Major Changes to Google and Yahoo Email Requirements
In a significant move towards heightened email security and improved deliverability, Google and Yahoo have unveiled new sender requirements for both platforms, effective February 2024. These updates align with established internet standards and best practices, aiming to create a safer and more trustworthy email ecosystem for users and senders alike. Basic standards apply to all email senders, but additional safeguards will come into play tailored to volume and message type (promotional vs. transactional).
New Requirements for Bulk Senders in Gmail
Google has laid out stricter regulations for high-volume senders on its platform. The following requirements all aim at creating a cleaner and more trustworthy Gmail experience:
- Authenticate Emails - bulk senders must authenticate their emails, ensuring strong adherence to established security standards. This step aims to close loopholes exploited by attackers, fortifying email integrity for all users.
- Enable Unsubscription - large senders are required to enable easy unsubscription. Gmail recipients should be able to effortlessly opt out of commercial emails with a single click, and senders must process unsubscription requests within two days.
- Ensure Less Spam - bulk senders must ensure they are sending wanted emails. By enforcing a clear spam rate threshold, Gmail recipients will experience even fewer unwanted messages in their inboxes. This proactive measure, an industry first, sets a new standard for email hygiene.
These changes represent key aspects to enhance security, user experience, and spam prevention. While guidance will be offered to assist senders in meeting these requirements, the collaborative effort of the entire email community is essential for maintaining a secure and efficient inbox.
New Requirements for Bulk Senders in Yahoo
While Yahoo echoes many of Google's core requirements for bulk senders, its updated guidelines place particular emphasis on a few key areas:
- DMARC - Yahoo encourages senders to strengthen DMARC implementation and monitoring, leveraging its reporting features to proactively identify and eliminate potential spam.
- Best Practices - adherence to Yahoo's sending best practices becomes even more crucial for optimal deliverability on the platform. These guidelines go beyond email authentication and delve into specific formatting, content, and engagement strategies.
- Transparency - Yahoo emphasises the importance of utilising ARC Headers for forwarded emails, ensuring greater transparency and accountability throughout the message chain.
Essentially, Yahoo's focus lies in amplifying security, fostering responsible sending practices, and enhancing message accountability. While the core authentication requirements and user-friendly unsubscribe options remain aligned with Google's approach, Yahoo adds another layer of scrutiny through its specific DMARC focus and best practices advocacy.
Essential Requirements for Your Business
To ensure successful deliverability and compliance with Google and Yahoo’s new sender requirements, your business will need to address the following elements:
- Email Authentication (SPF & DKIM) - mandatory for all senders to verify domain ownership and prevent spoofing.
- Low Spam Rates - monitor and actively work to minimise end-user complaints about spam to retain sender reputation.
- Valid DNS Records - ensure forward and reverse DNS records are valid and accurate for proper domain traceability and email verification.
- Message Format Compliance - adhere to established message format standards to guarantee smooth email delivery across platforms.
- Impersonation Prevention - avoid using Gmail "From:" headers for non-Gmail emails to prevent misleading users and potential phishing attempts.
- ARC Headers - implement ARC headers to enhance transparency and accountability for forwarded messages.
Additional requirements for bulk senders that send over 5,000 emails per day
- DMARC Policy Enforcement - define handling of unauthenticated emails for improved inbox delivery.
- DMARC Alignment - ensure proper domain verification for optimal deliverability.
- One-Click Unsubscribe - facilitate opt-out for recipients and comply with anti-spam laws.
By implementing these requirements and adopting responsible sending practices, you can ensure your emails reach their intended recipients in both Gmail and Yahoo inboxes.
Protecting Your Reputation
At InfoTrust, we are perfectly placed to assist you with DMARC planning and implementation and help you protect your email sender reputation. Our team of experts all have deep expertise and an excellent track record of supporting all types of businesses in Australia. Contact the experts at InfoTrust for a security strategy session.
see our
Related resources
Mimecast recently released its State of Email Security Report for 2021. The fifth edition of its annual report used interviews with over twelve hundred of information technology and cybersecurity professionals across the globe to gather vital cybersecurity insights. The report offers an insight into the latest email threats along with advice on how to build cyber resilience and mitigate the risks of email-borne attacks.
Cyber attacks and data breaches have been commonplace in the news headlines for some time now. Although a warning from the media is certainly helpful, there is so much more that can be done when it comes to threat intelligence sharing. Threat intelligence sharing is an important part of the global cybersecurity community effort to tackle cybercrime and should form a part of every organisation’s cybersecurity strategy. Sharing cyber threat intelligence enables organisations to make informed decisions about their cybersecurity, building more effective and robust cyber defences.
One of my favourite annual reports to read is the Verizon Data Breach Investigations Report. It’s packed full of insights about the threat landscape and security leaders, in my opinion, should read this report to get a pulse on what’s happening in cyber-scape.
After all, as cyber leaders, we are here to stop breaches – so the insights gained from real cyber incidents and breaches is gold in learning how to tighten up our defences.
All businesses, large and small, are under increasing pressure to demonstrate that they are managing the risk of cyberattacks. This means having the right processes and controls in place to identify risks and vulnerabilities, protect information, as well as detect, respond, and recover in the event of cybersecurity incidents. As such, many businesses are turning to certification authorities and security frameworks to demonstrate privacy and security best practice and achieve compliance with regulatory bodies. System and Organisation Controls (SOC 2) is one such compliance framework that can help organisations to create a structured approach to cybersecurity.
Frost & Sullivan has recently released its 2021 Frost Radar: Email Security report, where its findings provide a benchmarking framework to help businesses protect their email from cyber threats.
As we operate in an increasingly digital world, every business collect, store, and share more and more data. And, amongst that data is personal information. With the OAIC marking this year’s Privacy Awareness Week (PAW) from Monday 3 May to Sunday 9 May 2021, it’s time for us all to review how we protect our customers’ personal information.
We're Here To Help