When it comes to email, Google and Yahoo have long been major players, and I can pretty much guarantee that the vast majority of your clients and subscribers are receiving emails via Gmail or Outlook, according to recent data on which email service providers people choose most.
However, things are changing in February 2024, as both Google and Yahoo are introducing new email sender authentication requirements. These changes have the potential to significantly impact email deliverability and the overall email experience for both senders and recipients.
Here’s a preview of what I’m covering in this post:
Table of Contents
If you use any third-party platforms for sending emails to your clients or subscribers, this is an update you can’t afford to ignore. Yes, there’s some advice out there saying changes are only required if you send 5,000 emails per day. And that’s true…for now.
However, the concepts and to-do’s I’m covering in this post have been respected as industry best practices for a very long time. Every time I’ve helped a client get their domain set up for their email marketing platform or CRM, I follow these steps. My prediction is that this is only the beginning of tighter requirements and more scrutiny around spam, so I highly encourage you to get your email house in order.
If you can’t get your email seen by your clients, they’ll never read that newsletter you poured your heart into or have an opportunity to click that book now button in your sales sequence.
Let’s make sure this isn’t what’s keeping you up at night. I’m breaking it all down for you below, so give this an hour of your time.
Why are Google and Yahoo Making Email Changes?
Basically, Google and Yahoo are over spam and phishing scams. A whopping 8 billion spam emails get sent every day in the US alone (Source: Statista). Add to that the fact that email phishing is the single most common form of cybercrime, and these bad guys keep getting smarter and more sophisticated in their attacks.
So, on behalf of their users, Google and Yahoo beefing up email security measures and enforcing email authentication to make sure you’re receiving only emails you actually want and that the bad guys can’t impersonate your brand and take advantage of your subscribers.
Exactly What are the Google and Yahoo Email Changes?
There have been a couple of big announcements that I want you to know about.
First, Google started deleting inactive Gmail accounts last month. They’re telling us that these inactive accounts are more likely to be compromised by scammers, and they’re getting rid of them to reduce the risk. While that is most definitely true, we all know it’s about the bottom line – and Google can’t advertise inside the inbox to orphaned accounts. So they’ve got money tied up in data storage with no way to monetize that [email protected] account.
Going forward, any Google account that hasn’t been used for at least two years is subject to being deleted (following multiple notifications).
Second, both Gmail and Yahoo inboxes are upping their game when it comes to spam and email authentication.
Here are the new rules:
- You can’t send bulk emails (like from your Mailchimp or Flodesk or ConvertKit) from a free account like @gmail.com anymore.
- You, the sender, must email from a verified domain using SPF and DKIM records (more on what these cryptic letters mean below).
- Your domain must include a DMARC record setup (I gotchu on this one, too 😘).
- A one-click unsubscribe is required. No more sending subscribers to a form where they have to enter their email address or manage preferences.
- If your spam rate is over 0.3%, you’re blacklisted.
How Gmail and Yahoo’s Email Changes May Impact You
While Google originally announced that these changes only affect you if you’re sending 5K emails or more per day, my bet is that this is only a first step – and we smaller fish need to get our ducks in a row pronto.
It’s also just the right way to send email, so let’s take the mystery out of it and comply with the new requirements before we’re forced to.
So here’s why it matters to you.
- If you don’t have a business email set up with your own domain already, you’re gonna want to get on that.
- If you’re sending marketing emails or emails through your CRM and you’re not using your own domain, it’s time to start. Email platforms will begin enforcing this now.
- If you don’t follow the new email authentication requirements, it’s much more likely now than ever that email providers will recognize your email as spam.
- If you send enough emails that break Google and Yahoo’s new rules, you’re at risk of getting blacklisted, which means practically nobody receives your emails….not even in the junk folder.
An Overview of Email Deliverability
Before I get to the super techie details, I think it helps to have some context. So here’s a quick class called Email Deliverability 101.
Everything starts with you, the sender.
You’ve got an email. You thought about what to write. You put it on a ClickUp list. You wrote the sh*tty first draft. You edited. You scheduled it in Mailchimp. You sent. You are awesome. (👈 This part is HARD. WORK.)
