What marketers should know about Google and Yahoo’s requirements for bulk senders

From February 1, 2024, the world of email marketing is set to shift as Google and Yahoo’s requirements for bulk senders (businesses that send 5,000+ emails a day) come into effect. 

If you’re a marketer aiming to ensure consistent delivery to personal Google and Yahoo inboxes, it’s important you understand the upcoming changes and promptly review your sending practices. In this article, we’ll break down the requirements, explain what they mean, and help you get real-time insight into how your email setup stacks up with our free Google & Yahoo Compliance Checker tool. 

Understanding the bulk sending requirements

Why are Google and Yahoo making these changes?

Google and Yahoo are introducing new email deliverability standards to enhance the email experience for users and help achieve safer, less spammy inboxes. The aim is to prevent inboxes from being overwhelmed by unwanted, potentially dangerous emails and to ensure that recipients only get the mail they want to read.

Who do they apply to? 

If you send newsletters, product update emails, or any promotional mail to over 5,000 Gmail or Yahoo addresses, the new requirements apply to you. 

B2C marketers should pay particular attention as the chances are your email database is predominantly made up of personal addresses, with a significant majority using gmail.com addresses. Gmail has an approximate 30% email client market share (which makes up almost a quarter of the world’s email-using population) so bulk-sending compliance is crucial if you rely on email communication for your operations. 

Ok, so what are the requirements?

The bulk sender requirements center around three key pillars:

  1. Make it easy for people to stop receiving your emails: Bulk senders will need to provide a visible unsubscribe link in their marketing/commercial emails and process unsubscription requests within two days. 
  2. Don’t spam: A clear spam threshold of 0.3% will be set to keep unwanted mail out of inboxes.
  3. Authenticate the domains you send mail from: Both Google and Yahoo will require best practice security standards including SPF, DKIM, and DMARC. Confused by the acronyms? We will cover it all below.

If you’d like a tabulated overview of the requirements, read our guide for the full breakdown.

To start with, let’s break down the more straightforward requirements – unsubscribe links and spam rates – and explain their benefits for marketers. 

Include one-click unsubscribe links

One-click unsubscribe is a widely accepted practice in email marketing. It is required by CAN-SPAM, CASL and GDPR so it should come as no surprise that Google and Yahoo are following suit and mandating consent-based email marketing. 

Most email-sending platforms include one-click unsubscribe by default, including Hubspot, Mailchimp, and customer.io. Nevertheless, you should double-check all email-sending platforms you use to make sure you are compliant. 

Use our free Google & Yahoo compliance checker to test if your email-sending service has unsubscribe functionality

Check your readiness now

Keep spam rates low 

Google is pioneering an industry first by mandating that reported spam rates must be kept below 0.10% and must never reach 0.30%. Yahoo has aligned with its stance. 

It’s important for marketers to remember that reporting a message as spam is easy for a user to do, which makes it all the more important to ensure your recipients are receiving valuable, engaging content that they have opted in to. You should also regularly clean, segment, and update email lists to help maintain a good sender reputation and see emails landing in the rather than the spam folder. 

Google and Yahoo have great free tools to help bulk senders regularly monitor their email performance – check out Google’s Postmaster Tools and Yahoo’s Complaint Feedback Loop (CFL) program. 

Domain authentication

Authenticating your email-sending domains ensures bad actors cannot use them to send mail on your behalf. While we acknowledge that email authentication may seem daunting to a marketer, not implementing these standards has huge implications for both security and deliverability. Plus the expectation isn’t on the marketer to carry out the work – this is where your IT team comes in! More on that later.

In the table below, we’ve provided a quick overview of each requirement and its respective benefits.

Authentication requirementBenefit
Set up SPF and DKIM for each domain that sends mail Improves email integrity and sender verification. 
Send with an aligned `From` domain in either the SPF or DKIM domainsWithout having achieved alignment, you are risking your emails ending up in spam rather than in the inbox of the recipient. 
Publish a DMARC policy for each domain that sends mail Blocks attackers from impersonating your email-sending domain and sending phishing messages on your behalf. 
Ensure that sending domains or IPs have FcrDNS set upHelps with email deliverability. Without FCrDNS, certain mailbox providers may block or deliver mail to spam.
Use a TLS connection for transmitting emailPrevents fraudsters from snooping on your emails.

We think it’s fair to say that upon seeing these benefits, any experienced email marketer will consider them a critical tool in their arsenal – regardless of whether they are being mandated or not!

