Email communication has become an integral part of our daily lives, serving as a vital tool for both personal and professional interactions. In light of this, Yahoo and Google, two major players in the email service industry, have recently announced significant updates aimed at enhancing the security and user experience for their millions of users worldwide.
Prioritize Email Authentication
Many bulk senders neglect proper security measures, creating opportunities for attackers to operate covertly. To address this, we’ve honed in on a critical aspect of email security: ensuring that the claimed sender is legitimate. Last year, Google took a significant step forward by mandating some form of authentication for emails sent to Gmail addresses. This initiative led to a remarkable 75% reduction in unauthenticated messages received by Gmail users. This not only streamlined inboxes but also bolstered our defenses against billions of potentially harmful messages. While this progress is commendable, there’s still much work ahead, especially in establishing new requisites for high-volume senders.
Unified Requirements by Yahoo and Google:
Both Yahoo and Google share a common vision of creating a safer, more user-friendly email environment. To achieve this, they have jointly established a set of requirements for bulk senders, aligning their efforts towards common goals:
- Email Authentication:
- Yahoo: Requiring senders to implement stronger email authentication standards such as SPF, DKIM, and DMARC.
- Google: Mandating that bulk senders strongly authenticate their emails following established best practices, ensuring the verification of the email sender’s identity.
- Easy Unsubscription:
- Yahoo: Enforcing support for one-click unsubscribe and prompt processing of user requests within two days.
- Google: Requiring large senders to provide Gmail recipients with the ability to unsubscribe from commercial emails in one click, streamlining the process for users.
- Sending Only Desired Emails:
- Yahoo: Enforcing a threshold to maintain a spam-free mailbox, ensuring users’ inboxes are free from unsolicited or irrelevant messages.
- Google: Introducing a clear spam rate threshold that senders must adhere to, further reducing unwanted messages in users’ inboxes.
Mandatory Requirements for All Senders
Commencing on February 1, 2024, all senders are required to fulfill the conditions laid out in this section. It is important to emphasize that if your daily email volume exceeds 5,000 messages sent to Gmail accounts, you must additionally comply with the “Requirements for Sending 5,000 or More Messages per Day” mentioned below.
These universal requirements encompass:
- Implementing SPF or DKIM email authentication for your domain.
- Verifying that IP addresses or sending domains have valid forward and reverse DNS records, also known as PTR records.
- Maintaining spam rates reported through Postmaster Tools at or below 0.3%.
- Formatting messages in accordance with the Internet Message Format standard (RFC 5322).
- Strictly refraining from impersonating Gmail From: headers, as Gmail is set to enforce a DMARC quarantine policy. Impersonation may have adverse effects on your email delivery.
- If you regularly forward emails, whether through mailing lists or inbound gateways, it is imperative to include ARC headers in outgoing messages. ARC headers serve to indicate that the message has been forwarded and identify you as the forwarder. For mailing list senders, the addition of a List-id: header specifying the mailing list is also essential in outgoing messages.
Requirements for Sending 5,000 or More Messages per Day
Commencing on February 1, 2024, senders who dispatch over 5,000 messages daily to Gmail accounts must adhere to the stipulations outlined in this section. It is imperative to ensure compliance with the following criteria:
- Set up SPF and DKIM email authentication for your domain.
- Verify that sending domains or IPs possess valid forward and reverse DNS records, also known as PTR records. Further details can be found in the provided resources.
- Maintain spam rates reported through Postmaster Tools at or below 0.3%.
- Format messages in accordance with the Internet Message Format standard (RFC 5322).
- Strictly refrain from impersonating Gmail From: headers, as Gmail will soon implement a DMARC quarantine policy. Impersonation may adversely affect your email delivery.
- If you frequently forward emails, whether through mailing lists or inbound gateways, it is crucial to include ARC headers in outgoing messages. ARC headers serve to indicate that the message has been forwarded and identify you as the forwarder. For mailing list senders, adding a List-id: header specifying the mailing list is also essential in outgoing messages.
- Establish DMARC email authentication for your sending domain. Note that your DMARC enforcement policy can be set to none.
- For direct mail, it is mandatory that the domain in the sender’s From: header aligns with either the SPF domain or the DKIM domain. This alignment is a prerequisite for passing DMARC validation.
- Marketing messages and subscribed messages must facilitate one-click unsubscribe, accompanied by a prominently visible unsubscribe link within the message body. Further guidance is available in the provided resources.
If you exceed 5,000 email transmissions per day before February 1, 2024, it is highly advised to promptly implement the guidelines detailed in this article. Doing so may enhance the likelihood of successful email delivery. Failure to meet these requirements may result in emails not being delivered as anticipated, or potentially being flagged as spam. For assistance with email delivery issues, refer to the Troubleshooting section.
To delve deeper into the setup of SPF, DKIM, and DMARC, visit the resource on Preventing spam, spoofing & phishing with Gmail authentication.
Collaboration Across the Industry:
Yahoo and Google both emphasize the importance of collective responsibility within the email community. They are committed to working with industry peers to establish these common-sense, high-impact changes as the new industry standard.
The specific recommendations outlined below are designed to assist you in effectively sending and delivering emails to various types of accounts, including personal accounts as well as work or school accounts associated with workspaces such as Google’s and Yahoo’s. It’s important to adhere to these sender guidelines to optimize the delivery of your messages and avoid potential restrictions, blocks, or spam markings in recipients’ inboxes.
These updates from Yahoo and Google mark a significant step forward in improving email security and user experience. By prioritizing authentication, easy unsubscription, and sending only wanted emails, both companies are demonstrating their dedication to creating a safer and more user-friendly email environment. As users, we can look forward to a future with even less unwanted emails cluttering our inboxes.