Many marketers have probably heard about the recent Google/Yahoo changes set to go into effect on February 1, 2024. This news was shared right as we went into peak Black Friday/Cyber Monday prep, which probably felt overwhelming. The new sender requirements focus on authentication, spam-rate control, and simplified unsubscription processes to combat spam and enhance inbox safety.
With a desire to better understand the updates, what to expect, and how to prepare, our very own Olivia Staub, Email Product Marketing Manager, sat down with Nick Koreck, CEO of 360Inbox, to dive into the changes.
Nick is an expert in all things CRM, email, infrastructure, and deliverability. He is currently leading 360Inbox, an industry-leading email marketing and deliverability service. Nick focuses on helping senders become better marketers, and he oversees billions of successfully delivered emails to the inbox each year.
The two discuss the motivation behind these changes, the shift from best practice recommendations to enforcement, and the potential benefits for email marketers and consumers alike.
Olivia: When should marketers start thinking about taking any action?
Nick: Google and Yahoo both recently announced new sending requirements, and those changes will go into effect on February 1st, 2024. I would recommend email marketers to get started as soon as the BFCM peak is over. These are good practices to implement as soon as possible, so give yourself a head-start before the holiday season, and avoid scrambling in January.
*Ideally, these changes would have already been put into action, sometime between 2013 and yesterday ;)
Olivia: Great- so our marketers have some time (at least as we’re chatting now). Can you tell us a bit more about why we’re seeing these changes now?
Nick: Yahoo’s announcement was quite honest – they said “The adoption of these common-sense standards has been low”. It still amazes me that in 2023 (almost 2024), so many senders are still not following good sending practices. Authentication is also not a new topic – DMARC was rolled out over 10 years ago, and SPF and DKIM are even older.
Google and Yahoo appear to be shifting the narrative from ‘best practice recommendations’ to ‘enforcement’, by implementing stricter requirements for bulk email senders. These principles are not fundamentally new and have long been recommended for senders to maintain a positive sender reputation and reach the Inbox. However, there is now stricter enforcement, applying to senders who contact 5,000 or more Gmail/Google-domain recipients on a given day. Senders who don’t implement these changes are likely to experience performance issues, including delivery issues, delays, bounces, spam filtering, and even blocking.
I suspect they intend to bring about wide-scale adoption of better-sending practices – for both senders and ESPs to get serious about email Authentication, domain architecture, spam complaints, and a pathway for DMARC enablement.
It all helps to secure the customer’s inbox, protect recipients from malicious messages, protect your organization from being impersonated (spoofed), and improve the overall email experience. This is beneficial for email marketers, as it could lead to better deliverability – and for consumers, who desire quality emails in their mailbox.
Olivia: That makes sense. Overall, it sounds like a really good thing- but it may take a few actions from email marketers to make sure they are complying with new guidelines. So at a high level- what are the main changes that Google and Yahoo are raising?
Nick: There are a few important changes that will impact email marketers:
- First – senders need to set up proper DKIM, SPF, and DMARC authentication. It’s important the authentication is set up for your own sending domain or subdomain and aligns with your From-Domain. You will no longer be able to use your ESP’s shared Sender Domain Authentication.
- Establish proof and trust that “you are who you say they are” – be clear about your sending identity (friendly from-name, from-domain, branding) so that you are recognizable. Only send emails to users who want to get your messages, and don’t mislead users during ‘sign-up’ or with the type of messages you send. Expectations should be clear, so they’re less likely to report messages from your domain as spam.
- Marketers should monitor spam-complaint rates and keep these as low as possible, ideally below 0.3% – anything higher could compromise your deliverability, especially if sustained for any long period. Use Google Postmaster Tools to monitor complaint rates from Gmail and Google-domain users. Use these ‘negative signals’ like ‘clues’ about the recipient’s experience and expectations, and drive changes in your sending practices, targeting and marketing pressure, content relevancy, and consent/collection practices.
