Deliverability
Gmail and Yahoo’s 2024 inbox protections and what they mean for your email program
Gmail and Yahoo continue to crack down on unwanted email with new updates that will provide a better inbox experience for users and have a major impact on senders. The coming changes focus on better authentication and email relevance, and pave the way for new mailbox standards that require senders everywhere to step up their game.
PUBLISHED ON
As marketers, we should be the first to care about sending valuable, relevant emails to our contacts. Ultimately, email’s efficiency as a marketing channel depends on our recipients’ overall inbox experience. More unwanted emails mean more competition and less likelihood of having our messages read.
But that doesn’t stop us from worrying when mailbox providers make changes to the way they handle unsolicited messages, like the ones announced earlier this month by Gmail and Yahoo.
What do these changes really mean? How are they going to impact your email program? And most importantly, what do you need to do to stay on the right side of the email law? We’ve got all the answers and some recommendations in this post.
Table of contents
Get serious about email authentication
Make it easy for your recipients to unsubscribe
Carefully monitor spam rates
What have Gmail and Yahoo announced for 2024?
In an ongoing effort to secure inboxes, both Gmail and Yahoo have said that they will be enforcing new protection standards for bulk email senders.
Gmail, who had already announced a cleanup of inactive accounts in May 2023, explained in a statement that enforcement will begin in February 2024, and they’ll be carefully monitoring senders transmitting more than 5000 messages a day. In a very similar announcement, Yahoo explained that they’ll also be targeting the first quarter of 2024.
The good news is that both providers have highlighted similar updates in their statements, primarily focused on maintaining higher standards of authentication, simplifying unsubscription from commercial emails, and holding senders under a lower spam rate threshold.
“Many bulk senders don’t appropriately secure and configure their systems, allowing attackers to easily hide in their midst.”
Neil Kumaran, Group Product Manager, Gmail Security & Trust
These upcoming standards are probably the most substantial we’ve seen a mailbox provider implement in recent years, but they’re not new. In fact, authentication, easy opt-out, and spam monitoring have been high on the list of email deliverability best practices for quite some time now.
And while it’s no surprise it has caused some concern among senders, at Sinch Mailjet we suspect requirements like these will soon spread across the industry.
What do these changes mean for senders?
The most straight forward answer to this question is that, if you haven’t already, you’ll need to get serious about certain email deliverability best practices.
Both Gmail and Yahoo have highlighted three key changes that senders will need to prioritize if they want to be seen as legitimate senders come 2024:
Authenticate their email: Senders will be required to verify their sender identities with standard protocols like SPF, DKIM, and DMARC.
Enable easy unsubscription: Senders will need to implement a single-click unsubscribe link within emails if they haven’t already, to allow recipients to easily opt out.
Only send emails users want: Gmail and Yahoo are getting serious about spam monitoring and senders will need to ensure they’re keeping below a set spam rate threshold.
These mandates will only affect bulk senders, defined by Google as senders with volumes of 5000 or more messages to Gmail addresses in one day. The announcements don’t specify that a sender must send 5000 messages each day, or within a certain time frame, though. So, it’s important to consider your peak holiday sending habits and large campaigns when checking if these rules will apply to you. You may not think of yourself as a bulk sender, but mailbox providers might disagree.
As we mentioned before, these requirements are not unexpected or revolutionary changes in the way we should be sending emails, but they’re still not followed by many senders. For example, email authentication has been strongly encouraged for a number of years now. Still, Sinch Mailgun’s State of email deliverability report found that around 40% of senders are either unsure or not implementing both SPF and DKIM, and among those using DMARC, 40% are not sure what their policy is
“These changes are like a tune-up for the email world, and by fixing a few things under the hood, we can keep email running smoothly. But just like a tune-up, this is not a one-time exercise. Keeping email more secure, user friendly and spam-free requires constant collaboration and vigilance from the entire email community.”
Neil Kumaran Group Product Manager, Gmail Security & Trust
What do you need to do to prepare?
So, the ball is now on the email marketer’s court to get ready before 2024. What changes do you need to make to ensure your emails keep landing in the inbox? And how do you implement them?
Here’s a detailed list:
Get serious about email authentication
Email authentication is the process of securing and confirming your sender identity through certificates and encryption. The Gmail and Yahoo updates focus on validating your sender identity. In 2022, Gmail began to require that senders adopt some form of authentication, which resulted in a 75% drop in unauthenticated messages received by Gmail users. But complex problems like spammers, phishers, and malware require equally complex solutions.
Gmail’s first task for bulk senders is that they authenticate their email by following these best practices. The requirement from both Gmail and Yahoo is to set up strong authentication with “either SPF, or DKIM, and DMARC for your domain.” Yahoo is less specific, but they do have a Previously not a requirement, this strong recommendation move towards also implementing DMARC is something Sinch Mailgun’s Jonathan Torres had already predicted in our guide on email security and compliance.
