Recently, both Google and Yahoo announced new email authentication requirements that will come into force in February 2024.
The update is a significant step towards creating a more secure experience for their users, minimising the amount of spam they receive by identifying and blocking malicious messages and decluttering their inboxes. Thus, the aim is to limit an attackers’ ability to exploit sender resources without detection.
Marcel Becker, Sr Director Product Management at Yahoo, says, “a key mission of Yahoo is to deliver messages that consumers want to receive and filter out the messages they don’t.”
How will the update affect you?
Google and Yahoo will be implementing a new set of requirements for all email senders, and some extras for bulk senders – those who send more than 5,000 emails to Google or Yahoo addresses in one day.
You can use these guidelines to check whether you meet that 5,000 threshold:
- Google and Yahoo will include personal accounts.
- Google will also include work or school accounts from Google workspace which don’t necessarily end in @gmail.com.
- All traffic from a sender will count towards that 5,000 threshold and includes transactional emails.
So, you may be closer to that bulk sender threshold than you think.
As a consumer, this is great news as you can say goodbye to those unsolicited messages you may be receiving daily. However, as a business, if your company sends emails to Google and Yahoo users, you may have some work to do.
You might be feeling slightly panicked, but don’t worry, we are here to help you prepare for the changes. Remember, these requirements are good for your customers and good for your deliverability score.
What do you need to do to prepare?
By February 2024, there are three main requirements that you’ll need to meet if you sit in the bulk sender threshold.
Google’s requirements are much stricter, once you meet those, you’ll also meet Yahoo’s:
Authenticate your email:
You shouldn’t need to worry about the intricacies of email security standards, but you should be able to confidently rely on an email’s source. So you are required to strongly authenticate your emails by setting up DMARC.
You can set up DMARC authentication for your sending domain at any time by simply publishing a DMARC record in your DNS provider. To pass DMARC authentication, messages must be authenticated by SPF and/or DKIM and the authenticating domain must be the same domain that’s in the message From: header.
You can find out more about Google’s specific guidelines here.
Enable easy unsubscription:
Users shouldn’t have to jump through hoops to stop receiving unwanted messages from a particular email sender – it should only take one click. Therefore, you will be required to give recipients the ability to unsubscribe from your email in one click, and the unsubscription must be processed within two days.
So in total, you will need a one click unsubscribe link and an additional unsubscribe option, which sits in the email body, however this doesn’t need to be a one step process.
This isn’t something to worry about, an easy unsubscribe experience is best practice. If this is something you need to get more compliant on, your deliverability score and sender reputation is likely to improve.
Ensure you’re sending wanted email:
Ultimately, no one likes spam. Gmail and Yahoo already include many tools that keep unwanted messages out of the inbox.
To further protect their users, Google will enforce a clear spam rate threshold, of 0.30%, that senders must stay under to ensure recipients aren’t bombarded with unwanted messages.
This is an industry first, and as a result, users should see even less spam in their inbox. So it is extremely important that you are ONLY sending emails to your recipients that they WANT to receive.
We hope this article has answered some of the worries and questions you may have had about Google and Yahoo’s update – if you have any more, please reach out to our team and we’ll be happy to help!