In October, 2023 Google and Yahoo have both announced that they will implement stricter requirements to senders who send emails in bulk.
Here is the announcement from Google:
https://blog.google/products/gmail/gmail-security-authentication-spam-protection/
Here is the announcement from Yahoo:
https://blog.postmaster.yahooinc.com/post/730172167494483968/more-secure-less-spam
In addition, both Google and Yahoo have provided FAQ pages for senders to reflect these changes and that is where you will find most of your questions answered:
Gmail - Email Sender Guidelines FAQ
Yahoo - Sender Best Practices
Both of the pages above are still being updated with new information periodically, so do check them out.
First things first – what does it mean to you, as a sender?
If you are a client of SAP Emarsys and, have followed our recommended domain set up, you will not need to do anything. We already asked everyone to do their homework upfront!
Since the last few weeks, a lot more information has been clarified. Let's expand on that.
Changes summary
Both, Google and Yahoo have focused on 3 areas while addressing these changes:
- Domain authentication.
- Easy unsubscription.
- Send emails that users want to receive.
In general, there are slight differences in what will be required by Google and what will be required by Yahoo. However, I will cover them both as one and will list the requirements that are on the stricter side, so that senders would comply with everything, instead just complying with more lenient rules of one of the providers.
Domain authentication
In this area, the main focus remains DMARC.
The requirement:
Current requirement will focus on having all three authentication records on the "From:" domain (SPF, DKIM and DMARC). DMARC must be present but, it can still pass either via DKIM authentication check or via SPF authentication check, as usual.
Additional notes:
- All our clients are asked to complete DNS authentication via SPF, DKIM and DMARC, so SAP Emarsys clients do not need to make any changes to comply with this requirement.
- However, Google does hint towards an even stricter requirement in the future:
"It’s likely that DMARC alignment with both SPF and DKIM will eventually be a sender requirement." - we are already starting to work in order to allow all of our clients to comply with this likely future requirement. - When senders fulfill this requirement, they also have the foundation they need to implement BIMI.
- If you are using DMARC policy "p=none", then Yahoo strongly recommends also using "rua=" tag and collect reports. This is a usual recommendation when just starting DMARC implementations. Most of our clients do not need to worry about this, as we ask everyone to publish "p=reject" policy from beginning.
Easy unsubscription
With this requirement, the main focus is on the List-Unsubscribe header.
The requirement:
Current strictest requirement comes from Google, whereas from Yahoo side it is "highly recommended". The List-Unsusbcribe header must be One-Click (defined in RFC 8058) and must work as "one-click" for bulk marketing emails. This header is not a requirement for transactional/services messages. However, if your sending domain is generating spam complaints (unlikely behavior for actual service messages), mailbox providers will be looking for the List-Unsubscribe header, as you will have the responsibility to stop the increasing spam complaints.
Please note, that the One-Click List-Unsubsribe header is being adopted by more mailbox providers than just Yahoo and Google. 1&1 (web.de, gmx.de, mail.com) is also highlighting their focus on this particular technology. This can be found on 1&1 best practice s page:
...your newsletter should ideally meet the criteria of the new internet standard, RFC 8058
Seems that industry in general is shifting towards wider adoption of this header, so we really encourage to get it working!
Note: This requirement is about List-Unsubscribe header that is not visible in your email content.
List-Unsubscribe header must fulfil the One-Click requirement, your regular unsubscribe URL in the body can still process requests in two clicks.
Additional notes:
- "mailto:" link can be included, but most likely going forward will not be sufficient, as it leaves too much room for abuse.
- Even if your List-Unsubscribe One-Click header is working as intended, it is recommended to include a regular unsubscribe link in the body of your emails as well or, at the very least, a preference center link.
- All of our senders have List-Unsubscribe One-Click implemented by default, as per the standard defined in RFC 8058 document.
- If you have a Custom List-Unsubscribe header solution with SAP Emarsys, you should work with your development and IT teams to confirm that the One-Click HTTPS POST functionality is supported on your custom List-Unsubscribe link. Also, please test it and confirm that your system syncs properly with Emarsys system and update the opt-in fields accordingly.
- The strict compliance date for the One-Click List-Unsubscribe requirement has been pushed to 1st of June but, it is still in your best interest to publish it as soon as possible. You can read more about the requirement enforcement timeline here.
- Even with List-Unsubscribe One-Click headers being in place and working as intended, some times the "Unsubscribe" button will not show up on the email message. That is because both Google and Yahoo want to make sure that this function is not abused and, they are looking into sender reputation as well as other trust signals to display it for senders that actually take action. Unfortunately, there is not much public information available around this topic for now, except this article from 2009.
Send emails that users want to receive
This particular requirement is not as straightforward as the previous ones. The previous requirements were mostly technological, whereas this one will revolve mostly around email marketing strategy, mainly due to Gmail not providing spam complaint information via usual FeedBack Loop system. After description of this requirement and some notes, I will shortly expand why this particular requirement will be more relevant in 2024 for more providers than just Google and Yahoo.
The requirement:
Google and Yahoo will enforce a requirement for lower than 0.3% spam complaint threshold. This is not anything new, spam complaint thresholds were already in place with both providers, just that this will be looked at stricter going into 2024. Senders that exceed 0.1% spam complaint threshold will start seeing negative impact on email delivery. That negative impact will become greater when 0.3% spam complaint threshold is passed.
We recommend setting up all of your sending domains (including ReturnPath domains) on Google Postmaster Tools and track your spam complaints there. This should be the most reliable way to see how much spam complaints your email traffic is generating.
Additional notes:
- Spam complaints are measured per domain in "From:" address (DKIM signing domain).
- Google will measure daily complaint rate, whereas Yahoo will apply different less defined time frames.
- Not much changes. Deliverability experts will still ask you to focus on engagement metrics of your target audiences, securing your list collection forms, practicing Lifecycle Marketing, sunsetting/unsubscribing inactive contacts.
In addition to what was said about spam complaints, I would like to take this opportunity to highlight another big change in the industry that happened in September. For decades, Validity has been sending spam complaint (FeedBack Loop) information feeds on behalf of multiple mailbox providers. This year they have announced that it will be no longer free and spam complaint information will be paid starting next year. The price for this information feed is pretty steep and most ESPs are not considering to add this to their budget. However, again, guidance here will not change much, same as in the last note just above. You will simply be asked to follow all the current best industry practices, target only active contacts, that show signs of engagement. In the meanwhile, everyone in the industry is looking for alternatives.
Other than that, we and our clients have already done our homework and we are just waiting to see how further changes in the industry unfold.
Fun fact:
Email Geeks Slack group has quickly branded these changes as #yahoogle.