“At some point, mailbox providers may decide to prioritize messages from senders that have DMARC policies set to reject or quarantine, because those are the ones they can verify and trust. We haven’t seen anyone take that step yet, but the groundwork is there to require senders to have a DMARC policy set to something besides p=none. That might be what it takes for adoption.”
Jonathan Torres, TAM Team Manager, Mailgun
Our recommendation is to set up both SPF and DKIM as the bare minimum to protect your sender identity and your deliverability and start taking steps towards DMARC authentication. Here’s how to go about it.
New email authentication requirements
What you’ll need | How to get there |
|---|---|
What you’ll need | |
Gmail: Both SPF and DKIM are required by Gmail. Messages that don’t carry these protocols will be rejected from the inbox or marked as spam. DMARC is also required to prevent Gmail impersonation in FROM headers. | If you’re a Mailjet user, just follow our detailed guide to get your domains authenticated with SPF and DKIM. If you’re not, we’ve outlined the processes for obtaining these authentications in these posts: How to handle SPF and DKIM setup. For DMARC you will need to set up at minimum a p=none policy. |
How to get there | |
Yahoo: Will require strong authentication and for users to “leverage industry standards such as SPF, DKIM, and DMARC”. | Implementing DMARC takes a bit more time, as DMARC allows you to make choices regarding your policy based on your email program. Get started now by checking out our article What is DMARC and how it works. |
Make it easy for your recipients to unsubscribe
There were already good reasons to provide an easy opt out for contacts: Sending messages to users who don’t want them has a major negative impact on your engagement metrics and spam rates, and is ultimately bad for your overall reputation and marketing efforts.
Now, unsubscribe links will be even more important. From 2024, both Gmail and Yahoo will require that senders provide a single-click process for users to unsubscribe, as opposed to confirming your email or updating your subscription preferences and providing feedback. Senders will have two days to implement unsubscribe requests.
New unsubscribe requirements
What you’ll need | How to get there |
|---|---|
What you’ll need | |
Same for Gmail and Yahoo: A single-click pathway for users to easily unsubscribe from your messages from within the mailbox provider’s UI using list-unsubscribe headers, and internal support to honor unsubscribe requests and remove addresses from relevant email lists within 2 days. | Senders will need to put list-unsubscribe post headers into the header of their email as specified by RFC 8058. |
Carefully monitor spam rates
What’s the best way to eliminate spam from user’s inboxes? Create a low spam rate threshold that senders won’t be able to exceed.
The strategy for both Yahoo and Gmail is the same, though we don’t currently have that threshold limit defined in either of their statements.
“We will start enforcing a threshold to ensure our users can continue to enjoy a spam free mailbox.”
Marcel Becker, Sr Director Product Management at Yahoo
Your spam rate, or spam complaint rate, is the number of recipients that report your message as spam compared to the total number of emails that were delivered. The best way to keep this number low is to monitor, sunset disengaged subscribers before they are tempted to press the spam button, and promptly respond to any spike in your spam complaint rate by cleaning your list and reviewing your sending practices.
Remember, Gmail doesn’t provide traditional feedback loops like Yahoo does, so you’ll need to ensure you’re signed up with Google Postmasters Tools to monitor your spam rates.
New spam requirements
What you’ll need | How to get there |
|---|---|
What you’ll need | |
Same for Gmail and Yahoo: The spam complaint threshold is 0.3%. | Closely monitor your spam rate, as well as other engagement metrics, using resources like Google Postmasters Tools. Employ deliverability best practices like list management and sunset policies to optimize your email lists, ensuring you’re only sending messages to engaged recipients. Use deliverability tools like Bulk Verifications and or Sinch’s InboxReady’s Inbox Placement Testing to stay on top of your overall deliverability and improve your inbox placement. |
How can Sinch Mailjet help?
At Sinch, email deliverability excellence is always at the core of our product offering for all our email solutions. We’re constantly striving to set up our users for deliverability success and making sure you get the help you need to achieve it.
Sinch Mailjet users can use our detailed documentation to set up the SPF and DKIM email authentication protocols required by Gmail and Yahoo. They can also benefit from detailed email statistics to stay on top of spam complaints and bounce rates or features like Bulk Validations, which helps remove high-risk and invalid addresses from your lists before you send.
Think your business might need some additional support as you navigate these changes? Sinch’s Mailgun Optimize deliverability toolkit provides great tools to test, monitor, and analyze various essential deliverability elements.
And if you’re looking for even more tailored support, check out our Deliverability Services! We have a dedicated team of experts ready to help your company navigate these evolving industry standards and implement the tailored strategy that best fits your email needs.
