Changes required for Google and Yahoo DMARC authentication

Is your email sender policy framework ready for Google’s authentication changes coming February 1st?

What is happening to Gmail and Yahoo email policy?

This February, Google and Yahoo are introducing some new requirements to bulk senders and the way emails are delivered, monitored and filtered. Google and Yahoo DMARC policy is changing to reduce the risk of unwanted emails like spam, phishing and spoofing. So you’ll need to check if there’s action required to continue sending your branded emails.

Read on to discover the actions you need to be taking, and what your ESP (Email Service Provider) alerts and emails actually mean!

Who is Impacted?

Regardless of the email marketing tool you use, whether it’s MailChimp, Klaviyo, Salesforce, Sendgrid, Shopify or HubSpot – just to name a few – you’ll have to make sure your domain is compliant by the 1st of February. The good news is you can easily check your domain online – keep reading to find out more!

Why do you need to authenticate your emails?

Authenticating your email improves user experience for recipients. The risk of spam, phishing and spoofing is significantly reduced. This means users can be confident that the emails they receive are genuine and trustworthy. Similarly, easy to follow sequences to unsubscribe could mean that recipients inboxes are not so diluted and consumers are more likely to see and engage with your content. Making these small changes will mean your emails are far less likely to end up in spam folders. This could increase your brand authority and increase the effectiveness and quality of your email communications entirely.

Google and Yahoo DMARC Requirements

Here’s a bit more detail on the changes Google and Yahoo are introducing. If you’d like any help, don’t hesitate to get in touch with us!

These new requirements will impact most brands and small businesses, in the way that emails are delivered, monitored and filtered. Although these changes will improve user experience for customers, businesses that have not taken the appropriate precautions could risk their emails heading straight to the spam folder. These changes are likely to affect both companies that send over 5,000 emails daily and companies with lower send volume in different ways. So you’ll need to check if there’s action required to continue sending branded emails.

Guidelines Send less than 5,000 Emails/Day Send more than 5,000 Emails/Day
SPF/DKIM Set up SPF or DKIM email authentication for your domain. Set up SPF and DKIM email authentication for your domain.
DNS Records Ensure that sending domains or IPs have valid forward and reverse DNS records, also referred to as PTR records. Ensure that sending domains or IPs have valid forward and reverse DNS records, also referred to as PTR records.
TLS Connection Use a TLS connection for transmitting email. Use a TLS connection for transmitting email.
Spam Rates Keep spam rates reported in Postmaster Tools below 0.10% and avoid ever reaching a spam rate of 0.30% or higher. Keep spam rates reported in Postmaster Tools below 0.10% and avoid ever reaching a spam rate of 0.30% or higher.
Message Format Format messages according to the Internet Message Format standard (RFC 5322). Format messages according to the Internet Message Format standard (RFC 5322).
Gmail Headers Don’t impersonate Gmail From: headers. Don’t impersonate Gmail From: headers.
Forwarding If you regularly forward email, including using mailing lists or inbound gateways, add ARC headers to outgoing email. If you regularly forward email, including using mailing lists or inbound gateways, add ARC headers to outgoing email.
DMARC No change required, but recommended for best practice. Set up DMARC email authentication for your sending domain. Your DMARC enforcement policy can be set to none.
Header Alignment No change required, but recommended for best practice. For direct mail, the domain in the sender’s From: header must be aligned with either the SPF domain or the DKIM domain.
Unsubscribe No change required, but recommended for best practice. Marketing messages and subscribed messages must support one-click unsubscribe, and include a clearly visible unsubscribe link in the message body.

What changes should you make to avoid the spam folder?

Email authentication:

Connect your email to your domain, this ensures that your email appears as though it is coming from its claimed source (your website), It is important that your ESP (email service provider) and domain are linked and working together. Once completed, emails will be verified from that domain and will no longer be interpreted as impersonation (spoofing), this will improve emails landing in your inbox instead of a customers spam folder. To authenticate your email, senders can use security protocols like DKIM, SPF and DMARC.

One click unsubscribe:

Data protection law states that everyone has a right to withdraw their data, the new policies coming into place are intended to make this process as seamless as possible for users. In order to comply with these new policies it is important that an unsubscribe option is visible on all marketing emails and is an easily executed process for users – one click.

Spam complaint rate:

Ideally, your spam complaint rate should be around 0.1%, with a maximum of 0.3% this means that there should be fewer than three spam reports for every 1000 emails you send. Your spam complaint rate is likely to be available for viewing on your ESP dashboard.

How can you authenticate your emails?

Not to worry, by taking the correct steps, resolving this issue should be quick and stress free!

How to authenticate your email domain.

DKIM (Domain Keys Identified mail): To add a digital signature to your emails you can set up DKIM records in your domain’s DNS (Domain Name System) settings. Doing this will help Google and Yahoo to identify the link between your domain and email address and proves that the content hasn’t been altered in transit.