- Make it easy for users to unsubscribe. Both Gmail and Yahoo will require marketing emails to support a “one-click” unsubscribe using a “List-Unsubscribe Header”. This makes unsubscribing directly in your mailbox super easy. Making the unsubscribe process more visible in the mailbox helps you avoid being marked as ‘spam/junk’. Confirm with your ESP if they support the ‘mailto’ and ‘URL/post’ list-unsubscribe methods.
- Ensure that sending domains or IPs have the correct technical setup – with valid forward and reverse DNS / PTR records. Unless you have a dedicated sending IP, this is usually handled by your ESP/CRM platform’s deliverability team.
Another thing to note is that you need to consider these concepts everywhere your email domain is being used- and that means more than just your email marketing provider. Consider how your domain is used across any platforms or services sending email for your organization- your transactional emails, reviews providers, etc.
Olivia: Now, we’ve read that some of these guidelines apply only to “bulk senders”. How does an email marketer know if they are considered one of these “bulk senders”, and which guidelines they need to take action on?
Nick: In general, most SMB email marketers should assume they’ll qualify as a bulk sender. Consider the sum of all emails sent from their domain, across all platforms/services- beyond marketing, but including transactional, triggered emails, and more. If that number exceeds 5,000 messages per day to Gmail recipients, you would be considered a bulk sender. Meanwhile, Yahoo has not explicitly defined this volume threshold – since their focus is on a ‘more secure email environment’ irrespective of the volume sent.
Even though some guidelines from Gmail do reference bulk senders, these guidelines are important for deliverability best practices regardless.
Let’s consider an easy unsubscribe process. Whether a subscriber is breaking up with your brand or simply prefers to engage on another channel with you, the unsubscribe doesn’t punish your sender reputation. Making it easier for them to go may even help your deliverability, by boosting your engagement ratios.
In addition, keeping spam-complaints low applies to all senders, and deeply benefits your deliverability. Marketers will need to monitor this through Google Postmaster Tools, or other integrated solutions like 360Inbox and Inbox Monster.
Olivia: Got it! So let’s assume I’m an email marketer using an ESP like Yotpo and I know now that I’m considered a “bulk sender”. What do I need to know about the first topic you raised- Email Authentication?
Nick: First, we should review what email authentication is and why it’s important… Email authentication allows ISPs/MBPs (like Google and Yahoo) to verify your identity as an email sender, and ensure legitimate messages are coming from a legitimate source.
By implementing industry-standard authentication protocols, you protect both your brand and your consumers from malicious phishing and spoofing attempts – which no one wants. And the more confidence a mailbox has that you are legitimate (not spammy), the more likely the provider will deliver the messages to the inbox.
Authentication is not enough to guarantee inbox placement, but it’s important for delivery and can reduce the likelihood of your emails being rejected or filtered to the recipient’s junk folder. Authentication protocols not only protect email delivery from being compromised (fraud, spoofing), it can help identify and control those threats, and identify you as a legitimate and trustworthy sender (DMARC is specifically good for this).
Olivia: Fantastic – so essentially just mitigating bad actors and tightening security for email senders AND users everywhere. Sounds like a win-win all around. Can you explain how a brand can tell if they are authenticated or not?
Nick: When a brand is using an ESP – let’s take Yotpo for instance, they often set up their sending infrastructure in one of two ways:
First is through a shared sending domain and non-branded authentication.
The brand is sending emails via a shared Yotpo email domain, using shared Yotpo DKIM and SPF domains. The reputation of these Yotpo domains is shared with other non-authenticated senders.
A simple way to identify this is by looking at the sender’s from-address – it might display as “@brand.com via yotpomail.com”. Next, inspect the ‘mail header’ by clicking the three dots in Gmail- and this will show the Yotpo domain/subdomain being used to sign DKIM and SPF.
This is typically the default setting for brands who want to start sending emails immediately or don’t have sufficient sending volume or history. Gmail and Yahoo’s concern with this is that it allows bad/malicious senders to ‘hide in the shadows’ without a clear identity, and piggyback on the domain reputation from other senders across the platform.
Another option is through a dedicated sending domain with branded authentication.
The brand in this case is sending emails from their own branded authentication domain. This helps to build their own dedicated sender reputation and protects their domain’s reputation from shared senders.