You’ve got a subscriber. You’ve done something right. You put a thing out into the world, and someone signed up and said, “YES! I want your thing! And it’s cool if you send me emails sometimes.”
Now that little email that you worked so hard on has to make its journey to get to your subscriber through a maze of servers and filters before it lands in your subscriber’s inbox where they can click open and read with delight.
Step One: Your email goes into your Email Service Provider’s (Mailchimp in this story) MTA or Mail Transfer Agent and waits to be sent. 📬
This is why it’s important to choose a reputable ESP. You can’t control any part of this step.
Step Two: Your email goes to your subscriber’s mailbox provider’s server. Let’s say you sent it to [email protected]. Here GMail does a few checks. If your email fails one of these checks, it’s a full-on rejection. You’ll sometimes hear this called a hard bounce. Do not pass go. Do not collect $200. Story’s over. 💀
- Is the email address valid? (If no, your email bounces.)
- Is the inbox full? (If yes, your email bounces.)
- Was the email sent from a blacklisted IP address? (If yes, your email bounces.)
This step is mostly up to your ESP as well, but know that every bounce is a knock against your reputation as a sender.
Step Three: If your email makes it past the guards, it moves on to the spam filter. This is where Gmail checks your email authentication to make sure it’s really you sending the email and to see if you’re a reputable sender. 📋
This one is the techie setup stuff that you fully control.
Step Four: Your email passes through an engagement filter where Gmail considers your subscriber’s inbox rules, preferences, and past behavior. This primarily has to do with your subscriber and it’s why it’s so important to send quality, valuable content to your email list rather than literal junk. 💌
Step Five: If your email passes this final test, it earns its place in the almighty inbox. No promo tab, thank you. Your subscriber reads it, clicks the button, and schedules the consult call. You’re on your way to making money. 🤑
5 New Gmail and Yahoo Mail Rules for Bulk Email Senders – Steps to take
1. Email senders must send from a custom domain
Connect your domain in your Mailchimp account. Here’s the full step-by-step process from Mailchimp.
In most cases, by following these steps, you’ll also be taking care of #2 below.
Not a Mailchimp-er? Maybe one of these is you: ConvertKit, Flodesk, MailerLite. No? Just Google “{Your email platform} domain verification,” and you’re likely to land in the right place.
2. Every email must authenticate with SPF and DKIM
If you followed the steps in #1 correctly, you’ve probably already taken care of this, but let’s go a little bit deeper just in case. SPF and DKIM are DNS records. If these feel all L-M-N-O-P, let me try to simplify.
What is a DNS record?
DNS stands for Domain Name System. Cloudflare (my first choice for nameservers) explains this as the phone book of the internet. It’s essentially a giant directory that tells the interwebs, “when I type in thiswebsitedotcom, take me to IP address 123.123.1.1.”
Without it, we’d need to know all those “phone numbers.” That would be a nightmare. So your DNS records kind of define your domain.
They look something like this. My example below is from Cloudflare.
What is SPF? (Sender Policy Framework)
SPF stands for Sender Policy Framework. That name doesn’t make any sense. Most likely because some IT dudes came up with it, and they’re terrible at naming things. SPF records are kind of like a permission slip that says, “I’ve given Mailchimp permission to send emails with mydomain.com.”
Think of it as a list of approved senders.
Again, different email services handle this differently, but they’re often a TXT record and just a bunch of text you need to copy and paste into the right box.
You may need more than one approved sender in your SPF record.
You may have one for your email marketing platform, one for your CRM, and one for your website’s mail server. If that describes your situation, you’ll want to carefully follow instructions for merging your SPF to include all the tools you use to send emails.
All you need to do is log in where your DNS records are hosted (usually wherever you registered your domain…usually) and carefully follow the instructions from your ESP’s help article.
What is DKIM? (DomainKeys Identified Mail)
DKIM stands for DomainKeys Identified Mail. Again, dumb name.
DKIM serves as a digital signature to let the receiver know that you authorized this email. The recipient’s mailbox provider verifies this key received in the message header to make sure it matches the record on your domain. I’ve also heard DKIM described as the wax seal on the digital envelope you send that confirms no one has tampered with your email before it made it to the receiver.
