Deliverability
Now that we’ve officially rolled into 2024, it means Google and Yahoo’s email authentication changes are coming into effect. But what does this really look like for email senders? How is it going to impact you directly? And what will need to be implemented to stay on the right side of Johnny law?
Well, there’s no better people to ask than those behind the changes, right? Which is why we invited Yahoo’s Senior Director of Product, Marcel Becker, Google’s Director of Product Anti-Abuse and Safety, Anu Yamunan, and Sinch Mailgun’s Vice President of Deliverability, Kate Nowrouzi, to go through all your questions – and more – in our recent webinar. Here’s what they had to say.
Google and Yahoo are stepping up their game to keep our inboxes safe and junk free. They’re rolling out a new set of requirements for brands sending bulk email (5000+ emails a day) to reduce the risk of spam, phishing, and other malicious activities, improving the delivery of legitimate emails to subscribers’ inboxes.
So, why now? Why the sudden need for action?
Well, it’s probably worth mentioning that these new requirements are simply best practices that have existed for well over 10+ years now. There’s nothing particularly new or revolutionary about what Yahoo and Google have announced. In fact, many email senders already meet these authentication standards. The difference is they will now be enforced.
Here’s what Anu had to say about the “why” behind the changes:
It’s an opportunity for the industry to finally come together and meaningfully upgrade the safety of the email ecosystem. We believe that all recipients should be able to trust the messages they are reading from verified senders, as well as have more control over this relationship.
Marcel also weighed in:
We are looking at this from the UX perspective, we don’t want to punish senders, but simply provide the best experience possible for users. Email volume is increasing year on year, and consequently, so is the threat.
OK, so we know there are incoming changes, but what do they look like in practice? What do they entail at a more technical level? Essentially, there are three key requirements you will need to prioritize:
These mandates will only affect bulk senders. While Yahoo has steered away from giving a definite number (which we’ll get to later) Google has set a figure of 5000 or more messages to Gmail addresses in one day.
Let’s look at each of the three requirements in greater detail:
The first thing you will need to do Is set up the three standard protocols used to verify the legitimacy of your domain. This is good practice for a few reasons:
Now, those protocols in question are SPF, DKIM, and DMARC. If you’ve not come across them before we’ll quickly run through each one below:
SPF (Sender Policy Framework) allows senders to specify the servers and domains permitted to send email from their organization. When servers receive a message from your brand, they compare it to the list of allowed servers. This lets them verify the message actually came from you.
DKIM (DomainKeys Identified Mail) adds an encrypted digital signature to every message sent from your brand. Receiving servers use a public key to read the signature and verify that it came from you. This also prevents content being changed when the message is sent between servers.
DMARC (Domain-based Message Authentication, Reporting, and Conformance) essentially tells receiving servers what to do with messages from your brand when they fail either SPF or DKIM. Now, there are three options or “instructs” for servers:
Both Yahoo and Gmail will require bulk senders to implement DMARC with a minimum policy of p=none which instructs receiving mail servers to log but not to take any action.
|
What you’ll need |
How to get there |
|---|---|
|
Gmail: Both SPF and DKIM are required by Gmail. Messages that don’t carry these protocols will be rejected from the inbox or marked as spam. DMARC is also required to prevent Gmail impersonation in FROM headers. |
If you’re a Mailjet user, just follow our detailed guide to get your domains authenticated with SPF and DKIM. If you’re not, we’ve outlined the processes for obtaining these authentications in these posts: How to handle SPF and DKIM setup. For DMARC you will need to set up at minimum a p=none policy. |
|
Yahoo: Will require strong authentication and for users to “leverage industry standards such as SPF, DKIM, and DMARC”. |
Implementing DMARC takes a bit more time, as DMARC allows you to make choices regarding your policy based on your email program. Get started now by checking out our article What is DMARC and how it works. |
Giving your readers the option to unsubscribe from your email is, despite sounding very counterintuitive, beneficial at many levels. It can boost both open and click-through rates, while reducing the chance of your content being marked as spam.
This is why both Google and Yahoo have decided to mandate that senders include a one-click unsubscribe link. It’s important to note that this is not the same as adding an unsubscribe link to the foot of your emails. What is required is that you add a list-unsubscribe post headers into the header of your email as specified by RFC 8058.
When done correctly it should appear as follows:
This loops back to what Marcel mentioned earlier, about providing the best possible email experience for both senders and recipients. It ’s much easier for readers to unsubscribe from an email if it appears in the header above the body content, rather than scrolling down to the bottom of the page.
|
What you’ll need |
How to get there |
|---|---|
|
Same for Gmail and Yahoo: A single-click pathway for users to easily unsubscribe from your messages from within the mailbox provider’s UI using list-unsubscribe headers, and internal support to honor unsubscribe requests and remove addresses from relevant email lists within 2 days. |
Senders will need to put list-unsubscribe post headers into the header of their email as specified by RFC 8058. |
Now, reducing your spam complaint rate is a good idea for a number of reasons. It improves your sender reputation, fosters trust with your subscribers and positively impacts your email deliverability. Google and Yahoo both agree, setting a spam complaint threshold at 0.3%.
This shouldn’t be an issue for most email senders, with many brands coming in well under 0.1%. However, you’ll still want to monitor your spam complaint rate, which you can do so by signing up with Google Postmasters Tools. Mailjet customers are already forwarded Yahoo’s Feedback Loops which monitor spam complaints.
|
What you’ll need |
How to get there |
|---|---|
|
Same for Gmail and Yahoo: The spam complaint threshold is 0.3%. |
Closely monitor your spam rate, as well as other engagement metrics, using resources like Google Postmasters Tools. Employ deliverability best practices like list management and sunset policies to optimize your email lists, ensuring you’re only sending messages to engaged recipients. Use deliverability tools like Bulk Verifications and or Sinch’s InboxReady’s Inbox Placement Testing to stay on top of your overall deliverability and improve your inbox placement. |
While officially the rollouts will affect bulk senders – defined by Google as those sending over 5000 messages a day to Gmail accounts – the truth is it’s not as exact as that. What we mean is if you send 4999 messages you’re not suddenly exempt from these requirements.
If you’re a bulk sender, sending mass marketing email, whether that’s 2000, 3000, 5000 or 10,000 a day, you need to follow these guidelines. They are designed to help our mutual customers have the best inbox experience possible
Anu confirmed this to be the case with Google, too. The 5000-email figure is more of a guidepost than a strict number to be adhered to. Realistically, every sender should ensure their authentication systems are set correctly.
At the end of the day, these changes benefit everyone in the email ecosystem. They make senders more resilient against impersonation or spoofing attacks, while easier unsubscribe options will also reduce your spam score and consequently, maintain a relative level of interest from your email list.
You can watch the full webinar recording below:
Email deliverability excellence is always at the core of our product offering for all our email solutions. We’re constantly striving to set up our users for deliverability success and making sure you get the help you need to achieve it.
For example, a List-Unsubscribe header is added to all emails sent from Mailjet, meaning customers already comply with this requirement by default. We also have detailed documentation to set up the SPF and DKIM email authentication protocols required by Gmail and Yahoo.
And if you’re looking for even more tailored support, check out our Deliverability Services! We have a dedicated team of experts ready to help your company navigate these evolving industry standards and implement the tailored strategy that best fits your email needs.
