fbpx
Skip to Main Content

Google, Yahoo to combat spam with new email rules for senders

Published on November 17, 2023

Brad Gurley

Since the original announcement from Google and Yahoo about their new requirements for senders, we’ve seen some common questions. Reps from both platforms have clarified some areas of concern, and here we’ll break down some of the most asked questions and how they’ve been addressed.

NOTE: These best practices are based on the information we’ve received from the providers thus far, as interpreted by our team. We are not lawyers and nothing here should be construed as legal advice. 

Who do these changes apply to?

Google has defined “bulk senders” as anyone sending 5,000 or more messages to Gmail recipients in a given day, while Yahoo has provided no specific volume requirement.

Some senders have asked if this number includes similar content sent by the same organization or group from multiple subdomains, top-level domains, or even IP addresses. Some have even speculated they could circumvent these requirements by intentionally splitting traffic across domains/IPs. In response, both providers have indicated they will be able to identify traffic that may not specifically fall under the 5000/day category (whether intentionally or not) but is still subject to these rules. Yahoo noted they will use “all of the information available (content, IP, DKIM domain, etc.)”  to determine classification as a “bulk” sender.

In short, if your organization sends a significant amount of commercial email (marketing or transactional) on a regular basis, you should assume these requirements will apply to you.

What happens to mail that doesn’t comply?

This will likely depend on which of the requirements is not met. Mail that fails authentication or DMARC alignment will be bounced with a response that indicates the reason for the rejection, while mail that exceeds the spam threshold or is missing the required unsubscribe mechanisms will likely end up in the spam or junk folder.

What are the requirements for one-click unsubscribe?

Both providers have indicated the list-unsubscribe header is the preferred method of one-click unsubscribe, but they also require a visible unsubscribe link in the body of each message. The link in the body does not have to be one-click and can lead to a landing page/preference center. The one-click unsubscribe can be list-specific and is not required to unsubscribe the recipient from all mail.

What about transactional messages?

In the US, CAN-SPAM carves out a legal exception for transactional messages. By definition, these messages trigger when a recipient takes a specific action and may facilitate or confirm that action (think password resets, order confirmations). While Google and Yahoo have been less specific with guidance in this area, the indication is that they would like to see all bulk commercial mail include an unsubscribe link. This lack of specificity likely stems from the broad range of content considered “transactional” by different organizations and in various jurisdictions. Our recommended best practice is to include an unsubscribe mechanism in every message, allowing recipients to opt out of at least some transactional mail. High priority messages, like password resets, can be sent irrespective of the unsubscribe, but some users will appreciate the chance to decline other, less-wanted relationship/account messages.

Do I need to create a DMARC record, and on what domain?

The new requirements state that each bulk sender must publish a DMARC record on their sending domain (i.e., the domain in the From: address). You’ll also need to be sure the From domain matches the domain in either the SPF or DKIM headers for your message.

For more detail, our Support Center contains a primer on authentication protocols including SPF, DKIM, and DMARC. For MessageGears customers, our Support team will also be happy to help you set up custom authentication for your account and sending domain(s).

 

Below you’ll find our original post on the updates from Oct. 9, 2023:

Last week, the two largest players in the consumer email provider space made an unusual move: teaming up to help fight spam. Google and Yahoo each announced that they’re implementing new requirements for senders, with the stated goals of curbing the spread of spam and improving the email experience for users.

The changes will become official in early 2024. They are primarily focused around strengthening authentication and improving the process of unsubscribing from unwanted messages.

Most (but not all) of the requirements are specific to bulk senders, which Google defines as organizations sending more than 5,000 emails per day to their users.

Requirements for senders

While many of the finer details are pending, here are some key points from the announcements:

  • Senders should authenticate all mail with SPF and DKIM, with the domain used in the From: address matching the domain used for SPF and/or DKIM.
  • Bulk senders should publish a DMARC policy on their From: address domain(s)
  • Senders must employ a one-click unsubscribe method like the list-unsubscribe header. Unsubscribe links need to make it clear and easy to unsubscribe from all mail, and unsubscribe requests need to be honored within 2 days.
  • Both providers will employ a clear spam complaint threshold under which senders must remain to receive inbox placement. Google documentation indicates senders should aim for a complaint rate below 0.1% and absolutely avoid a rate above 0.3%, although this specific limit is not called out in the original blog post.

Most of the items outlined here have been best practices for some time, but these new guidelines leave little room for interpretation.

What’s next?

Senders who have been hesitant or unable to follow the current best practices need to ensure compliance by February 2024 to continue reaching the inbox.

In the meantime, the MessageGears Deliverability team is closely monitoring updates and participating in conversations with Google and Yahoo to ensure that we’re able to pass along the most accurate information.

Keep an eye on this space for updates as we find out more about the rollout, and reach out to our team if you have questions or concerns about your own compliance.