Same goes for DKIM as for SPF. Email platforms handle this in different ways, but as long as you follow the domain verification instructions carefully, you’ll be good to go.
3. Your domain must have a DMARC policy
DMARC stands for Domain-based Message Authentication, Reporting & Conformance. To create a DMARC policy, you’ll add one more TXT record to your list of DNS records.
Your DMARC policy tells your recipients’ email providers what to do when SPF and/or DKIM verification fails. This one’s a bit trickier because it’s up to you to configure it correctly.
If this part feels super overwhelming and you’re more of a beginner in this world, try out Postmark’s free DMARC reporting tool. Just follow the prompts to create the correct DMARC record and then copy and paste it into a new TXT record in your DNS one last time. Postmark will send you a nice weekly summary that you can actually read so you can see what emails are passing or failing verification.
If you’re a bit more advanced, you can use this handy tool to help you create the right text that you can copy and paste into your TXT record. The wizard does a good job of asking you questions in English to get to the correct text.
I recommend you choose “None” for your policy. This means you’ll get a report when an email fails verification (if you add your email address) but your email will not get stopped. “Quarantine” sends your email to the spam folder. “Reject” will bounce your email.
It’s also a good idea to set up DMARC reporting because if you just add your email address in this wizard, you’re going to get these strange little text files that are impossible to read. I like Cloudflare’s DMARC monitoring for more advanced senders of the emails.
4.Email senders must offer a one-click unsubscribe link to their email list
This requirement is handled by your email marketing platform. If you’re with Mailchimp, you’re already set. Just make sure each email you send includes the unsubscribe link in the footer. I know there are several ESPs that are working diligently on adding this feature, so if yours doesn’t have it yet, it will ASAP.
5. Your spam complaint rate must be lower than 0.3%
A spam complaint is recorded when the recipient flags your email as spam. When your beloved subscriber clicks the spam button, Gmail or Yahoo or whatever other email service they’re using reports it back to your ESP. Your ESP closely manages this and so do the inbox providers.
To stay in good standing, your spam complaints must be extremely low. This is why it’s so important to make sure you’re getting consent from every email subscriber and only sending good-quality emails.
It’s important not to completely overwhelm your subscribers with way too many emails. It’s also important that you don’t send so few they can’t remember they ever signed up.
This is also where good email list hygiene comes in.
I highly recommend automating a sequence of emails to re-engage subscribers who haven’t opened your emails in a while, say 90 days or so. Ask them to confirm they want to stay on your list. If they open your emails and opt to stay in, perfect. You’ve got their attention and you can keep nurturing them.
If they don’t, cut them loose and unsubscribe them. This helps to keep your email reputation up and usually saves you a little money too. No need to waste emails on someone who will never open them.
What should I do about the new email rules from Google and Yahoo?
What you can’t do is ignore them. Email marketing has one of the highest ROI’s of any marketing approach ($40+ dollars made for every $1 you spend on average), so you can’t afford to get sent to spam. Sometime in the next week or so, find an hour to walk through the steps above and take care of this.
Get support from GreenHouse Creative
If you need a little support, I’ve got a few options for me and my team to jump in and help you.
Option 1: Grab my DIY Email Deliverability Package.
You’ll receive thorough step-by-step instructions to get your email fully verified with any platforms you’re using. (If your platform isn’t already in our instructions, I’ll add it!)
You’ll also get my List Clean-up Sequence Templates. Customize the templates, send them to your cold subscribers, and unsubscribe those who don’t click to confirm. Just like that, your list will be squeaky clean.
Option 2: Grab the Tech Only Email Deliverability Package.
We’ll collect your account details and handle all the tricky tech stuff. You’ll receive the same List Clean-up Templates so that you can kick out those disengaged subscribers, too.
Option 3: Grab the All-Inclusive Email Deliverability Package.
Hand the whole enchilada over to us and rest easy knowing you’re not landing in spam land. We’ll take care of your DNS records to verify all your email-sending platforms and set up an automated List Clean-up Sequence to get and keep your list clean from now on forever.
You can grab your email deliverability package here. If you’ve got questions, shoot me an email at racheal(at)greenhousecreative(dot)co (yes, .co not .com) or head over to my insta and send me a DM.
