Email sender requirements for major webmail providers

Email marketers, it's time to mark your calendars. On February 1st, 2024, Google and Yahoo will require bulk senders to authenticate their emails, make unsubscribing easy, and stay under a spam rate limit. Let's walk through the new standards: ✅ Email Authentication: Senders need DMARC, SPF, and DKIM verification. 🚫 Easy Unsubscription: One-click unsubscribe with a two-day honor period. 🙅 Low User-Reported Spam: Under 0.3% spam rate threshold. These new requirements are a good thing! Less spam in inboxes means your legitimate emails are more likely to be seen. Authenticated emails are also essential for security reasons, making phishing attempts easier to squash. Emails also look more reputable and on-brand from your organization's domain than your technology provider's. (The same guidance applies to URLs.) For nonprofits, these rules take effect after the EOY fundraising season. That said, February 1st will be here before you know it. Here are some steps to take: EMAIL AUTHENTICATION There are two ways to verify if you have DMARC, SPF, and DKIM records in place. 1. Find an email from your organization sent to your personal Gmail address. Click the three dots and select "Show Original." Each record should be marked as "PASS." 2. Use a web tool such as EasyDMARC's domain scanner. Enter each domain you use to send bulk emails, and it will show you whether DMARC, SPF, and DKIM records are in place. If you don't have all three in place, check with your tech provider for a how-to guide. EASY UNSUBSCRIPTION To meet the new "one-click" unsubscribe requirements, emails must include a List-Unsubscribe header. Email services use this to add unsubscribe links directly to their interfaces, so readers don't need to dig through the fine print to find the link. Look for an underlined "Unsubscribe" link in Gmail next to the email sender. In Yahoo's interface, click the three dots next to the spam button and look for an "Unsubscribe" option. Most modern email platforms have this covered, but contact yours if it is not in place. Honoring unsubscribes within two days means ensuring you have your email tool(s) set up correctly to exempt opt-outs. This should be instant, but watch out if you send from multiple platforms. When someone asks to unsubscribe from one tool, make sure their choice is respected in all the others. This is all the more reason to integrate your tech stack and have a centralized system for collecting consent, sending emails, and managing opt-outs. LOW USER-REPORTED SPAM With the right tools, the 0.3% threshold is easy to manage. First off, enable Google's Postmaster Tools to see where you stand. Secondly, make sure you only send to engaged contacts. This will reduce your spam rate and increase your engagement rates. Email deliverability doesn't need to be a mysterious process! Familiarize yourself with the terminology, get your house in order, and commit to better email practices.

Important Email Update! New requirements from Gmail and Yahoo Mail effective February 2024. 𝐄𝐦𝐚𝐢𝐥 𝐬𝐞𝐧𝐝𝐢𝐧𝐠 𝐛𝐞𝐬𝐭 𝐩𝐫𝐚𝐜𝐭𝐢𝐜𝐞𝐬: As part of their ongoing commitment to enhance email security and protect user inboxes, Gmail and Yahoo Mail have announced a set of new requirements for email senders, effective February 2024. The new requirements include long-standing best practices that all email senders should follow in order to achieve good deliverability with mailbox providers. What's new is that Gmail, Yahoo Mail, and other mailbox providers will require alignment with these best practices for those who send bulk messages over 5000 per day or if a significant number of recipients indicate the mail as spam. 𝐑𝐞𝐪𝐮𝐢𝐫𝐞𝐦𝐞𝐧𝐭𝐬: - SPF (Sender Policy Framework) is a domain-based way to determine what IPs are allowed to send email on somebody's behalf. - DKIM (Domain Keys Identified Mail) is a message-based signature that uses asymmetric cryptography to sign email and verify that a message was not altered in transit. - DMARC (Domain-based Message Authentication, Reporting & Conformance) builds on top of SPF and DKIM and instructs receivers to approve, quarantine, or reject email messages. 𝐖𝐡𝐲 𝐢𝐭 𝐦𝐚𝐭𝐭𝐞𝐫𝐬: For senders of bulk messages, meeting these requirements is crucial to maintaining good deliverability and ensuring that your emails reach the intended recipients' inboxes. Failure to comply may result in emails being marked as spam or rejected by mailbox providers. 𝐖𝐡𝐚𝐭 𝐲𝐨𝐮 𝐬𝐡𝐨𝐮𝐥𝐝 𝐝𝐨: Review your current email sending practices to ensure alignment with SPF, DKIM, and DMARC. If necessary, update your SPF, DKIM, and DMARC configurations to comply with the new requirements. Check the diagram showing how SPF and DKIM work together with your DMARC policy. #EmailSecurity #GmailUpdate #YahooMail #SPF #DKIM #DMARC #Authentication #CyberSecurity #EmailBestPractices

