Google and Yahoo’s new sender requirements you need to know

2nd November 2023

As we love email marketing at Unified, often helping our clients use email marketing to contribute to the success and growth of their online businesses, we thought it only seemed right to fill you in on the latest changes. Now, you may already know but Gmail and Yahoo are updating their sender requirements - don’t worry, these changes aren’t coming into effect until the start of 2024 so no need to panic just yet!

Email senders who send in bulk, such as regular newsletter senders and brands that send nurture campaigns, will be required to strongly authenticate their emails following well-established best practices such as DMARC, SPF, and DKIM. This will allow for easy un-subscription and allow your ecommerce brand to stay under a reported spam threshold.

Many bulk senders don't appropriately secure and configure their systems, allowing attackers to easily hide in their midst.

"To help fix that, we've focused on a crucial aspect of email security: the validation that a sender is who they claim to be. As basic as it sounds, it's still sometimes impossible to verify who an email is from given the web of antiquated and inconsistent systems on the internet."

Google, 2023

Sending emails in bulk is a versatile and powerful tool for ecommerce that can help attract, retain, and engage customers, boost sales, and drive business growth. When used strategically, and correctly, email marketing can significantly enhance the overall success of your ecommerce business. So, what are the main requirements that you’ll need to meet as a bulk email sender, to stay on top of your game, and get ahead before 2024 comes around:

1. Authenticate your sending domain

You shouldn’t need to worry about the intricacies of email security standards as such, but you should be able to confidently rely on an email’s source. So Google are requiring those who send significant volumes to strongly authenticate their emails following well-established best practices.

“You can set up DMARC authentication for your sending domain in your DNS provider yourself, and you can take care of it at any time. Your DMARC enforcement policy can be set to none, and Google has some specific guidelines to set your brand up for success.”

Klaviyo, 2023

 If you send over 5,000 emails to these accounts daily and fail to have SPF and DKIM, or don’t have a DMARC policy implemented, these non-deliveries will have an even greater impact on your business.

2. Enable easy un-subscription

Your consumers shouldn’t have to jump through hoops to stop receiving unwanted messages and newsletters filling up their inbox. In an ideal world it should only take a simple one click of the mouse. If it’s difficult for your recipients to unsubscribe, they’re more likely to mark your emails as spam, which damages your deliverability reputation and could block your domain. 

So, what are bulk senders like Google and Yahoo requiring? Well they say that large senders must now give recipients the ability to unsubscribe from commercial email in that one click, and that un-subscription requests are processed within two days. There must also be an unsubscribe link in the message body—but that link does not have to be one click to unsubscribe, it just needs to be easily accessible.

3. Nobody likes spam!

Gmail already includes a lot of strategies that keep unwanted spam messages out of your inbox. To add yet another layer of protection Google will be enforcing a really clear spam rate threshold that senders must stay under to ensure Gmail recipients aren’t bombarded with thousands of spam messages.

The new spam rate threshold is 3% so if recipients report your messages as spam at a rate that exceeds the new 3% requirement, your messages could be blocked or sent directly to the consumers spam folder.

4. Check your domain

Messages must pass DMARC alignment. This means, if you’re a bulk sender, you need to make sure you are using your own sending domain—you can no longer use a shared domain. Make sure that the sending envelope from domain is the same as the header from domain, or that the DKIM domain is the same as the Header From domain - this goes for all emails; both marketing and transactional.

“No matter who their email provider is, all users deserve the safest, most secure experience possible."

Marcel Becker, Sr. Dir. Product at Yahoo

As many of our clients know, we partner with Klaviyo and we even have an inhouse Klaviyo expert amongst our ranks. To help with these changes, Klaviyo will implement a “list unsubscribe header”—instructions to Gmail and Yahoo to provide an unsubscribe link at the top of emails sent through their platform. This will commence before February 1, 2024 to satisfy the “one click to unsubscribe” requirement, automatically apply to all marketing emails built in Klaviyo, and brands won’t need to configure anything.

These practices should be considered basic email hygiene, and are not coming into place to scare you, or overload you with work, and  in fact many senders already meet most of these requirements.

If you have any queries about your email marketing strategy, get in touch!

Want us to help grow your business?

Give us a call, jump on a chat or come by our office in London. Our door is always open.