In October 2023 Google and Yahoo jointly announced new requirements for “bulk senders” – which are classified as those who send more than (or around) 5,000 messages per day to Gmail or Yahoo accounts.
These requirements will go into effect February 1, 2024 and feature many new mandates which can broadly be grouped into three categories:
- Authenticate your domain. Protect recipients from malicious messages and protect your organization from being impersonated.
- Make it easy to stop receiving email. Give recipients an easy way to unsubscribe from your messages.
- Don’t spam. Send messages people want to receive and only send them to people who signed up to get messages from you.
Leading security and marketing teams are currently working hand in hand to make sure that their organizations are ready for these changes. We realize this can be a daunting task so we have put together this guide to help you understand the best tools to use so you are ready come February 1, 2024.
If you are looking to understand the new requirements better, check out our guide.
The best tools for validating that you will pass Google and Yahoo’s new requirements for bulk senders
Most teams today have to use a variety of tools to make sure all sending domains and sending services will pass the new requirements.
A friendly reminder that it is important to check your configuration for all domains and subdomains you send mail from and all the email services you send through. You can get more details on that here.
Red Sift Investigate
Red Sift Investigate is the only free tool on the market that can confirm your domain is authenticated and that you have the proper unsubscribe measures to pass Google and Yahoo’s new requirements.
What makes Red Sift Investigate different is that through a test email, the tool can examine the readiness of each of your email-sending services. Send a test email from each one of your email-sending services and Red Sift Investigate can evaluate your email-sending and receiving infrastructure, parse the email headers, and evaluate the email message encryption status in real-time.
By doing so users can understand if their email-sending service and sending domain meet the following criteria:
- SPF and DKIM authentication
- SPF or DKIM alignment
- A valid DMARC record with at least a policy of p=none
- A TLS connection for transmitting email (new requirement as of December 2023)
- Valid forward and reverse DNS records
- One-click unsubscribe included in the message
| All that is required to get going with Red Sift Investigate is for users to send an email to a test inbox. Check your readiness now |
Static checks for DMARC, SPF and DKIM
Many free tools on the internet like MX Toolbox can look at your DNS records to see if you have a valid SPF and DMARC record. Since DMARC, SPF, and DKIM information is publicly available, these tools start with your domain and see if a valid DMARC record is published in the DNS. However, these tools won’t necessarily confirm you have the proper SPF record and alignment for each of your sending services. This can only be tested through manual sending.
These types of tools are helpful for those organizations that are only uncertain about their DMARC configuration. Since these tools only look at the DNS, they cannot provide information about SPF or DKIM alignment, FCrDNS, TLS connections or one-click unsubscribes.
Manual email header verification
For those well-versed in email security and the right permissions in an organization, understanding if you are ready for the new requirements may be doable through manual verification.
This would require sending a test email from every email service to an inbox the individual has access to and examining the header for the corresponding information in the new requirements. For large enterprises, this would quickly become arduous given the sheer number of email-sending services the average company uses.
An important note on checking spam rates
Spam rates are dependent on historical data and therefore cannot be captured through a real-time or static solution. That being said, Google and Yahoo both have great free tools for making sure that your spam rate never reaches a spam rate of .30% or higher.
Google Postmaster Tools
Google Postmaster Tools tracks data on large volumes of emails sent to make sure that your sending domain stays healthy. Postmaster Tools surfaces the spam rate as the percentages of emails marked as spam by users vs emails sent to the inbox for active users. This tool does require domain verification and can only show relevant data based on how long it’s been since you verified your domain. Here’s a trick on verification… if you verify the root-level domain you can also add any subdomain to your Google Postmaster Tools account without having to individually verify each subdomain with a DNS record.
Yahoo Complaint Feedback Loop
With Yahoo’s Complaint Feedback Loop (CFL) mail senders will get forwarded complaints from Yahoo’s users that report messages to be spam. These reports allow organizations suppress the recipient from future campaigns, and review targeting and frequency to reduce complaints in the future. This program does require that domains be verified with DKIM.
What to do next
The clear next step for all organizations that rely on large volumes of email is action. Use one of the approaches outlined above and ensure your email-sending domains and services are ready come February 1, 2024.
If you realize you need to make changes to be compliant, check out Red Sift OnDMARC – our award-winning DMARC tool that makes DMARC, SPF, and DKIM implementation and configuration easy and efficient.
