Tackling technical email deliverability

Key takeaways on technical email deliverability

Understanding sender requirements in 2025

If you’re a small business owner or handle email marketing as part of your job, you may have missed some important news that impacts your ability to reach inboxes.

Google and Yahoo made a joint announcement involving new requirements for organizations sending emails to their users. They began enforcing the updated rules in February 2024.

While many of the respondents in our survey had heard of these requirements, more than one-third were unfamiliar. Results show a combined 63% were at least somewhat familiar with the new rules while nearly 37% were not.

If you’re among those who are unfamiliar with the so-called “Yahoogle” inbox updates, don’t freak out. We’ll explain what you need to know. And if you’re a Sinch Mailjet user, rest assured that we already handle some of the requirements on your behalf.

We’ll take a closer look at each of these requirements and explain best practices for complying with them in 2025.

Spam complaint thresholds

In Chapters 3 and 4, we explained the importance of the spam complaint rate as a key metric for deliverability and your sender reputation. The 0.3% threshold Gmail and Yahoo use to identify spammers is nothing new, but the updated requirements brought more attention to spam complaints.

Mailbox providers want you to keep user-generated spam complaints below 0.1%, which is just one complaint for every 1,000 emails delivered. The 0.3% threshold is the number you want to be sure to avoid at all costs.

As Marcel Becker of Yahoo told us, if your spam complaint rate is above 0.3%, it’s very likely you already have significant deliverability problems.

“We chose 0.3% because there are other companies and programs out there and 0.3% or below is the requirement for them already. If your traffic sustains a spam rate above 0.3%, you’re probably already in a world of hurt. Generally, we look for much smaller numbers, but 0.3% resonates with the industry so we chose to make it public.”

Marcel Becker

Sr. Director of Product Management at Yahoo

One-click unsubscribe (RFC-8058)

Another requirement from Google and Yahoo involves the ability for recipients to easily unsubscribe from emails they no longer want in their inboxes.

More specifically, the two mailbox providers expect senders to use what’s known as RFC 8058, which enables one-click unsubscribe functionality. If you have a Gmail account, you may have noticed the unsubscribe link at the top of emails. Gmail also asks its users if they want to unsubscribe from messages they’re no longer engaging with.

One-click unsubscribe in a message

RFC 8058 makes this happen after a List-Unsubscribe header is added to emails. When the header is used in an email’s metadata, a prominent unsubscribe link is displayed next to the sender name and from address. This is typically in addition to the traditional unsubscribe link placed in an email footer. The List-Unsubscribe header makes it easy for mailbox providers to find the necessary information that allows recipients to unsubscribe with a single click. 

Email authentication requirements

Perhaps the biggest requirement from Google and Yahoo involved protocols designed to stop phishing, which makes the inbox a safer place for Gmail and Yahoo Mail users.

In 2024, Gmail and Yahoo began requiring that all senders use SPF and DKIM while bulk senders also need to implement DMARC.

For DMARC, Gmail and Yahoo also required a minimum policy of p=none. But that requirement may change sometime soon as mailbox providers want senders to eventually use a stricter policy.

Sinch Mailjet’s research found that, among senders who made changes to comply with the new requirements, nearly 80% updated their email authentication. That was by far the most common change.

Nearly one-third of senders (33.1%) worked to ensure one-click unsubscribe functionality, while around 36% increased list hygiene efforts and 37% began monitoring spam complaints.

Why should you comply with these requirements?

Our survey found that close to half of those with awareness of the new requirements were either somewhat or very concerned about the impact. However, the research also found that 64% believe the changes were either necessary or beneficial.

The truth is, Google and Yahoo’s requirements weren’t much more than a reflection of best practices that senders should already be following. But for anyone who wasn’t complying, there was certainly a reason to be concerned.

Sinch Mailjet’s 2024 survey of consumers in the U.S., U.K., France, Germany, and Spain found Gmail is far and away the most popular mailbox provider. Results from The path to email engagement show 72% of consumers have a Gmail account while more than 20% use Yahoo Mail.

Gmail and Yahoo Mail addresses no doubt make up a significant portion of most contact lists, especially if you sell directly to consumers. Failure to follow the new requirements greatly reduces your chances of reaching those contacts, which could have serious consequences for your communications and your business.

Although keeping communications flowing is important, that’s not the only reason to follow the requirements. By doing so, you’ll also be protecting people from spammy and malicious emails. When that happens, email will continue to be a reliable and effective channel for customer communications.

“My recommendation is to try and comply with all these requirements. This is good for the whole email ecosystem. These requirements are not meant to punish senders. They’re designed to ensure we have a safe environment and that phishers cannot take advantage of email.”

Kate Nowrouzi

VP of Deliverability and Product Strategy, Sinch

Who's using email authentication?

Simple Mail Transfer Protocols (SMTP) is what’s used to send emails between servers. It’s like the mail carrier who picks things up for the postal service and delivers them to the right addresses.

The problem is, SMTP lacked security when it was developed. This made it easy for bad actors to use the email channel for malicious purposes. That’s why the industry introduced email authentication protocols to protect recipients.

But are enough senders setting up email authentication? Let’s see what the research reveals.

SPF and DKIM

SPF and DKIM are the foundations of email authentication. Sender requirements dictate that all senders must use these protocols if they want their emails to reach the inbox.

The survey results show nearly two-thirds (66.2%) of organizations are using both SPF and DKIM for authentication while around 9% are using only one of the two protocols. More than 25% of respondents were unsure about SPF and DKIM usage.

For those who are unsure about SPF and DKIM authentication, it’s likely they are using at least one of them. Most email service providers (ESPs) require that these protocols are configured before any emails are sent. In some cases, an ESP may use its own SPF and DKIM records on behalf of smaller senders on shared IPs.

