. This requirement will apply to all senders.

The spam rate is the percentage of email messages marked as spam by users compared to the total emails delivered to the inbox for active users. If many emails are directly delivered to spam folders, the spam rate may be low, even if users continue to mark your emails in their inbox as spam.

We recommend that you read Emaillabs’ Anti-spam Policy. The level of spam complaints specified therein must not exceed 0.1%, so our approach to this metric is very strict.

Thirdly: Compliance with RFC 5322 Principles

All messages, regardless of the sender’s size, must adhere to the RFC 5322 standard. This is nothing more than the widely recognized internet standard that defines the format of emails, including headers, content, and attachments. Following these changes, emails that do not meet these requirements may face rejection.

Fourthly: Avoid Sending from Free Mailboxes

Google is changing its DMARC policy to “p=quarantine,” meaning that sending from addresses such as @gmail or @googlemail will no longer be allowed.

Fifthly: Enable One-Click Unsubscribes

Bulk senders should enable a swift and easy opt-out from marketing communication by implementing a one-click unsubscribe option (excluding transactional emails): the one-click unsubscribe feature.

The BIMI Standard and VMC Certificate

The tightening of sender classification criteria and fundamentals is a natural consequence of the increasing volume of emails and spam. The number of threats related to brand impersonation in email communication is also on the rise.

Google and Yahoo! Mail have been encouraging senders to adopt the BIMI standard for the past three years. Google rewards senders who implement the VMC certificate with an additional blue checkmark that appears alongside the logo and sender’s address, confirming that the message is from a sender who is also the domain owner.

Sender Verification In Google – Blue Verified Checkmarks Will Appear In Gmail

However, to enjoy the BIMI standard and display a logo in the Yahoo! Mail inbox, which is somewhat more lenient and does not require VMC, it is mandatory to implement DMARC with a restrictive policy. The new rules don’t go that far; requiring DMARC with a “p=none” policy is sufficient. However, it is expected that in the next step, email giants may tighten these rules further.

End of Spray and Pray

Gmail and Yahoo have long rewarded senders with high open rates (OR) and click-through rates (CTR), whose messages are widely shared. Now, however, it has become clear that a certain era is coming to an end – the era of sending messages to unverified recipient lists, inactive subscribers, and those not engaging in our communication. A tough time is approaching for senders who don’t know their customers, don’t segment them based on needs and preferences, and don’t create personalized communication.

Until now, there was no point in hiding the unsubscribe option for fear of an increased spam complaint rate. Now the bar has been raised. Gmail already represents 40-50% of the database for most clients. Senders can’t afford to create uninteresting, unattractive messages; not only will it be very easy to unsubscribe from such communication, but a spam complaint rate above 0.3% will result in unwanted emails being directed to spam or not delivered.

How to Prepare for Google and Yahoo Changes?

Regardless of the size of their email campaigns, every one of our clients must perform sender authentication in the Emaillabs panel.

To do this, go to the Administrator tab > Sender Authorization.

If you haven’t completed domain authorization yet, be sure to read the instructions in this regard

Every sender must authenticate their mailings through proper SPF and DKIM configuration. Additionally, it is crucial to monitor the spam complaints level in accordance with the requirements. Instead of using free domains, it is advisable to purchase a corporate domain and conduct mailings from it.

Additionally, mass senders must align with the other recommendations announced by Gmail and Yahoo! Mail, which include:

  1. Implementing DMARC at a minimum in “none” policy.
  2. Domain Alignment in DMARC: The so-called domain alignment requires that the Envelope From domain (return path) must be the same as the Header From domain (FROM address), or the DKIM domain must be the same as the Header From domain.
  3. Implementing the one-click unsubscribe option.

Most popular