How marketers can work with security to meet Google and Yahoo’s requirements

I am lucky enough to have been a marketer at multiple cybersecurity companies. From these roles, I have learned from some of the best in the business how to effectively partner with your security team on any initiative. 

Given that Google and Yahoo’s bulk sender requirements are imminent,  it seemed like the perfect opportunity to share what I’ve learned so your business is ready come February 1, 2024. 

Wait, why do I need to talk to security?

If you are just figuring out the new requirements from Google and Yahoo, we have got you covered. Check out our full guide for all the details.

The tl;dr for marketers is, come February 1, 2024, organizations that send over 5,000 emails per day (aka bulk senders) must do the following: 

  1. Authenticate your domain. This is where you will need your security team’s help. You must protect recipients from malicious messages and protect your organization from being impersonated through specific security protocols. More details on that below.
  2. Don’t spam. Only send emails people want to receive and have opted-in to receive.
  3. Make it easy to unsubscribe. All promotional emails need to include one-click unsubscribe links.

Those organizations that don’t meet the above requirements risk email deferral by February 1, 2024 and full rejection in April 2024. 

Step 1: Don’t think of security as the department of “no”

Before I worked in security, I always thought of it as the far away department that told me to stop using the software I liked.

I can confidently confirm that that is not true. 

I can promise that they are busy (security teams everywhere are facing major understaffing challenges), they have a bunch of priorities that are not related to your marketing efforts, and this is just one of the urgent asks they will receive this week. 

But, every security leader I have met is focused on doing what is best for the business. And if you can help your team understand this is a requirement for your business, and not just a nice to have, you will have an ally to help you achieve what you need.

Step 2: Get clear on what your business needs to do

The easiest way to see if you need any help from the security team is to use a tool to examine your current email security configuration and see if you meet the requirements. 

At Red Sift, we are biased towards Red Sift Investigate – the only free tool on the market that can see if your email-sending infrastructure meets the new requirements from Google and Yahoo. 

All you have to do is send a test email from your bulk sending tool (like Hubspot, Mailchimp, or to Red Sift Investigate. From there you will get results that you can share with your security team about what you need to do specific to Google and Yahoo compliance.

Your results will be shown with green check marks for things that are compliant and red x’s for things that will need to be addressed. 

If you are willing to get into the weeds a bit more, there are other tools. Check out our tooling guide here.

Step 3: Get specific in your ask to your security team

With your Red Sift Investigates results in hand, you are in the perfect position to get clear on what you need to do to authenticate your domain. 

If you are confused about the errors you are seeing – or just want to make it super clear for your security team – check out our matrix that gives you more details on why you might be seeing errors. 

From there you are well positioned to put forth an ask to your security team. 

For example, if your Red Sift Investigate results look like this:

And you see in the matrix that this means “A DMARC record is required.” 

You can go to your security team and show them both, and ask how you can work together to make sure you can get the proper record in place. 

📢Don’t forget – you need to test all of your email-sending services. Just because your Hubspot test email passes, doesn’t mean your Mailchimp email will.

Step 4: Tie your ask to business outcomes

Like I mentioned earlier, your security team has a long, long priority list. And this may not be at the top of the list right now. But, it’s important to communicate with your team why now is the time to start taking action. 

Some quick digging can help you build your case. 

Ask yourself questions like: 

  • How did I use email to drive revenue last year? 
  • How many of my net new opportunities or new customers had email as a last touch? 
  • What would the cost of poor deliverability be for my business? 
  • What percentage of my database would stop hearing from me if I didn’t meet these new requirements? 

If you can put your ask in the context of the business problems to be solved, your security team will have a clear idea of why it’s so critical to meet these requirements quickly.

Where to go from here? 

It’s easy to try to ignore these new requirements from Yahoo and Google, but the repercussions for doing so will be significant. Take the first step today with Red Sift Investigate and reach out to your security team to get the conversation going. We are here to help, and you can always talk to a Red Sift expert to help begin your journey to Google and Yahoo bulk sender compliance.  


Rebecca Warren

1 Feb. 2024



Recent Posts


Your guide to the SubdoMailing campaign

Billy McDiarmid

A significant number of well-known organizations have been attacked as part of what’s being called the SubdoMailing (Subdo) campaign that has been going on since at least 2022, research by Guardio Labs has revealed.   The scale of execution of this attack is staggering, and the impact is hugely damaging, but the goal is simple…

Read more

A confident deployment guide for TLS and PKI

Ivan Ristic

Our journey to better network transport security has been quite the ride, filled with ups and downs. Back in the ’90s, when SSL and the Netscape browser were just taking off, things were pretty hard. We were dealing with weak encryption, export restrictions on cryptography, and computers that couldn’t keep up. But over the…

Read more

Red Sift OnDMARC: The best Agari alternative for DMARC

Francesca Runger-Field

Looking for an alternative to Agari DMARC Protection that helps you safely and efficiently stop unauthorized use of your email-sending domains? You’re in the right place.  Here is your definitive comparison guide for Agari and Red Sift OnDMARC – one of the most popular Agari alternatives on the market.  Red Sift OnDMARC overview Red…

Read more

Red Sift OnDMARC: The best Valimail alternative for DMARC

Francesca Runger-Field

Looking for an alternative to Valimail that helps you safely and efficiently stop unauthorized use of your email-sending domains? You’re in the right place.  Here is your definitive comparison guide for Valimail and Red Sift OnDMARC – one of the most popular Valimai alternatives on the market.  Red Sift OnDMARC overview Red Sift OnDMARC…

Read more