A little more analysis, a little more insight… Exploring email marketing better

Google, Yahoo New Email Authentication Requirements from 2024

Gmail and Yahoo recently announced new requirements for bulk email senders. These requirements will make identity verification mandatory, unsubscription swifter, and spam prevention even more effective. As a result, it will improve email experience by making it more secure and relevant. Find out how it impacts you and what you need to do about these changes.

Quick heads up, TL;DR

Google and Yahoo have announced new requirements for email senders. Here’s a very quick snapshot:

  1. These requirements apply to you if you send over 5,000 emails a day.
  2. Email senders must set up email authentications, using standard protocols such as SPF and DKIM.
  3. You need to make the Unsubscribe option easier.
  4. You have till February 2024 to comply.

Background of the recent authentication changes

Emails have become our primary mode of communication. Whether it’s an official message regarding an upcoming meeting or a reunion invite from an ex-classmate, emails are with us everywhere.

However, because nearly every human uses them, emails have also been abused by bad actors for unethical marketing and even scams. Look at the two numbers below:

  • Over 48% of emails sent out daily are spam in 2022 (Source).
  • Google blocks about 15 billion phishing and malware every day (Source). 

All this frustrates genuine marketers and puts recipients to serious risk.

To add to this, some authentic marketers ignore securing or configuring their systems for authentication. That leaves ample room for fraudsters and malafide attackers to turn into impostors, feigning they are genuine.

Google has just announced that bulk email senders need to fulfill certain requirements. However, Google is not alone in asking senders to follow the guidelines. The other major email industry player Yahoo has also announced similar email authentication guidelines.

All this points to an email ecosystem that’s committed to protecting the email inbox and improving the email experience. This is done to protect users from malicious emails, further strengthen email security, and bring in more responsibility among bulk email senders.

Note: If you have already set up SPF and DKIM, your job is already half done. Just jump to the What you need to do section below.

Whom does it apply to

If you send out 5,000 or more emails, these authentication changes apply to you. Read on:

  • If you send out more than 5,000 emails per day to Google or Yahoo accounts, you need to comply with these guidelines.
  • If you use @gmail . com as the sender email domain, you’ll need to make changes.
  • As per Google guidelines, if you are sending emails to @gmail . com or @googleemail . com addresses, this will be applicable to you. That also includes sending emails to addresses under Google Workspace email accounts.
  • As per Yahoo guidelines, if you are sending emails to @yahoo . com addresses, this will be applicable to you.
  • The deadline for following the guidelines is February 2024.

What’s not clear?

Latest: There have been further developments after Gmail and Yahoo added some clarifications more recently. We have covered it in our latest blogpost on Gmail and Yahoo updates to sender guidelines.

The official Google document we referred to mentions all the relevant details. 

However, the following two points are not clear:

  • Google says the new guidelines are applicable to bulk senders that push over 5,000 emails per day. What if you send 5,000 emails per day only, say, once a month? Or, say, three times a year?

We don’t know. To be on the safer side, however, we recommend that even if you send over 5,000 emails only once, it’d make sense to follow the guidelines.

  • The document says “ … enforcement begins in February 2024.” Here, the date is not mentioned. However, we’ll assume that the guidelines will come into force on 01 February 2024.

What you need to do

Okay, so if any of the above are applicable to you, there are exactly four things you need to do.

1. Authenticate your email

There three authentications you’ll need to set up:

(A). SPF (Sender Policy Framework). This authentication tells ISPs that the email server has permission to send out emails for a certain domain. 

You may use this free SPF analyser to learn which servers are currently authorized to send emails on behalf of your domain.

(B). DKIM (Domain Key Identified Mail): Here’s a simple explanation of what DKIM does. It makes sure the email message has not been modified during their journey from the sender server to the recipient server. 

Use this free DKIM analyser to check the current DKIM record of your domain.

(C) DMARC (Domain-based Message Authentication Reporting & Conformance): This uses SPF and DKIM (and DNS) protocols in order to validate the email sender. A DMARC authentication prevents someone from using your domain without your permission.

