The best tools to see if you meet Google and Yahoo’s new bulk sending requirements

In October 2023 Google and Yahoo jointly announced new requirements for “bulk senders” – which are classified as those who send more than (or around) 5,000 messages per day to Gmail or Yahoo accounts. 

These requirements will go into effect February 1, 2024 and feature many new mandates which can broadly be grouped into three categories: 

  1. Authenticate your domain. Protect recipients from malicious messages and protect your organization from being impersonated.
  2. Make it easy to stop receiving email. Give recipients an easy way to unsubscribe from your messages.
  3. Don’t spam. Send messages people want to receive and only send them to people who signed up to get messages from you.

Leading security and marketing teams are currently working hand in hand to make sure that their organizations are ready for these changes. We realize this can be a daunting task so we have put together this guide to help you understand the best tools to use so you are ready come February 1, 2024. 

If you are looking to understand the new requirements better, check out our guide

The best tools for validating that you will pass Google and Yahoo’s new requirements for bulk senders

Most teams today have to use a variety of tools to make sure all sending domains and sending services will pass the new requirements. 

A friendly reminder that it is important to check your configuration for all domains and subdomains you send mail from and all the email services you send through. You can get more details on that here.

Red Sift Investigate

Red Sift Investigate is the only free tool on the market that can confirm your domain is authenticated and that you have the proper unsubscribe measures to pass Google and Yahoo’s new requirements. 

What makes Red Sift Investigate different is that through a test email, the tool can examine the readiness of each of your email-sending services. Send a test email from each one of your email-sending services and Red Sift Investigate can evaluate your email-sending and receiving infrastructure, parse the email headers, and evaluate the email message encryption status in real-time. 

By doing so users can understand if their email-sending service and sending domain meet the following criteria: 

  • SPF and DKIM authentication
  • SPF or DKIM alignment
  • A valid DMARC record with at least a policy of p=none
  • A TLS connection for transmitting email (new requirement as of December 2023)
  • Valid forward and reverse DNS records
  • One-click unsubscribe included in the message
All that is required to get going with Red Sift Investigate is for users to send an email to a test inbox.

Check your readiness now

Static checks for DMARC, SPF and DKIM

Many free tools on the internet like MX Toolbox can look at your DNS records to see if you have a valid SPF and DMARC record. Since DMARC, SPF, and DKIM information is publicly available, these tools start with your domain and see if a valid DMARC record is published in the DNS. However, these tools won’t necessarily confirm you have the proper SPF record and alignment for each of your sending services. This can only be tested through manual sending.

These types of tools are helpful for those organizations that are only uncertain about their DMARC configuration. Since these tools only look at the DNS, they cannot provide information about SPF or DKIM alignment, FCrDNS, TLS connections or one-click unsubscribes.

Manual email header verification

For those well-versed in email security and the right permissions in an organization, understanding if you are ready for the new requirements may be doable through manual verification. 

This would require sending a test email from every email service to an inbox the individual has access to and examining the header for the corresponding information in the new requirements. For large enterprises, this would quickly become arduous given the sheer number of email-sending services the average company uses.

An important note on checking spam rates

Spam rates are dependent on historical data and therefore cannot be captured through a real-time or static solution. That being said, Google and Yahoo both have great free tools for making sure that your spam rate never reaches a spam rate of .30% or higher. 

Google Postmaster Tools

Google Postmaster Tools tracks data on large volumes of emails sent to make sure that your sending domain stays healthy. Postmaster Tools surfaces the spam rate as the percentages of emails marked as spam by users vs emails sent to the inbox for active users. This tool does require domain verification and can only show relevant data based on how long it’s been since you verified your domain. Here’s a trick on verification… if you verify the root-level domain you can also add any subdomain to your Google Postmaster Tools account without having to individually verify each subdomain with a DNS record.

Yahoo Complaint Feedback Loop

With Yahoo’s Complaint Feedback Loop (CFL) mail senders will get forwarded complaints from Yahoo’s users that report messages to be spam. These reports allow organizations suppress the recipient from future campaigns, and review targeting and frequency to reduce complaints in the future. This program does require that domains be verified with DKIM. 

What to do next

The clear next step for all organizations that rely on large volumes of email is action. Use one of the approaches outlined above and ensure your email-sending domains and services are ready come February 1, 2024. 


If you realize you need to make changes to be compliant, check out Red Sift OnDMARC – our award-winning DMARC tool that makes DMARC, SPF, and DKIM implementation and configuration easy and efficient.

PUBLISHED BY

Rebecca Warren

4 Jan. 2024

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
Cybersecurity

Your guide to the SubdoMailing campaign

Billy McDiarmid

A significant number of well-known organizations have been attacked as part of what’s being called the SubdoMailing (Subdo) campaign that has been going on since at least 2022, research by Guardio Labs has revealed.   The scale of execution of this attack is staggering, and the impact is hugely damaging, but the goal is simple…

Read more
Certificates

A confident deployment guide for TLS and PKI

Ivan Ristic

Our journey to better network transport security has been quite the ride, filled with ups and downs. Back in the ’90s, when SSL and the Netscape browser were just taking off, things were pretty hard. We were dealing with weak encryption, export restrictions on cryptography, and computers that couldn’t keep up. But over the…

Read more
DMARC

Red Sift OnDMARC: The best Agari alternative for DMARC

Francesca Runger-Field

Looking for an alternative to Agari DMARC Protection that helps you safely and efficiently stop unauthorized use of your email-sending domains? You’re in the right place.  Here is your definitive comparison guide for Agari and Red Sift OnDMARC – one of the most popular Agari alternatives on the market.  Red Sift OnDMARC overview Red…

Read more
DMARC

Red Sift OnDMARC: The best Valimail alternative for DMARC

Francesca Runger-Field

Looking for an alternative to Valimail that helps you safely and efficiently stop unauthorized use of your email-sending domains? You’re in the right place.  Here is your definitive comparison guide for Valimail and Red Sift OnDMARC – one of the most popular Valimai alternatives on the market.  Red Sift OnDMARC overview Red Sift OnDMARC…

Read more