Starting from February 1st, Gmail and Yahoo are making some big changes to their policy. But the no.1 requirement is one too technical for most marketers: “Authenticate outgoing emails setting up SPF, DKIM, and DMARC” Here’s what all those terms means, and what you need to do to make sure your emails continue to reach your users: What email clients want is for a way to check the “authenticity” of your emails. So they ask you to set up these authentication techniques: 1. SPF allows a domain to specify which IP addresses can send that mail. It’s like specifying which ‘postman’ is allowed to deliver the mail. 2. DKIM is like a digital signature. Imagine a seal on the envelope telling you its contents were not altered. 3. DMARC is a policy that decides what to do with the mail if both SPF and DKIM fail. *** How can you check if your email is authenticated as a sender?  1. Open an email in your desktop  2. Click the three dots on top right  3. Click “Show original”  4. Should show PASS for SPF/DKIM/DMARC *** Besides having these in place, here are some other recommendations in the recent updates by Gmail & Yahoo: 1. DMARC policy of p=none is enough for now. DMARC policies can be of different types. In ‘p=none’, you don’t take any action against emails that have failing SPF/DKIM. But you receive reports to keep an eye. But if your brand has already seen phishing emails being sent in your name, it’s better to switch to p=reject/quarantine.  2. Separate email types by IP or DKIM domain I.e., don’t send marketing emails and transactional emails from the same source. It ensures that any negative response to a marketing campaign doesn’t also lead to your important transactional emails to land in spam. *** None of these requirements are new. They were just more often called ‘best practices.’ If you need any other questions about these changes, ask away in the comments below

Updated bulk email requirements by Google and Yahoo. I would imagine Microsoft won’t be far behind. Yahoogle will begin enforcing these requirements beginning in Feb. So only 26 days left to get this done or risk your emails being blocked/denied by Yahoo, AOL, and Google. I’ve color coded the screenshot to make it super easy to know what *you* are responsible for. ‣ RED: Set up your SPF and DKIM Records ‣ ORANGE: Install Google Postmaster Tools and monitor your spam rate. It should be kept under 0.1%. Spam complaints are calculated on a daily basis. If your complaint rate gets close to or over 0.3% - you’re at risk of burning your sending domain/email. ‣ BLUE: Use your own domain - you’ll no longer be able to send from email addresses like tyler@gmail(.)com from your ESP. This is because Google themselves are implementing their own DMARC policy and if you’re sending from a gmail(.)com email address, that will fail Google’s DMARC and none of your emails will be delivered. ‣ PINK: Set up a DMARC policy. Here’s a copy/paste example DMARC Record for you ----- Record Type: TXT Name: _dmarc Value: v=DMARC1; p=none; rua=mailto:email+dmarc@yourdomain(.)com; sp=none; adkim=r; aspf=r ----- ***update that RUA tag to *your* email. I recommend putting the “+dmarc” to make these reports easy to filter since dmarc reports are generated daily. So my email tyler@hypermediamarketing(.)net would look like this tyler+dmarc@hypermediamarketing(.)net. Then in gmail I would create a filter for any emails to the email address “tyler+dmarc@hypermediamarketing(.)net” to go into a dmarc folder. Or there are DMARC monitoring services you can have those reports sent too. Which I would also recommend so you're actively monitoring your DMARC reports. ----- Last, this is something that needs to be done for every software you're using for emailing. If you're using Google Workspace for 1:1 emails - ensure all authentication measures have been set up. If you're using ActiveCampaign, HubSpot, Keap, MailChimp, etc - SPF and DKIM records need to be set up for those *as well as* Google Workspace. If you're using a help desk - SPF and DKIM records need to be set up. Hit me up with questions if you have them! #emailmarketing #emailmarketingtips

ICYMI: There are new email rules going into effect for Google on February 1, 2024, and Yahoo in Q1. Failure to comply could cause your emails to be rejected, so make sure to add this to your list over the next 6 weeks. These rules apply to any company sending more than 5,000 messages to Gmail accounts or Yahoo-owned inboxes within a 24-hour period. I've seen some confusion about how this is calculated, so here are some facts direct from Google FAQs, which appear to be the same as Yahoo: - For now, this includes recipients with personal addresses ending in @gmail.com, @yahoo.com or @aol.com, though it may extend to recipients with corporate accounts in the future. - It also applies to senders from any domain or email provider. - The count is aggregated by domain (e.g., if 100 people with the same sender domain each send 50 emails to gmail accounts within a 24-hour period, that counts as 5,000). - The count includes emails from both humans and systems (transactional emails, automations, etc.). With stuff like this, it’s typically better to be safe than sorry and assume they apply to your company. It’s also expected that other providers will follow their lead. There are three main things to do: 1. Authenticate your email and align your “from addresses.” This is pretty technical and instructions differ by provider. Some links to guides from common ESPs in the comments. 2. Enable 1-click unsubscribe from commercial emails and process within 2 days. It’s unclear how broadly they will define “commercial” but it explicitly doesn’t include transactional emails (e.g., password resets, form submit confirmations). 3. Stay below a spam rate. Google recommends staying below 0.1% and will now enact more harsh penalties if it goes above 0.3%. Check the comments for more detailed resources from reputable sources and platforms you might be using. #yourweeklymap #deliverability