Gmail and Yahoo Email Sending Policies Update: What You Need to Know
In a bid to enhance email security and combat spam, Gmail and Yahoo are rolling out new policies starting February 1, 2024. Whether you're firing off emails via PeopleLinx or through other means, it's crucial for senders to adapt to the new policies to ensure email deliverability and avoid potential spam issues. Let’s break down the key changes, what you’ll need to stay in compliance and stay top of mind.
For Domains Sending Less Than 5,000 Messages Per Day
Email Authentication:
Set up SPF or DKIM authentication for your domain to verify the legitimacy of your emails. Learn more about how to set these records up.
DNS Records:
Ensure that your sending domains or IPs have valid forward and reverse DNS records (PTR records). Learn more.
Spam Rates:
Keep spam rates reported in Postmaster Tools below 0.3% across the domain.
Message Formatting:
Format your messages according to the Internet Message Format standard (RFC 5322).
Impersonation Warning:
Avoid impersonating Gmail From: headers as Gmail will enforce a DMARC quarantine policy.
Email Forwarding:
If you regularly forward emails, add ARC headers to outgoing emails, and for mailing lists, include a List-id: header.
For Domains Sending More Than 5,000+ Messages Per Day:
DMARC Authentication:
Set up DMARC authentication for your sending domain, with the option to set the enforcement policy to none.
Alignment for Direct Mail:
Ensure that the domain in the sender's From: header is aligned with either the SPF domain or the DKIM domain to pass DMARC alignment.
Marketing and Subscribed Messages:
Marketing and subscribed messages must support one-click unsubscribe and include a clearly visible unsubscribe link in the message body. Learn more.
These new sending policies are designed to enhance email security and improve the overall experience for users. It's imperative for senders — Especially those exceeding 5,000 messages per day — To stay on top of their authentication methods, align their domains, and ensure compliance with these new policies if you want to keep your messages being read. Our dedication remains steadfast to getting your messages to the right people at the right time. We’re here to aid the implementation of these requirements and offer guidance wherever we can.
Terms and Definitions (Source: Google):
SPF (Sender Policy Framework):
SPF is a security measure that thwarts unauthorized senders from masquerading as your domain. Establish SPF by creating and publishing a record at your domain, encompassing all legitimate email senders. Neglecting to include third-party senders in your SPF record increases the likelihood of their messages being flagged as spam. Learn how to define your SPF record and add it to your domain.
DKIM (DomainKeys Identified Mail):
Activate DKIM for your email-sending domain to enable receiving servers to verify the authenticity of the sender. Note that personal Gmail accounts necessitate a DKIM key of 1024 bits or longer, with a preference for a 2048-bit key for enhanced security. Learn how to turn on DKIM for your domain and about DKIM key length.
DMARC (Domain-based Message Authentication, Reporting, and Conformance):
DMARC empowers you to instruct receiving servers on how to handle messages failing SPF or DKIM authentication. Implement DMARC by publishing a record for your domain, ensuring messages are authenticated by SPF and/or DKIM, with the authenticating domain matching the one in the message's From: header. Learn how to add a DMARC record at your domain.
We recommend configuring DMARC reports to monitor email activity and identify potential impersonation threats. Additionally, consider exploring BIMI (Brand Indicators for Message Identification) after setting up DMARC to include your brand logo in messages. Learn more about DMARC reports.
ARC (Authenticated Received Chain):
ARC verifies the authentication status of forwarded messages. If a forwarded message passes SPF or DKIM but fails ARC authentication, Gmail treats the message as unauthenticated.
