Google and Yahoo is pushing a timeline and a phased introduction of new requirements for email senders and especially bulk-email senders, which are set to begin in February 2024 and continue over the following months.
Timeline
February 2024: All email senders are required to comply with general email-sending practices as outlined in guidelines, regardless of the volume of emails they send.
February 2024: Bulk email senders must start implementing enhanced requirements, which include email authentication measures.
April 2024: Email messages that are not compliant with these new standards will start being rejected.
June 2024: Email senders must implement a one-click unsubscribe feature in all commercial and promotional messages, making it easier for recipients to opt out of unwanted emails.
Details
For all email senders, the following are necessary:
- Email Authentication: It’s vital to prevent individuals with malicious intent from impersonating your organization via email, a deceptive practice known as domain spoofing. Without safeguards, this can leave your domain vulnerable to misuse in cyber-attacks.
- SPF Protocol: This is an email safeguard designed to block email spoofing, which is prevalent in phishing scams and spam. SPF allows the recipient’s email server to verify if the incoming email is from an IP address sanctioned by the domain’s administrator, making it a critical element of email security.
- DKIM Protocol: This mechanism allows an organization to assert responsibility for sending a message through cryptographic signing, enabling email providers to authenticate the message.
- Low Spam Rates: It’s imperative to maintain spam complaints below 0.3%, with an ideal target of 0.1%, to avoid having your emails blocked or redirected to spam folders.
Additional requirements for high-volume senders:
- SPF and DKIM: Organizations sending large volumes of emails, especially to Gmail or Yahoo addresses, must implement SPF and DKIM as methods of authentication.
- DMARC Policy: This email verification standard enhances security at the domain level and is crucial for preventing common spoofing techniques seen in phishing and BEC attacks. DMARC ensures the “from” domain in email headers is reliable by allowing domain owners to set policies in DNS that dictate how unauthenticated emails should be handled.
- DMARC Alignment: Emails must show that the domain in the “Envelope From” aligns with the “Header From” domain, or that the DKIM domain matches the “Header From” domain.
- One-Click Unsubscribe: Emails should contain both ‘List-Unsubscribe’ headers and a prominent, easily actionable unsubscribe link in the email body, enabling recipients to opt out effortlessly. Requests to unsubscribe should be processed within 48 hours.
For a comprehensive set of instructions, refer to Google’s detailed Email Sender Guidelines.
Test Tools
Use this tool to verify your email sending and if you have all requirements in place. https://www.learndmarc.com/
More
- New Email Sender Requirements for DMARC, SPF, AND DKIM at Google and Yahoo
- The New Requirements for Email Delivery at Gmail
- Google und Yahoo! setzen kurze Frist für die Einhaltung der neuen DMARC-Anforderungen. Sind Sie bereit?
- Google and Yahoo Set a Short Timeline to Meet New DMARC Requirements. Are You Ready?