DMARC

DMARC is a newer email specification used to harness the combined power of SPF and DKIM. It checks for alignment of both protocols while a specific DMARC policy informs receiving mail servers on how to filter authentication failures. DMARC also provides reports about email traffic and who is sending on behalf of your domain.

DMARC is important because it is the best way to prevent email spoofing. This is when a bad actor tries to impersonate another sender or recognizable brand to deceive recipients.

The survey shows 53.8% of email senders were using DMARC in 2024. That represents an 11% increase from the previous year’s results.

Along with the increase in DMARC adoption came a 10% reduction in the percentage of senders who were unsure about DMARC usage. This suggests the requirement to have bulk senders implement DMARC increased adoption as well as awareness.

The three DMARC policies

When setting up DMARC, there are three different policies you can use. These policies suggest how emails that fail SPF or DKIM authentication should be filtered. They’ll either be rejected, quarantined to the spam folder, or nothing will happen at all.

Survey results indicate the p=none policy is the most used at nearly 32%. That’s followed by more than 19% who use p=quarantine and 17.5% who use p=reject. More than 31% of senders who use DMARC are unsure what their policy is.

While the new sender requirements only dictate that senders use a policy of None, that is expected to change. Google and Yahoo made it easy for now because their goal was to increase DMARC adoption. Representatives from these mailbox providers have said that they ultimately want more organizations to enforce DMARC with a p=reject policy.

Deliverability experts agree. Sticking with a p=none policy means you’re not getting the most out of DMARC. Unfortunately, many senders in our survey said they’d only update their DMARC policy if it was required.

“I think using p=none is a great start. Baby steps. But it doesn’t ever have any teeth if you aren’t upping that to another level. And that’s the main purpose of DMARC – to not allow others to send as you.”

Jonathan Torres

TAM Team Manager, Sinch

BIMI

Yet another specification connected to email authentication is Brand Indicators for Message Identification (BIMI). While BIMI is not involved with the authentication process, it serves as a visual indication that emails are properly verified. That’s because BIMI lets senders display a verified logo in mailboxes where it is supported, increasing engagement and helping keep recipients safe.

How BIMI displays a verified logo at the inbox level

BIMI was developed as an incentive to get more organizations to strengthen authentication and adopt DMARC. A BIMI logo can only be displayed if you are using DMARC with a policy of p=quarantine or p=reject.

Our research found BIMI adoption is still relatively low. Less than 6% of those surveyed said they have successfully implemented BIMI while another 11.4% are still working on it. 24.5% of senders are unsure whether their organization uses BIMI.

BIMI has the advantage of bringing additional branding to the inbox. Plus, a study from Red Sift found the appearance of BIMI logos has a positive impact on open rates and consumer confidence in the legitimacy of an email.

Why you need a custom domain for email

One thing that Google wanted to eliminate through stricter requirements around email authentication is the use of free domains for email sending. Because it’s easier, sometimes smaller businesses and non-profits will try to use a Gmail account with gmail.com as their sending domain. This often happens when the sender does not have their own custom domain name.

However, Google prohibits this practice. Sending through a third-party service such as your email service provider (ESP) with Gmail as your sending domain will not work. You need to establish your own custom domain for email sending. This is usually associated with your website domain name (e.g. yourbusiness.com) Check out a Mailjet Email Academy webinar that takes a deep dive into this topic and shows you how to get set up.

This video also explains how Sinch Mailjet users can set up sending domains for authentication with SPF and DKIM DNS records.

Separating mail streams for deliverability

Every email you send is associated with a specific sending domain and IP address. The reputations of your domain and IPs are directly connected to deliverability. Sometimes senders will strategically separate certain types of emails on different subdomains or IP addresses.

The most common approach is to separate promotional and transactional emails. That’s because transactional messages often contain important details for individual contacts, such as in an order confirmation, appointment reminder, or password reset, all of which are critical when it comes to keeping customers informed.

The reason to separate the two types of emails is that marketing messages are more likely to be reported as spam and get lower email engagement. That can negatively impact deliverability for transactional emails if they’re sent from the same domain or IP.

Our survey shows that around 37% of companies are separating transactional and promotional emails, more than half (50.3%) say they are not, and another 12.6% are unsure.

The percentage of those who separate email traffic is greater among organizations with high send volumes. But our deliverability experts think it’s a smart move for senders of nearly any size.

Shared vs dedicated email sending IPs

Today, most email sending happens through the cloud. Less than 5% of those we surveyed said they have on-premises mail transfer agents (MTAs). Maybe you’re like the 30% of those we surveyed who are unsure what their email infrastructure looks like.

Our research shows 29.7% of senders know their email infrastructure is cloud-based with a shared IP, and 22.3% know they are cloud-based with a dedicated IP. So, what’s the difference between shared and dedicated?

On a shared IP, you are sending emails from the same location as a group of other senders. Not only do you share the IP address, but you also share the reputation of that IP. So, if a bad actor starts spamming people from your IP, it can negatively affect your deliverability.

That’s why Sinch Mailjet has high standards for our Acceptable Use Policy (AUP). This agreement requires that anyone using our shared IPs follows specific guidelines, including low spam complaints, unsubscribe, and bounce rates. It also prohibits certain behaviors and types of content.

Using a shared IP is a perfectly acceptable way to operate. However, high-volume senders sometimes choose to use a dedicated IP. In this case, only one organization is sending from the IP address. That means no other senders’ behaviors can impact your ability to reach the inbox. It also means that, when you have deliverability issues, you’ve got no one to blame but yourself.

In general, the email industry is focusing more on domain reputation. While IP reputation still matters, you need to have a high volume of email in order for your sending IP to build a reputation.