This free DMARC analyser can easily tell you the current DMARC record of your domain.


2. Enable one-click Unsubscribe

Nearly all regulations related to email require two basic things:

  • You should be sending emails only to people who’ve agreed to receive emails from you. Permission-based emails, essentially.
  • You should make Unsubscribe short and easy. No lengthy forms that ask you lots of questions before you can actually unsubscribe. Check the image below:

As per the new guidelines, it is mandatory that the user be able to unsubscribe with just one click. They shouldn’t have to go through any ‘steps’ or ‘questions’ before they can unsubscribe.

A single-click Unsubscribe will become mandatory. 

3. Swiftly honor Unsubscribe requests

Some marketers tend to cling on to a subscriber’s email address long after the subscriber has hit the Unsubscribe button. 

In the new policy, the requirements are tight. As a sender, if someone unsubscribes from your list, you’ll have two days within which to remove the subscriber from their sending list.

4. Keep your spam rate low

Keep your spam complaint rate below 0.3%. That’s a max of 3 complaints per 1,000 emails you send out.

The message is simple: don’t spam. Seek permission from all users that want to receive your mail. Send permission-based emails so that people don’t complain they’re spamming you. 

Avoid buying lists or scraping emails. Grow your own list organically, instead. Verify email addresses before you send out emails to them. 

5. Get a domain or start using a different one

If you’ve been using @gmail as your email sender domain, first you’ll need to stop using that. Next, you’ll need to move to a domain that you own. That’s important for making the SPF and other authentication. 

In other words, your emails will be sent from ‘jose[at]youbusinessdomain[dot]com’ instead of ‘jose.somename[at] gmail[dot]com’.

Summary of what you need to do

1. Authenticate your emails. Set up SPF, DKIM, and DMARC protocols.

2. Enable single-click Unsubscribe.

3. Unsubscribe within two days.

4. Keep your spam complaint rate below 0.3%.

5. Get a domain if you’re using @gmail as the sender email domain.

What if you don’t comply

Non-compliance will negatively impact your email deliverability. 

The more your business depends on prospecting new leads and engaging customers through email, the more will non-compliance hurt. 

Your email carrier or even email service provider (ESP) will refuse carrying your email. For instance, HubSpot or GetResponse will not permit you to allow their email sending infrastructure. 

Because a large number of your emails will never reach your prospects, your business could stop growing.

Moreover, when an email server doesn’t see authentication, it has reasons to suspect the incoming email. That increases the chances of your email being pushed to Promotional or Spam folder.

Finally, there might be additional risks that we currently don’t understand.

Other reasons for email authentication 

Being compliant to Google and Yahoo authentication changes is of course one of the biggest reasons to get your emails authentication.

However, there are some additional benefits too, which are independent of these guidelines.

  • Authentication improves your email security. 
  • Email authentication protocols help build your reputation as a genuine, responsible email sender.
  • It is useful in preventing spoofing, phishing, and other fraudulent activities
  • Authentication protocols lead to customers trusting the contents of your email.
  • It works in favor of your brand.
  • Emails with appropriate authentication have a much better chance to land in the Inbox folder, instead of the Spam folder. That means you’ll see an increase in engagement with email authentication.

How can QuickEmailVerification help you

There are two stages at which you can use QuickEmailVerification to comply with these recent guidelines from Google and Yahoo.

One, use some of our free Postmaster tools to analyze your current status. If there are gaps in your authentication, make it a priority to set things right. Do not wait till February 2024 – it will be here faster than you think.

And two, make sure your email list is clean. Remove invalid and undeliverable email addresses from your mailing list. You can easily sign up now and begin verifying email addresses for free. You may verify upto 3,000 email addresses every month for free. 


Is your email list safe to send emails?

Boost your marketing performance by improving email deliverability and open rates.
Free 3,000 Credits/moON FREE TIER!

We protect your sender reputation by verifying your email lists. The better your reputation, the higher your deliverability. We filter out invalid and risky email addresses from your list.

Clean your email list with 100 Free credits daily!