Are Your Emails Safe? Navigating the New Landscape of Gmail & Yahoo Sender Requirements

Gmail & Yahoo Sender RequirementsHave you heard the news? Email marketers everywhere are panicking because the new Gmail & Yahoo sender requirements are starting to roll out on Feb 1, 2024.

The good news is that if you are an Emercury user, we already enforce most of these, and we help you easily monitor the last one. But let’s talk about exactly what these requirements are, and how we help you deal with each one.

1) Mandatory SPF and DKIM Records

Starting this month (February of 2024) senders are required to send from domains with properly set up SPF and DKIM records.

As you know, this has been part of the Emercury onboarding process for a long time. We require all users to set up a brand profile, and the process requires you to set these up properly before you can send using our service.

If you still haven’t switched to Emercury, you should know we make this very simple. Also, our friendly customer service is right there with you. They will help you easily set all of this up even if you have never done it before.

Note that TLS and PTR are also becoming mandatory, but again, this has always been part of the Emercury onboarding process. So if you’re sending emails with Emercury, you’re safe.

2) DMARC will become a requirement for “bulk mailers”

Yahoo refers to senders who send more than 5,000 emails a day as “bulk mailers”. And this is an important distinction because some of the rules will affect you differently if you’re in this category. See the last part of this article for the full roll-out schedule.

The main part where this distinction will make a difference is with the DMARC records. As everything in the first point becomes mandatory for everyone immediately, regardless of “mailer size”.

Now, what’s the deal with DMARC, and how is it different from SPF and DKIM? Well, when it comes to the first two, the goal is to provide authentication and authorization. In turn DMARC serves as instruction on how to deal with failed SPF and DKIM checks. 

What does this mean?

It is how you (as the true domain owner) instruct the inbox providers on how to deal with failed SPF and DKIM checks. That is, if they receive emails in your name, but the SPF and DKIM don’t match correctly, what should the provider do with that?

In practical terms, it makes it impossible for spammers to pretend they are you, and send emails in your name. It is something that you do in order to protect your own domain and sender reputation. 

This might not sound like a big deal, until you realize those spoofed emails count toward your limit. Let’s say that you forget to set up your DMARC records and someone else sends emails in your name. This means that you automatically enter the “bulk mailer” category, permanently. It also means that going forward all the rules for a bulk mailer apply to you. It doesn’t matter if you stay under 5000 emails a day yourself.

Now, we have always put a big emphasis on DMARC at Emercury. This is because DMARC exists to protect you, and your deliverability. And it is why we created our super popular DMARC generator tool, which is free for all. You don’t even have to be an Emercury user to benefit.

Also note that while we haven’t mandated DMARC until now, starting February 1, it is also mandatory for all new brand profiles on Emercury.

Should you monitor your own DMARC reports?

If you look at the DMARC Record Generator you will see the last field that says “mailto”. This is the email address where all of your DMARC related reports will be sent to. 

This can be your own email if you want to spend time monitoring everything yourself, or you can purchase the Emercury DMARC monitor addon where we monitor these reports for you. If you want help with this, reach out to support.

3) One-click unsubscribe is a must

You know how most marketing emails you receive make you jump through hoops to unsubscribe? You can’t just unsubscribe. They first take you to a website where you have to confirm that you really, truly want to unsubscribe and try to change your mind.

Well, Yahoo & Google have decided to put a stop to this, and from now the one-click unsubscribe is mandatory.

The good news (I think you can already guess) is that Emercury has always been an immediate one-click unsubscribe. This is unlike other email platforms where the default is the “redirect to a website that asks the user if they really want to unsubscribe”.

Now, this doesn’t mean you can’t still offer people options aside from this nuclear “unsubscribe from everything in one click”. It’s just that you have to offer this option. There is nothing preventing you from also giving people a more granular option.

You can have it say something like: “If you want to immediately unsubscribe from all emails, {click here}. But if you want the power to decide exactly what we send you and when, adjust {your preferences here}.

4) Complaint rate threshold changing from 0.2% to 0.1%

As an Emercury user you know we’ve always made deliverability a priority. This is why so much of the dashboard places a focus on things that affect your deliverability.

This is why after you send a campaign, you can see that the complaint rate is prominently shown by default, and we even give you a warning when it gets too high.

As a platform we’ve always focused on what matters, actually delivering your emails, which is why all of this has been at the core of the Emercury experience. Just make sure to keep your complaint rates below 0.1% and you’ll be fine.

The roll-out schedule

The new Gmail & Yahoo Sender Requirements will get rolled out gradually, and the two companies will handle them in a slightly different way.

Yahoo reports that enforcement of sender guidelines will be gradually rolled out as they monitor compliance through the first half of the year:

Beginning in February 2024, Yahoo will be enforcing certain standards for all senders, including:

  • – Properly authenticating your mail
  • – Keeping complaint rates low

Beginning in February 2024, the requirements for bulk senders will be more strict, including:

  • – Enabling easy, one-click unsubscribe starting June 2024
  • – Authenticating with both SPF and DKIM
  • – Publishing a DMARC policy

Google’s “gradual and progressive” sender enforcement dates are as follows:

In February 2024, bulk senders who don’t meet sender requirements will start getting temporary errors (with error codes) on a small percentage of their non-compliant email traffic. These temporary errors are meant to help senders identify email traffic that doesn’t meet our guidelines so that senders can resolve issues that result in non-compliance.

In April 2024, Google will start rejecting a percentage of non-compliant email traffic and gradually increase the rejection rate. For example, if 75% of a sender’s traffic meets our requirements, Google will start rejecting a percentage of the remaining 25% of traffic that isn’t compliant.

Bulk senders have until June 1, 2024 to implement one-click unsubscribe in all commercial, promotional messages.

 

About Author