Blog

Gmail and Yahoo: New Bulk Sender Rules 2024

We all know how prevalent email communication is online and are very familiar with unsolicited and spam messages. They can not only be annoying to sift through, but they can even hide potential security threats within their contents. Ultimately, email senders should ensure they are not sending such messages. Still, sometimes they can’t or don’t care. Fortunately, two of the biggest email service providers in the world have stepped up to the task. Gmail and Yahoo have implemented new requirements for bulk senders as of February 2024.

In the recent policy update, Gmail and Yahoo have introduced stringent measures to enhance their users’ inbox experience. These measures bear significant implications for email senders and focus primarily on authentication and email relevance. They also set the stage for other email service providers to adopt them and ultimately improve the experience and security of their users. In this blog post, we will discuss precisely what has changed and what you need to do to prepare.

Overview of the Changes

The most important thing to note right now is that the changes put forth by both Gmail and Yahoo should not impact the typical user. Those of us who send a few emails daily will only reap the benefits of these measures. What Gmail and Yahoo have implemented will impact the so-called “bulk” senders. Google defines bulk senders as senders with 5000 or more daily emails. You can see how these changes will have no effect on an everyday email user.

In a statement in October 2023, Gmail outlined the new requirements bulk senders must fulfil if they wish to send emails to Gmail users. Yahoo also posted a similar statement the same month, echoing Gmail’s sentiment. Both companies will closely monitor bulk senders from this point forward to ensure senders adhere to their new policies and how those policies affect their users’ inbox experience. As for the policies themselves, they consist of three major points.

  1. Email Authentication – Bulk senders must authenticate their identities via the SPF, DKIM, and DMARC protocols. Previously, utilizing just the former two was typically enough, but the requirement for DMARC has been quickly gaining popularity in recent months, culminating with this new policy;
  2. Easy Unsubscription – Every bulk sender must make it as easy as a single click for email accounts to unsubscribe from their emails;
  3. Relevant Emails and Spam Rates – Gmail and Yahoo will closely monitor how many emails users mark as spam. That will be the most challenging change for senders. They must maintain a spam threshold below 0.3%. Spam threshold is the percentage of emails recipients have marked as spam.

Such measures are nothing new, as email security and user experience have been a top priority of email service providers for years now. Gmail and Yahoo are the first ones to implement such strict requirements. That is another step towards making the email world a more pleasant place. The goal is to reduce the amount of unwanted emails users receive. These changes should not harm any legitimate bulk senders as long as they comply with them.

Considerations for Senders

Check this article:Metadata, Geotagging, and the REST API

Now is the time for bulk senders to evaluate their sending habits. If you have any users who use Gmail or Yahoo and wish to send them emails without receiving errors or potentially incurring more severe issues, take the time to comply with these requirements. It is also a great time to look at some of the best practices for email deliverability. Sending more than 5000 emails daily classifies you as a bulk sender, and these new requirements apply to you. It is essential to note, though, that mailbox providers such as Gmail and Yahoo are the ones who determine who is a bulk sender and who is not. You may think your operation does not send out bulk emails, but ultimately, the providers decide that. Often, when it comes to receiving email, the providers dictate what is spam and what is safe to receive.

To incentivize senders to comply with these new rules, Google has outlined what will happen otherwise. To sum up:

  • February 2024 – Users not covering the new requirements will receive temporary error codes. These will be on a small percentage of their non-compliant emails. Senders should use these errors to identify problematic email traffic and resolve it;
  • April 2024 – Gmail will start rejecting a percentage of non-compliant email traffic. The rejection rate will gradually increase as time goes on;
  • June 2024 – The deadline for senders to implement a one-click unsubscribe link. Otherwise, Gmail and Yahoo will start rejecting emails.

These dates apply only to Gmail for now, but we fully expect other email service providers to come up with similar timelines. Because of that, let us help you adapt to these new requirements.

Email Authentication

This push from Gmail and Yahoo for email security and authentication is an excellent time for email senders to catch up on securing and authenticating their outbound emails. In reality, what Gmail and Yahoo are asking for here is very easy to implement. It requires minimal technical knowledge, and we can even do it for you if you are our customer.

To comply with the new rules set forth by Gmail and Yahoo, senders must authenticate their outbound emails via three protocols: SPF, DKIM, and DMARC. We have a tutorial that talks about them in detail, so please make sure to check it out, as we will only summarize what each protocol or method does in this blog post. 

  • Sender Policy Framework (SPF) – This authentication method prevents email spoofing. Domain owners (from which emails are sent out) can specify which mail servers are authorized to send emails on behalf of the domain. Then, the recipient gets an email, the system checks the SPF record, and if the sending server is the right one, the email is allowed through;
  • DomainKeys Identified Mail (DKIM) – Unlike SPF, this authentication method uses cryptographic signatures to ensure email validity. The sender signs their emails with a private key. At the same time, the recipient checks that signature using a public key available in the domain’s DNS records. If they match, the email goes through;
  • Domain-based Message Authentication Reporting and Conformance (DMARC) – This mouthful of an authentication protocol works in concert with the other two authentication methods. In short, it is used mainly to combat unauthorized access and usage of email addresses: phishing and email spoofing are the main two. Additionally, it provides mechanisms for users to receive reports in case email service providers reject some of their emails. That in itself is invaluable when it comes to identifying vulnerabilities.

As you can see, it makes sense why Gmail and Yahoo are pushing for the authentication of emails. Previously, SPF and DKIM were enough to get a passing grade, so to speak. Nowadays, however, DMARC is just as important. If you have looked at our tutorial about these methods and protocols, you know you can implement them the DNS zone of your sending domain in only a few minutes. We strongly urge you to check our tutorial if you haven’t yet to avoid your emails bouncing back due to a lack of the necessary DNS records. 