The sender address would now display as “@brand.com” instead of “@brand.com via yotpomail.com”. DKIM and SPF in the mail header will also be signed with your domain or subdomain.
For brands with sufficient volume, or struggling with deliverability issues on a shared domain, this is recommended because it allows you to build your domain reputation. This separates you from the influence of shared sending reputation, particularly on the authentication domain level. Authentication requires senders to be more accountable for their actions and sending practices but allows for more control of your sender reputation and deliverability.
It also helps mailbox providers like Gmail and Yahoo to identify and verify you as an email sender. These protocols make it more difficult for spammers and spoofers to impersonate your sending domain.
Olivia: Now, you mentioned a few acronyms- DKIM, SPF, and DMARC. Can you clarify the role these records play in the Google/Yahoo changes and branded authentication?
Nick: As mentioned earlier, one of the enforcements is that senders need to set up proper DKIM, SPF, and DMARC authentication.
So, when you authenticate, you must ensure that everything is set up properly from your own sending domain (or subdomain), and aligning with your From-domain. Having DKIM and SPF match your domain or subdomain is also a prerequisite for DMARC authentication.
DMARC is a protocol that uses SPF and DKIM to determine the authenticity of an email and helps to identify the intended sender from threats, fraud, and spoofing attempts. It allows a brand to control who’s using their domain, by publishing a technical policy that requests action on messages that fail authentication (none, quarantine, reject).
DMARC is also a prerequisite for BIMI authentication – you might not have heard about this yet, but it’s a verified digital certificate using your brand’s logo and is awesome for being visible in the mailbox. It also improves trust between the sender and recipient. It’s like a ‘blue checkmark’ but for email – pretty cool right? We think this will grow in adoption in 2024… but you need to at least get DMARC set up first.
All of these changes will be required for those bulk sender brands that we mentioned before. They have between now and February 1, 2024, to authenticate their sending domain. So essentially, anyone on a shared sending domain will need to move to their own authenticated sending domain, with branded DKIM, SPF, and DMARC.
The good news is that many brands are already authenticated and simply need to ensure authentication protocols are properly configured, and aligned for optimal deliverability.
If you are a brand using Yotpo’s shared sending domain, it just takes a few simple steps that Yotpo will support you with.
Olivia: Fantastic. So regardless of whether you’re a bulk sender or not, it is strongly encouraged to use an authenticated sending domain for all the aforementioned benefits. Now can you talk us through the steps for those brands who are on a shared sending domain today and need to make that change?
Nick: We recommend following your ESP’s specific guidance. But for a practical understanding of what to expect, it could involve the following steps:
- Adding or Updating CNAME entries for your domain/subdomain host, SPF, and DKIM.
- Adding a TXT record for DMARC.
- Adding a TXT or CNAME record for domain verification in Google Postmaster Tool.
- The process of building up a new positive reputation on your sender-domain and authentication domains- also known as warming it up. For example- Sending to engaged subscribers + keeping spam complaints below 0.3% + maintaining clean lists (low invalid/hard-bounce rates).
Yotpo has created a step-by-step guide to make this as seamless as possible.
Olivia: Okay, so we have discussed a lot so far, let’s summarize the key takeaways:
- These Google/Yahoo changes are a GOOD change for the email industry at large.
- Some requirements are new (requiring email authentication for bulk senders), and some requirements already exist, but will be more tightly enforced (keeping spam rates <0.3%, and easy one-click unsubscribe).
- Most ESPs, including Yotpo, will provide step-by-step guidance to make sure email marketers are set up for success in advance of these changes.
Nick: Exactly! These types of announcements help move our industry forward – making email senders more accountable, but also enabling them with practices that yield positive benefits for both the marketer and the end-recipient.
Olivia: Agreed! Thanks so much, Nick – this was extremely helpful, and we appreciate your time and expertise.
For anyone looking for more detailed guidance, please see the resources below.
Google Email Sender Guidelines
The Guide to Email Deliverability
For any email marketers interested in making the switch to Yotpo, please request more information here. And for anyone looking for even more deliverability expertise head to 360Inbox.com.