For a more in-depth read on email authentication, take a look at our latest article: “Why successful email marketing relies on email authentication”.

What should you do now?

The first step is to check whether your email-sending service is compliant with Google and Yahoo’s bulk sending requirements. 

Red Sift makes it easy for you – in under 60 seconds, our free Google & Yahoo Compliance tool, Red Sift Investigate, will determine if your email setup is set up for success.

All you need is to send a test email to a unique address that we provide, and we’ll analyze your setup dynamically and in real time. We’ll also send a copy of the results to your email so you have something to forward to your IT team when you ask for configuration assistance!

Ready to check your Google Yahoo bulk sending compliance in less than 60 seconds?

Check your readiness now

Approaching your IT team for assistance

It’s possible for marketers to action at least a handful of the Google and Yahoo requirements. You can check your one-click unsubscribe setup in your email-sending platform(s) and keep your eye on spam rates using Google’s Postmaster Tools and Yahoo’s CFL program. TLS is done by about 90% of providers already but if it’s not set up, it has to be actioned by the email service provider (ESP) – like Hubspot or Mailchimp.

For the email authentication requirements, we recommend approaching your IT team for guidance. We have written an article that provides step-by-step guidance on how to approach and work with your IT team to ensure Google & Yahoo bulk sending success. You can read it here.

The table below will give you an idea of which requirements are configured at the ESP level and/or at the domain level. 

It is important to note that if your organization uses multiple ESPs, you will need to configure these items in each platform. The same is true for the use of multiple domains. 


Requirement
Configured at
ESP/Platform levelDNS
Implementation of both SPF and DKIMYesYes
Sending with an aligned `From` domain in either the SPF or DKIM domainsYesYes
Sending from a domain with a DMARC policy of at least p=none (including a RUA tag, as recommended by Yahoo*)NoYes
Using a TLS connection for transmitting emailYesNo
Valid forward and reverse DNS (FCrDNS)YesYes
One-click unsubscribe (RFC 8058)YesNo
Low spam reported rateYesNo

Where do you go from here?

Adapting to the new bulk-sending environment is going to be an ongoing process. You need to ensure your email content is valuable to your recipients so you avoid being marked as spam, make sure your email marketing is permission-based, and work hand-in-hand with your IT team to make sure any existing or future email sending sources are correctly authenticated. 

Though there have not yet been any formal announcements, it’s possible that the requirements could become stricter in 2024. The next potential step could be that DMARC enforcement is required, which is a significant step up from the current policy that is being mandated. We recommend bookmarking Google and Yahoo’s guidelines, keeping an eye on our blog to help you stay up to date with the latest industry trends and regulations, and making use of our free Google & Yahoo Compliance tool, Red Sift Investigate, to ensure compliance across all of your email-sending services.

PUBLISHED BY

Francesca Runger-Field

1 Feb. 2024

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
Cybersecurity

Your guide to the SubdoMailing campaign

Billy McDiarmid

A significant number of well-known organizations have been attacked as part of what’s being called the SubdoMailing (Subdo) campaign that has been going on since at least 2022, research by Guardio Labs has revealed.   The scale of execution of this attack is staggering, and the impact is hugely damaging, but the goal is simple…

Read more
Certificates

A confident deployment guide for TLS and PKI

Ivan Ristic

Our journey to better network transport security has been quite the ride, filled with ups and downs. Back in the ’90s, when SSL and the Netscape browser were just taking off, things were pretty hard. We were dealing with weak encryption, export restrictions on cryptography, and computers that couldn’t keep up. But over the…

Read more
DMARC

Red Sift OnDMARC: The best Agari alternative for DMARC

Francesca Runger-Field

Looking for an alternative to Agari DMARC Protection that helps you safely and efficiently stop unauthorized use of your email-sending domains? You’re in the right place.  Here is your definitive comparison guide for Agari and Red Sift OnDMARC – one of the most popular Agari alternatives on the market.  Red Sift OnDMARC overview Red…

Read more
DMARC

Red Sift OnDMARC: The best Valimail alternative for DMARC

Francesca Runger-Field

Looking for an alternative to Valimail that helps you safely and efficiently stop unauthorized use of your email-sending domains? You’re in the right place.  Here is your definitive comparison guide for Valimail and Red Sift OnDMARC – one of the most popular Valimai alternatives on the market.  Red Sift OnDMARC overview Red Sift OnDMARC…

Read more