Major email service providers Gmail and Yahoo have recently published notable changes to their email sender guidelines that will go into effect in February 2024. The new guidelines aim to curb abuse and spam while optimizing inbox placement and deliverability for legitimate bulk and commercial senders relying on these services to reach their contacts.
Both personal and professional email marketers sending messages to @gmail.com, @googlemail.com, @yahoo.com, and @aol.com addresses should review these updated guidelines closely to ensure their ongoing ability to reach these popular inboxes.
The official guidelines for email senders:
- Gmail (Email sender guidelines – Google Workspace Admin Help)
- Yahoo (Sender Best Practices | Sender Hub (yahooinc.com))
Who is Impacted by the New Email Sending Guidelines?
The adjustments target all senders who deliver more than 5,000 emails per day to Gmail and Yahoo inboxes. However, even lower volume emailers should follow the best practices outlined to build positive sender reputations with these inbox providers.
Those currently using a free Gmail or Yahoo email address as their sender domain will be especially impacted due to new authentication requirements.
Additionally, professional marketers sending commercial messages, transactional notifications, newsletters, or other outreach to recipients at these major email providers should closely analyze how to update their practices.
Key Changes to Be Aware of:
Several critical changes stand out that senders must address within their email programs:
- Both Gmail and Yahoo now require senders to have proper sender authentication established through DMARC, DKIM, and SPF protocols to confirm message legitimacy and prevent spoofing attempts.
- DMARC alignment also needs to be in place between the sending domain and authentication mechanisms. Senders without these technical validations risks having messages blocked or filtered out as suspicious.
- Additionally, the use of @gmail.com or @googlemail.com domains within the visible sender address is now highly restricted.
- Due to an update in DMARC policies by Gmail, messages sent from their domains that fail alignment checks will automatically be marked as spam or rejected. Instead, professional third-party domains should be used.
- Both companies also emphasize the importance of adhering to user preferences and consent requirements. Senders must provide easy one-click unsubscribe options on all messages while processing opt-outs within 2 business days.
- Additionally, commercial senders should maintain spam complaint rates below 0.3% by only emailing engaged subscribers with relevant, personalized content sent at appropriate frequencies. High blocking, bounce, abuse or opt-out rates signal poor sender practices requiring correction.
What is DMARC?
DMARC stands for “Domain-based Message Authentication, Reporting, and Conformance“. It is a system that allows organizations to set policies for how email coming from their domain (their email addresses) should be handled.
Specifically, DMARC allows an organization to tell other email providers:
- How emails from their domain should be authenticated – should the emails be checked to verify they really came from that organization?
- What should be done with emails that fail authentication – should they be rejected, marked as spam, etc.
- Whether the organization wants reports about emails coming from their domain – like statistics on how many were authenticated successfully, rejected as spam, etc.
So in summary, DMARC gives control to organizations over how email “claiming” to be from their domain is validated, handled, and reported on by other providers. This helps prevent spam and phishing attacks abusing an organization’s domain.
What is DKIM?
DKIM stands for “DomainKeys Identified Mail“. It is an email authentication system that allows senders to digitally sign their outgoing messages.
The goal of DKIM is to confirm to email receivers that a message truly originated from the domain it claims to be from. This helps prevent forged or spoofed email.
Here’s how it works:
- When an email is sent, the sending server can apply a digital signature using public key cryptography. This signature is unique to the domain sending the email.
- Receiving mail servers can then check the signature to verify the email really did come from the claimed sending domain. The receivers check by querying the sender’s domain for their public key to decrypt and validate the signature.
- If the signature is valid, the receiver knows the email is authentic and really did come from that domain. The validated domain reputation helps receivers determine appropriate handling and prevents spoofing.
So in everyday terms, DKIM puts a tamper-proof digital seal on emails that receivers can check to confirm and trust approved senders. This protects inboxes against forgery.
What is SPF?
SPF stands for “Sender Policy Framework“. It is a system that allows domain owners to specify what servers are authorized to send email on behalf of their domain.
The goal of SPF is to prevent spammers from sending fake emails that pretend to come from your domain – also known as email spoofing.
Here is how it works:
- The owner of a domain can publish an SPF record, which is a list of the IP addresses of servers allowed to send email for that domain. This SPF record is stored in the domain’s DNS configuration.
- When an email is received from a certain domain, the receiving mail server looks up the SPF record for that domain. The server checks that the sending IP address matches one listed in the SPF record.
- If the IP address is authorized in the SPF record, the email passes the check and is more likely to reach the recipient’s inbox. If not, it may be flagged as spam or spoofed.
So in plain terms, SPF acts like a password system. Domain owners set up an approved list of sending servers. Inbound mail systems check a sending email’s password (its IP address) against the domain’s published SPF record. This verifies the email comes from an authorized source.
Steps to Take Now to Prepare:
To ensure compliance with new guidelines, email senders should take the following steps:
- Establish a professional domain name that you own and control to act as your sender address for messages. Using a well-known brand domain where possible aligns sender information and establishes trust and familiarity with recipients.
- Configure DMARC, DKIM, and SPF authentication steps through your domain’s DNS records to enable verification and alignment checks.
- Work with your email service provider to activate a custom DKIM signature aligned to your professional domain within messages you send through their systems. This properly authenticates your domain through their delivery infrastructure to meet new requirements.
As for our team, we always use MX Lookup Tool – Check your DNS MX Records online – MxToolbox for any email related troubleshooting. Here are the steps we usually do.
We follow a systematic process to check the health of an email domain:
- Review Overall Domain Health
- Use the Domain Health Check tool on MxToolbox to get an overview of the domain’s email delivery status, including whether it is on any blacklists. This checks key parameters like MX records, SMTP connectivity, and spam filter feedback.
- Check DMARC Records and Reports
- Use the DMARC Check Tool on MxToolbox to verify if DMARC records are configured for the domain and review recent DMARC aggregate reports. This ensures authentication and policy preferences are enabled.
- Validate DKIM Records
- Check that DKIM records are properly published using the “DKIM Lookup” in MxToolbox’s SuperTool. For example, search for “kiizen.com.my:default” to find the DKIM record for that domain and selector. Verifying DKIM records are present enables message signing.
- Confirm SPF Records
- Similarly, look up the SPF record using the “SPF Record Lookup” in SuperTool. Checking the SPF record ensures only authorized servers can send mail for the domain, preventing spoofing.
Additionally, register for feedback monitoring tools like Gmail Postmaster Tools to track your sender reputation and spam complaints over time.
Quick Tip:
To test your email delivery issue directly from your email account, just Send an email to ping@tools.mxtoolbox.com. Wait awhile, and you will receive a reply and just click on the “View your full Deliverability Report”.
How to Build an Email List Responsibly
- Respect subscriber consent
- Only email recipients who opted-in to receive your messages
- Get explicit opt-in consent before adding any new contacts
- Provide subscriber control
- Include easy unsubscribe options on all emails
- Promptly process all unsubscribe requests
- Send relevant, engaging content
- Use segmentation and personalization to target content
- Focus on providing value to subscribers
- Monitor delivery and quality
- Track metrics like spam complaints, blocking, bounces
- Continually improve deliverability and quality
- Commit to ethical practices
- Permission-based email marketing
- Respect recipient inbox access as a privilege
Following these 5 guidelines demonstrates an ongoing commitment to sending responsible, consensual, and relevant emails that subscribers want to open. It’s the best practice for sustainable email marketing.
By taking a proactive approach to adopt updated best practices from Gmail and Yahoo, professional senders can assure their ongoing ability to reach these highly-valued inboxes and engage crucial contacts.
Contact your email service provider for specific guidance on how to implement necessary authentication protocols, monitoring capabilities and sender reputation management to address these new guidelines.