New Sender Requirements from Gmail and Yahoo: Ready or Not, Here They Come!

The November edition of our monthly State of Email webinar series focused on the new requirements that Gmail and Yahoo are introducing in early 2024 around email authentication, unsubscribing, and complaint rates. 

Yahoo’s Marcel Becker walked us through the changes, explaining why they are being introduced, and what non-compliant senders need to do. 

These changes are a hot topic—the Q&A activity in our webinar chat was frenzied! It was also clear from audience polling that many email programs aren’t yet ready—and the countdown to enforcement is ticking! 

Let’s recap what’s changing and how senders should prepare.

Authentication 

Both mailbox providers (MBPs) will require email senders to publish a DMARC record. 

In their own words, the two mailbox providers explained the change in the following way: 

• Yahoo: “To help our users to be more confident about an email’s source, we will require senders to implement stronger email authentication leveraging industry standards such as SPF, DKIM, and DMARC.” 
• Gmail: “We’re requiring those who send significant volumes1 to strongly authenticate their emails following well-established best practices. Ultimately, this will close loopholes exploited by attackers that threaten everyone who uses email.” 

Note: Gmail’s definition of “significant volume” is those who send more than 5,000 messages to Gmail addresses in one day. Yahoo has not provided a similar number, although Marcel has indicated their view of what constitutes a high-volume sender is in a similar ballpark. 

DMARC (Domain-based Message Authentication, Reporting & Conformance) allows senders to specify a policy for handling non-authenticated messages (e.g. “p=quarantine”, “p=reject”) and provides a reporting mechanism to monitor these messages. 

Senders will now need to: 1) publish a DMARC record (the policy can be “p=none”); 2) ensure alignment with their SPF/DKIM domains, and; 3) implement a DMARC reporting solution (recommended). 

We asked our webinar audience about the authentication they currently have in place. Only 68 percent have already implemented DMARC.  

That means almost one-third are non-compliant with the new requirements. 

Existing Validity customers are 25 percent more likely than non-customers to have implemented DMARC (81 percent vs 61 percent). They’re also three times more likely to use DMARC to implement Brand Indicators for Message Identification (BIMI) to display authorized logos next to their emails in subscribers’ mailboxes (23 percent vs seven percent). 

Unsubscribing 

Both MBPs will require the implementation of a one-click list unsubscribe record in email headers. 

• Yahoo: “Our users should be able to unsubscribe from unwanted emails without any hassle. It should just take one click. We will require senders to support one-click unsubscribe and honor our users’ requests within two days.” 
• Gmail: “We’re requiring that large senders give Gmail recipients the ability to unsubscribe from commercial email in one click and that they process unsubscription requests within two days.”  

We should be clear the MBPs aren’t talking about the native unsubscribe link that appears in the email body. Their focus is on the header record that helps email recipients unsubscribe, using the link typically displayed near the from address. This functionality is described by RFC8058.  

To be compliant, senders must: 1) ensure their emails are DKIM signed; 2) implement List-Unsubscribe-Post (as described by RFC8058); 3) continue including a visible unsubscribe link in the email body, and; 4) honor all unsubscribe requests within two days. 

This is the requirement our webinar attendees are least ready for. Less than 38 percent already have this functionality in place.  

It’s also concerning only two-thirds (67 percent) report using a native opt-out link in their emails—a legal requirement!  

The use of one-click list unsubscribe is higher with Validity customers (42 percent vs 33 percent).  

The low uptake of “snooze” functionality is a missed opportunity: Research shows it can reduce opt-out rates by over 80 percent. 

Complaint rates 

Both MBPs will enforce a maximum complaint rate threshold. 

• Yahoo: “While we have measured user-reported spam rates for some time and even exposed some of that data for trusted senders, we will start enforcing a threshold to ensure our users can continue to enjoy a spam-free mailbox.” 
• Gmail: “To add yet another protection, moving forward, we’ll enforce a clear spam rate threshold that senders must stay under to ensure Gmail recipients aren’t bombarded with unwanted messages.” 

Many subscribers don’t differentiate between unsubscribe and spam complaint functionality to stop receiving emails—they simply choose the easiest option. From an engagement perspective, complaints are as important as clicks, except they showcase negative engagement. Keeping them low is crucial.  

Sender Certified programs must stay below 0.2 percent (and most do) so Gmail’s 0.3 percent threshold is reasonably generous. Although as Marcel wryly observed, email programs averaging anywhere near 0.3 percent will already be “feeling a world of pain!” 

Maintaining compliance is all about effective monitoring. Senders should: 1) sign up for Yahoo’s complaints feedback loop (DKIM is required for this); 2) implement Google’s Postmaster Tools, and; 3) aim to keep spam rates below 0.10 percent (ideally). 

The good news is that most respondents are ready for this requirement. Only six percent reported being over 0.3 percent, although “LE 0.2 percent” respondents have work to do!  

For the 25 percent who don’t know their complaint rates, ignorance is definitely not bliss, and should they find out as a matter of urgency! 

Non-Validity customers are far more likely to report “Don’t Know” (28 percent vs 19 percent). This metric is a classic case of “can’t measure it, can’t manage it” and senders should draw on all available reporting sources to maintain compliance. 

Timelines and enforcement

Google states that “Enforcement for bulk senders that don’t meet our email sender guidelines will be gradual and progressive.”

In February 2024, bulk senders who don’t meet sender requirements will start getting temporary errors (with error codes) on a small percentage of their non-compliant email traffic. These temporary errors are meant to help senders identify email traffic that doesn’t meet Google’s guidelines.

In April 2024, Google will start rejecting a percentage of non-compliant email traffic, and they’ll gradually increase the rejection rate.

Bulk senders have until June 1, 2024 to implement one-click unsubscribe in all promotional messages.

On the Yahoo side, they will be enforcing certain standards for all senders in February 2024, including:

• Properly authenticating your mail
• Keeping complaint rates low

The requirements for “bulk” senders will be more strict, including:

• Enabling easy, one-click unsubscribe (starting June 2024)
• Authenticating with both SPF and DKIM
• Publishing a DMARC policy

According to Yahoo, “Enforcement will be gradually rolled out, as we monitor compliance through the first half of the year.”

The announcements haven’t come out of the blue. They are the product of years of conversations in communities like M3AAWG. If your email service provider isn’t ready and able to support, you should probably find one that is! 

Email senders shouldn’t see these new requirements as “punitive”—they are based on established standards and best practices. Observing them will mean improved deliverability and more engaged subscribers. 

But Marcel was also clear that non-compliant senders will start seeing increased throttling and deferrals, more spam/junk folder placement, and higher blocked/rejected rates. When it’s already hard enough to command eye share in congested inboxes, it will be harder when your emails don’t even make it that far!  

Learn more 

Senders can read the official announcements from Yahoo and Gmail for more details. 

For more guidance to help senders prepare, check out my on-demand presentation at the 2023 Email Guru Conference, “The All-New Email Marketing ABCs for Hitting Subscriber Inboxes.”