Gmail, Yahoo, and Others Embrace Stricter Email Authentication Standards in 2024

Google and Yahoo recently announced that they will be enforcing stricter email standards for bulk senders in 2024. Google’s requirements will go into effect in February, with Yahoo following suit shortly after, in Q1.

Industry leaders in the email world are cracking down on bulk email senders to ensure they are setting up their systems correctly. Bulk email senders are those that send emails to 5,000+ recipients in a single day. Thus, many companies will need to meet these new requirements in order to ensure their emails are delivered. 

Here are the new requirements:

  1. Email Authentication: Senders must adopt email authentication protocols such as SPF, DKIM, and DMARC in order to verify their identity and prevent impersonation attacks. 
  2. One-Click Unsubscription: Senders must provide an easy, one-click option to unsubscribe from an email list without imposing any extra steps or difficulties. 
  3. Spam rate threshold: Senders must remain under a specific spam-complaint threshold.

What does this mean in practice? Let’s get into the details.

Email Authentication

Here’s the problem: many bulk email senders have never taken the time to properly set up the security aspect of their email system. In other words, they don’t have proper email authentication. This massive hole in the system opens up opportunities for malicious attackers to steal their identity and send spammy emails pretending to be the company. Rather than going after these attackers individually, it is much easier to make the system airtight. That way, it is much harder for impersonation attacks to take place. 

Impersonation and phishing attacks can be devastating for individuals and companies alike. These new email authentication requirements will be a massive step towards protecting people online. 

The best way to secure the system is with email authentication protocols such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and strongest of all, DMARC (Domain-based Message Authentication Reporting and Conformance). 

Although these protocols have been around for a while, they are only now being enforced as mandatory.  

To learn more about email authentication protocols and how to implement them, check out our managed DMARC services.

Email impersonation attacks are not a joke Jim!

One-Click Unsubscribe

We all know how frustrating it can be to unsubscribe from an email list we don’t want to be on anymore (or never did in the first place.) According to Google’s recent article, “you shouldn’t have to jump through hoops to stop receiving unwanted messages from a particular email sender.” For that reason, Google and Yahoo are requiring that consumers be able unsubscribe from a sender with one click. No more perpetual list trapping. This is also great for companies, because people who no longer want to receive emails can simply take themselves off the list, rather than inappropriately marking the company as spam, which you should never do, by the way. 

“you shouldn’t have to jump through hoops to stop receiving unwanted messages…”

-Neil Kumaran, Group Product Manager, Gmail Security and Trust

New Spam Rate Threshold

For the first time, Google and Yahoo are introducing a spam rate threshold, requiring bulk senders to remain under a certain spam-complaint rate. This is a never-before-seen implementation in the email industry. What this means for companies is they will have to be careful not to send too many unwanted emails. For consumers, this means they can expect much fewer unwanted messages hitting their inbox. 

The Bottom Line About Email Authentication

These new email standards are in direct alignment with Google and Yahoo’s mission to deliver more messages that consumers want to receive, and filter out the ones they don’t. These changes start being enforced in February, so if you’re a bulk email sender, the time is now to get your email system up to standard. 

For more info on how to keep your emails out of spam, check out this article