As marketers, we spend a lot of time thinking about the purpose of an email campaign, how it looks and what content to include. We don’t necessarily think much about how it is getting into our customers’ inboxes.

So we asked Daniel Thorpe, Spotler Group’s Head of Deliverability, to explain properly what the Gmail & Yahoo updates of February 2024 mean, who can implement the requirements, and the steps they need to take.

Watch the recorded session here.

Requirements Recap

Google: Google Workspace Admin Help

Yahoo: Yahoo Sender Hub

Spotler already take care of most of the items in this list for our customers; you’ll just need to focus on the ones in italics.

If you’re using a different ESP, you’ll need to check how much rests with you to carry out.

All senders

  • Set up SPF or DKIM email authentication for your domain.
  • Ensure that sending domains or IPs have valid forward and reverse DNS records, also referred to as PTR records.
  • Use a TLS connection for transmitting email.
  • Keep spam rates reported in Postmaster Tools below 0.10% and avoid ever reaching a spam rate of 0.30% or higher.
  • Format messages according to the Internet Message Format standard (RFC 5322).
  • Don’t impersonate Gmail From: headers. Gmail will begin using a DMARC “quarantine” enforcement policy, and impersonating Gmail From: headers might impact your email delivery.
  • If you regularly forward email, including using mailing lists or inbound gateways, add ARC headers to outgoing email. ARC headers indicate the message was forwarded and identify you as the forwarder. Mailing list senders should also add a List-id: header, which specifies the mailing list, to outgoing messages.

If you send more than 5000 emails per day:

  • Set up DMARC email authentication for your sending domain. Your DMARC enforcement policy can be set to “none”.
  • For direct mail, the domain in the sender’s From: header must be aligned with either the SPF domain or the DKIM domain. This is required to pass DMARC alignment.
  • Marketing messages and subscribed messages must support one-click unsubscribe, and include a clearly visible unsubscribe link in the message body.

“Better to have it and not need, than need it and not have it”

As these steps are being taken to crack down on spammy behaviour and illegitimate senders, it seems reasonable to think that they will be added to in the coming years or even months. So we believe that if you are currently sending any bulk mail, setting up DMARC now is still a smart move. Spotler clients have been encouraged to set up DMARC authentication for several years, regardless of how much sending they are doing. This not only leaves them free to concentrate on producing the highest-quality emails rather than fiddle about with technical compliance, it also sends a clear message to their audience that they take privacy and security seriously, and that they are proactive in following industry best practices.

What do these updates need you to do?

One-click unsubscribe

This is not a function of your email design. It refers to a process between Gmail/Yahoo and your ESP. The jargon you need to know is “List-Unsubscribe” or List-Unsubscribe-Post” Header. The Mailbox Provider will use these headers to provide an unsubscribe link in the UI, to encourage users to unsubscribe safely if they don’t want to engage with the email directly. 

It also encourages the recipient to not complain and report the email as spam. Most Unsubscribe links that are included in email designs are two-click: clicking the link takes you to a preference centre where you click a button to Unsubscribe. But unfortunately, if recipients don’t want to receive the email, they are very unlikely to use that unsubscribe. Instead, they are more likely going to report the email as spam.

With Google and Yahoo focusing a lot on complaints and spam rates, an unsubscribe is a better outcome. This helps avoid the spam rate 0.1% and 0.3% thresholds.

This particular requirement has actually been delayed until June 2024, as it requires development work from ESPs, which takes a while to test and deploy.

Google Postmasters

Google Postmaster Tools

This is a set of tools that show you various metrics for your delivery to Google. The 2 best graphs to pay attention to are “User-Reported Spam”, where you’ll see how close you are to the target of <0.3%, and “Domain reputation”. Domain reputation is mostly for B2C senders at this point, as it measures how you perform when sending to @gmail, and @googlemail, but not GSuite (Google’s business accounts). However, there is a belief among deliverability experts that this will be expanded, so it’s worth familiarizing yourself with the tool now and benchmarking your current performance.

Access to this data does depend on you sending enough volume to register, and if you have a good enough reputation. Google do not show any data for very bad senders because information can be used, and they don’t want to give information to spammers.

DMARC stands for Domain-based Message Authentication, Reporting and Conformance. It lives on the visible From address that you use to send your campaigns.

There are several different tools you can use to check whether you have a DMARC record set up, two popular ones are:

Whether you have a DMARC record, and whether it is doing what it needs to do are not exactly the same question, but in practice if you have a DMARC record it will be effective.

If you don’t already have a DMARC record, here’s what you need to know.

DMARC has 3 policy levels, which you should move through one at a time:

  1. P=None (minimum requirement)
  2. P=Quarantine
  3. P=Reject (best)

These are basically instructions to mailbox providers for how to handle emails from your domain which fail authentication.

“P=none” means no further action is required automatically. “P=reject” means you are confident all email sent using your domain passes authentication, and an email which fails DMARC checking should be deleted. “P=Quarantine” is in the middle; the mailbox provider should quarantine the email so the recipient could still get to it.

DMARC DNS records can also use a reporting address (rua and ruf) for where mailbox providers should send reports about your DMARC authentication.

The idea with DMARC is that you should use the reporting feedback and start with a “none” policy.  You check the reports and make sure every email you send for your domain passes authentication, fixing any that fail.  When you are confident that all your genuine mail passes, you move to the “quarantine” policy and monitor again. When you are confident everything still passes ok, you move to the “reject” policy. If you are already 100% confident you could start with “reject” straight away.

An example DMARC record for a staged rollout with reporting would look something like:

  • v=DMARC1; p=none;;
  • v=DMARC1; p=quarantine;;
  • v=DMARC1; p=reject;;
  • (optional) v=DMARC1; p=reject;

Getting all this set up is complicated, and should be the responsibility of your DNS administrator.

Our Recommended Next Steps

Ensure Opt-Ins – Ensure you are emailing people who want to hear from you

Test Subscribed Contacts – Periodically send messages to ensure subscribed contacts are engaging

Avoid Spam Content – Links and attachments should be visible and easy to understand. Don’t encourage contacts to click on links they don’t understand

Unsubscribe Contacts – Consider manually unsubscribing contacts who aren’t interacting

Readability – Keep spam score down with clear and engaging subject lines, and avoid misleading text

Need more help?

If you’re a Spotler customer, as much of this work as possible has been done for you already, as we challenge ourselves to stay ahead of industry best practices as much as possible. Your account manager is the best person to contact if you want further information and support to roll out these changes.

Not using Spotler yet? Let’s talk about how we can help you send better, more secure emails.