Check this article:Developer Plugin 1.2.2 Released: New WP-CLI Command

If you are our customer, we already have you covered regarding SPF and DKIM. As we offer a complimentary email service, we also provide the necessary SPF and DKIM DNS records by default for your domains. As for DMARC, there are countless generators and checkers online, but we recommend MXToolbox.

They offer an intuitive and easy way to check if your sending domain has DMARC applied and can generate the DNS record for you. Simply check your domain; if it does not have DMARC, the website will automatically generate one for you. Of course, you are free to change the reporting behavior or the email addresses that will receive reports per your preference. When you are done, copy over the DNS record from the field on the right.

Of course, we stand ever-ready to assist you with any issues or questions you may have about the three authentication and security protocols: SPF, DKIM, and DMARC. If you are having trouble applying them to a domain hosted with us, please get in touch with us via live chat or a ticket. Our 24/7, always-human Technical Support team will be happy to help.

Easy Unsubscription

A clearly visible unsubscribe link in your emails has always been a good practice. This push from Gmail and Yahoo for such a link is not something revolutionary. In the past, recipients viewed it as a gesture of understanding towards your recipients. Such an easy-to-access and use link can show your recipients that you care about their comfort and email needs. Of course, there is the other side of the coin. Such links are sometimes buried deep and a hassle actually to get to work. Still, with Gmail and Yahoo’s new requirements, we hope to see fewer of those.

You may be wondering why this is such a significant requirement. The answer is relatively simple. Providing recipients with such an unsubscribe link saves you a lot of trouble as a sender. It allows recipients to stop receiving your emails without marking them as spam, which, ultimately, helps your email’s reputation. That is a huge thing when it comes to the world of emails. Email reputation can affect your email engagement metrics and spam rate. As mentioned, spam rate is the third major requirement Gmail and Yahoo want to push for, so having a positive sender reputation can be crucial.

In a recent interview, Marcel Becker, Sr. Product Manager for Yahoo, explained that users are much more likely to unsubscribe if the button is clearly visible in the inbox UI. That is even better if it is not at the bottom of the message. Users are more inclined to simply move the message to the spam box if the unsubscription process is tedious: elusive link, multiple steps to take, editing subscription preferences, and so on. You can also watch this webinar with experts on the topic who further elaborate on this and more.

Now, such links are mandatory if you want your emails to arrive successfully to Gmail or Yahoo users. The “one-click” requirement is not just a metaphor for “quick”, either. The unsubscription process must genuinely take a single click: click “unsubscribe,” and that is it. Once a user has unsubscribed, the sender must remove their email address from the mailing list within two days of the request.

Relevant Emails and Spam Rates

Finally, the emails themselves are the last of the three new significant requirements from Gmail and Yahoo. In a perfect world, every email would be something of at least marginal relevance to the recipient. Since we don’t live in a perfect world, though, spam is inevitable, and Gmail and Yahoo want to reduce their volume for their customers. They have both chosen the most straightforward way possible: set a very low spam threshold and inform senders that they can’t exceed it.

Currently, both companies have settled on a spam threshold of 0.3%. That means out of a thousand emails from a particular sender, only three were marked by users as spam. That may seem low, but consider how many emails are sent daily. Imagine how many emails Amazon sends out every single day. That 0.3% is not a small number all of a sudden. Anything above that number and your outbound emails may start getting bounced.

How do you keep that number low, though? There are a few things you can do.

  • Maintain Mailing Lists – It is vital to your emailing efforts that your mailing lists are thoroughly and adequately maintained as time goes on. It is not enough to simply compile or obtain one, but you must take good care of it as well;
    • The most important thing is to ensure only engaged addresses are on that list. Anyone who is no longer interested in your emails is very likely to mark them as spam;
    • Regularly clear out invalid or bad email addresses to reduce bounces, blocks, and abandoned or fraudulent email addresses;
  • Sunset Policy – As the name implies, such a policy or strategy is meant to decide when to stop emailing your customers. Every company will determine that for themselves, but here are two guidelines you can follow;
    • Firstly, determine when an email address is deemed “disengaged.” To do that, keep an eye on your email metrics. When recipients last engaged with your emails or when they even opened an email from you;
    • Secondly, decide how long it is appropriate to send a customer emails after sunsetting. Just because customers are not engaged now does not mean they might not become interested again. Once more, based on engagement metrics, decide when to cease sending emails to disinterested addresses;
  • Relevant Emails – The most important thing to remember is to send emails relevant to your customers’ or users’ needs. Using the shotgun approach is never a good idea, as that can generate tons of spam and unwanted messages. Instead, study what the people who receive your emails are interested in. Especially if you send out more than one email daily. We are certain anyone on the internet knows how much more likely they are to read an email if it is relevant to them than some random message.

All of this is particularly important now after Gmail recently purged a vast amount of inactive email accounts. As we mentioned, such email accounts can cause bounces and delivery failures, which are bad for your email’s reputation. Consequently, it can harm your spam thresholds, and you can see how everything is interconnected like that. 

Conclusion

Staying on the right side of email law amid Gmail and Yahoo’s evolving policies requires a proactive approach and adherence to the best practices for email deliverability. Prioritizing authentication, easy unsubscription, and sending relevant content will ensure compliance and contribute to a positive sender reputation in the evolving landscape of email delivery standards. Stay informed, adapt your strategies, and navigate these changes seamlessly for continued email success.