SPF (Sender Policy Framework): DNS settings have an option to specify the IP addresses or mail servers that are permitted to send emails on behalf of your domain. To do this you will need to create an SPF in your DNS settings listing all the authorised sending sources. This way emails from your domain will not be sent from outside sources. 

DMARC (Domain-based Message Authentication, Reporting and Conformance): This is a combination of DKIM and SPF that flags emails that do not comply with SPF or DKIM checks. You can set a protocol with these flagged emails like putting them in spam or rejecting them. To set up a DMARC policy, you will need to add a DMARC record to your DNS settings at the very least with “p=none” before the 1st February.

How to enforce one-click unsubscribe.

To make unsubscribing as simple as possible for your readers, there are a couple of steps you can take. Including a clearly visible and accessible unsubscribe link in marketing emails is a way to allow recipients to unsubscribe without them having to navigate through multiple pages and sign in and out. The un-subscription process should be as simple as possible and immediately implicated. Continuing to contact recipients after they have unsubscribed is a breach of GDPR.

How to maintain a low spam complaint rate.

If your email content is not of a high quality, there is a chance recipients could report the messages as spam. This can put your brand authority at risk but can be avoided by the following: Ensuring your email content is relevant and clearly representative of your brand reduces the likelihood of readers mistaking it for spam. Subscribers have signed up for email content related to your brand so try to remember that this is the content they want.

Try to ensure that all the emails you send are to genuine subscribers. Purchasing a mailing list or sending emails unsolicited can result in inflated spam complaints. Regularly cleaning out your mailing list is an effective way to keep spam complaints at a minimum. Having dormant or invalid email addresses in your mailing list could increase the likelihood of emails being marked as spam.

Monitoring feedback via tools such as Google’s postmaster to monitor your spam complaint rate, you can identify peaks in complaints and respond accordingly. Ensure you are removing recipients who have unsubscribed as quickly as possible so that continued emails are not reported as spam.

In Summary

Although these changes may seem minor, they could be the difference between effective and ineffective email marketing. This change started on 1st February 2024 with full implementation from April. If you have any questions or would like a free audit get in touch below!

FAQ’s

What is Google changing in February?

Google and Yahoo DMARC came into effect earlier this year (2024 onwards). Make sure you’ve completed your email authentication before this date, or as soon as possible afterwards.

Can I still send to more than 5k Gmail email addresses?

Yes. Send limits are not changing, this update is all about authenticating your ownership of the branded domain, specifically when batch sending (i.e to more than 5,000 contacts). We still recommend considering a segmented approach or throttling strategy for larger subscriber bases.

I use an @gmail address, do I still need to make a change?

Yes, you still need to make a change. Because you won’t be able to authenticate yourself as the owner of gmail.com (unless you are of course Google) you’ll need to first set up a branded sender domain e.g email.mydomain.com.

Can I still have a separate reply-to address?

The changes do not affect the reply-to email address. So you can continue with your current set up.

How do I keep my spam rate below 0.1%?

Think about your contacts and their reasons for marking your email as spam. Are they expecting your email? Did they sign up and double opt-in? Have they opened an email from you in the last 60+ days? If your customer answers NO to any of these questions there’s a higher chance they will mark your communication as spam. It’s not personal, just perhaps not relevant any more. Your business isn’t built on the amount of emails you send, but the positive response from those who do receive it.

Is my email on a spam list?

Do you remember the old ‘read receipt’ notifications you could set up?! There was a level of frustration and invasion of privacy attached to these. Knowing whether an email goes into an inbox (primary inbox), spam, or trash folders is no longer possible, but there are signs which may help. These include: low open and click rates, contacts in your subscriber base who haven’t opted in, large images being used, negative trigger words in your copy like big financial incentives or lot’s of uppercase letters, or a high bounce rate. If you have any of these it’s likely your emails are going into spam.

Is my email on a spam list?

Do you remember the old ‘read receipt’ notifications you could set up?! There was a level of frustration and invasion of privacy attached to these. Knowing whether an email goes into an inbox (primary inbox), spam, or trash folders is no longer possible, but there are signs which may help. These include: low open and click rates, contacts in your subscriber base who haven’t opted in, large images being used, negative trigger words in your copy like big financial incentives or lot’s of uppercase letters, or a high bounce rate. If you have any of these it’s likely your emails are going into spam.

Should I use SPF or DKIM?

Email authentication has been around for many years now, and although the process for setting up SPF, DKIM, and DMARC isn’t changing, google and yahoo are now going to enforce policy. Think of these settings as being best practice, and eventually you will want to complete them all.

How can I identify un-engaged email addresses on my mailing list?

There are multiple ways of identifying unengaged email addresses. By unengaged we usually mean these contacts haven’t opened an email within the last 60 days. Depending on the type of business you manage you might also want to consider the importance of email clicks as well as opens. Your ESP will provide you with access to performance data, and most will also provide the capability of segmenting your engaged vs unengaged audience, making it easy to only send to contacts you know are most interested in your brand. You can also start to think about how you talk to contacts who haven’t engaged recently.

Further reading: