We all get frustrated with the mountain of spam landing in our personal email inboxes, and the truth is that spam can be quite nasty and more than just a nuisance, carrying malicious links and attachments capable of doing serious harm. It can even put our business customers in jeopardy, with employees accessing personal email accounts on business devices.
With that in mind, Gmail and Yahoo are introducing new requirements for bulk email senders that will come into effect from February 2024. They’ll require bulk senders to authenticate their emails, to allow users to easily unsubscribe, and to stay under a reported spam threshold.
Aside from protecting the end users, it’s also important that your business customers are aware of the changes for good email deliverability of their own email communications, as it will make it easier for MailGuard and others to detect failures to comply.
5 Steps from Yahoo!
The Y! Sender Hub provides the following instructions for bulk email senders to comply:
1. Authenticate your mail- Implement both SPF & DKIM
- Publish a valid DMARC policy with at least p=none - DMARC must pass
- Including a “rua” tag, which is properly set up to receive reports, is strongly recommended to allow monitoring during initial setup
- Relaxed alignment is acceptable
- Ensure the domain in the From: header is aligned with either the SPF domain or the DKIM domain. This is required for DMARC alignment.
2. Support easy unsubscribe
- Implement a functioning list-unsubscribe header, which supports one-click unsubscribe for marketing and subscribed messages
- The Post (RFC 8058) method is highly recommended
- The mail-to: method is acceptable
- Have a clearly visible unsubscribe link in the email body - this may direct to a preference page
- Honor unsubscribes within 2 days
3. Keep spam complaint rates low
- Keep your spam rate below 0.3%
- Spam rate is calculated in our system based on mail delivered to the inbox - keep this in mind when referencing CFL data and calculating the rate in your own system
4. Have a valid forward and reverse DNS record for your sending IPs
5. Comply with RFCs 5321 and 5322
Read more about sender best practices from Yahoo here.
Gmail Focusses on Email Validation
Google says, ‘Many bulk senders don’t appropriately secure and configure their systems, allowing attackers to easily hide in their midst. To help fix that, we’ve focused on a crucial aspect of email security: the validation that a sender is who they claim to be.’
‘Last year we started requiring that emails sent to a Gmail address must have some form of authentication. And we’ve seen the number of unauthenticated messages Gmail users receive plummet by 75%, which has helped declutter inboxes while blocking billions of malicious messages with higher precision.’
The measures that come into effect from February go further, targeting large volume email senders.
New Gmail Requirements for Bulk Senders
1. Authenticate their email: You shouldn’t need to worry about the intricacies of email security standards, but you should be able to confidently rely on an email’s source. So we're requiring those who send significant volumes to strongly authenticate their emails following well-established best practices. Ultimately, this will close loopholes exploited by attackers that threaten everyone who uses email.
2. Enable easy unsubscription: You shouldn’t have to jump through hoops to stop receiving unwanted messages from a particular email sender. It should take one click. So we’re requiring that large senders give Gmail recipients the ability to unsubscribe from commercial email in one click, and that they process unsubscription requests within two days. We’ve built these requirements on open standards so that once senders implement them, everyone who uses email benefits.
3. Ensure they’re sending wanted email: Nobody likes spam, and Gmail already includes many tools that keep unwanted messages out of your inbox. To add yet another protection, moving forward, we’ll enforce a clear spam rate threshold that senders must stay under to ensure Gmail recipients aren’t bombarded with unwanted messages. This is an industry first, and as a result, you should see even less spam in your inbox.
Gmail and Yahoo! are Working Together to Improve the Email User Experience
Google says on its website, ‘We aren’t the only ones pushing for these changes. Our industry partners also see the pressing need to institute them…
These changes are like a tune-up for the email world, and by fixing a few things under the hood, we can keep email running smoothly. But just like a tune-up, this is not a one-time exercise. Keeping email more secure, user friendly and spam-free requires constant collaboration and vigilance from the entire email community. And we'll keep working together to make sure your inbox stays safe.’
And Marcel Becker, Sr. Dir. Product at Yahoo says "No matter who their email provider is, all users deserve the safest, most secure experience possible.”
You can read more about Google’s email sender guidelines here.
Talk to us
MailGuard's partner blog is a forum to share information; we want it to be a dialogue. Reach out to us and tell us what your customers need so we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 2822
UK partners call 0 800 404 8993
