A quick guide to Google and Yahoo’s new email marketing guidelines

Google and Yahoo have announced that from February 1, 2024, they will enforce new sender guidelines for users sending to their platforms. For Gmail users who send bulk emails, the revised guidelines affect senders globally. Additionally, those sending more than 5,000 messages daily to Gmail addresses must take note of additional requirements.

Unlike Google, Yahoo has yet to specify a date for the rollout of these guidelines but the company has mentioned that it will roll out guidelines in the first quarter of 2024. Notably, for Yahoo, there is no specific mention of volume thresholds that would trigger the need for additional guidelines.

Sending marketing mails

Google and Yahoo advise marketers to send emails solely to individuals who have expressed a desire to receive messages from brands. Acquiring email addresses or mailing lists through purchases is discouraged, and the use of auto-checked opt-in forms is prohibited. More importantly, it notes, “Some countries and regions restrict automatic opt-in. Before you opt-in users automatically, check the laws in your region.”

The guidelines specify the provision of one-click unsubscribe options and the processing of unsubscription requests within a two-day timeframe. However, it is unclear whether this period refers to two business days or two consecutive days.

Curbing spam rates

Google has established specific benchmarks, directing senders to “Keep spam rates reported in Postmaster Tools below 0.3%” and to “Aim to keep spam rate below 0.10%.”

To access these metrics, senders must register for Postmaster Tools, a separate service offered by Google to monitor data related to large quantities of emails sent and to obtain information about the sending domain. Users can explore various dashboards to gain insights into details such as Gmail delivery errors, spam reports, feedback loops, and more.

Yahoo employs the Complaint Feedback Loop (CFL) to help senders monitor their spam complaint rates. When a message, authenticated with a DomainKeys Identified Mail (DKIM) key enrolled in the CFL program, triggers a complaint, Yahoo sends the sender a detailed report. This report, shown in the Abuse Reporting Format (ARF), allows the sender to exclude that recipient from future campaigns, thereby helping to uphold a lower spam rate.

Email authentication tools

Domain-based Message Authentication Reporting and Conformance (DMARC), DomainKeys Identified Mail (DKIM), Sender Policy Framework (SPF), and Authenticated Received Chain (ARC) are the email authentication tools that work in unison to block spammers, phishers, and unauthorised entities from sending emails on behalf of a domain they do not possess.

DMARC informs a receiving email server about the actions to take based on the outcomes of SPF and DKIM verification. The DMARC policy of a domain can be configured in multiple ways, directing mail servers to either quarantine, reject, or deliver emails that fail SPF or DKIM (or both). DMARC reports provide administrators with the necessary insights to refine their DMARC policies, such as addressing issues where legitimate emails are mistakenly identified as spam.

DKIM empowers domain owners to automatically sign emails originating from their domain, akin to how a signature on a check verifies its author. This signature employed by DKIM is digital, to mathematically authenticate the email's source as the legitimate domain.

SPF serves as a method for a domain to enumerate all the servers from which they send emails. It aids individuals in verifying whether an employee is affiliated with an organisation.

ARC verifies the prior authentication status of forwarded messages. If a forwarded message successfully passes SPF or DKIM authentication, but ARC indicates a previous authentication failure, Gmail categorises the message as unauthenticated.

SPF, DKIM, and DMARC records reside within the Domain Name System (DNS), which is accessible to the public. The DNS plays a crucial role in linking web addresses to IP addresses, facilitating the seamless retrieval of content from servers on the Internet without requiring users to remember lengthy alphanumeric addresses.

Using email service providers

Gmail does not accept allowlist requests from email providers. It cannot guarantee messages sent by email providers will pass Gmail’s spam filters. If organisations use a third-party email provider to send an email to their domain, it should be verified that the provider follows the guidelines. Large providers, such as Google, AOL - an American web portal and online service, and Yahoo, typically follow these guidelines.

One has to make sure that the SPF record for their domain includes references to all email senders for their domain. If third-party senders are not included in the SPF record, messages sent from these providers are more likely to be marked as spam.

Google, in its FAQs, has warnedthat starting in April 2024, senders of unsolicited bulk emails to Gmail users will experience a rise in 21message rejections unless they adhere to the new Gmail email sender guidelines.

The company explains that, for instance, if 75% of the traffic aligns with the new email sender authentication guidelines, then a portion of the remaining non-compliant traffic will face rejection. However, the exact percentage remains unspecified. Google states that the enforcement of the new rules will be “gradual and progressive.”