In an effort to further protect their users’ inboxes, Gmail and Yahoo! introduced a new set of requirements senders must meet in order for mail to be delivered as expected to their subscribers.
SendGrid hosted a webinar on January 9th to dig into the details of these changes with Gmail. Read on to learn more from the webinar Q&A.
Beginning after February 1st, email senders should be prepared to see deferrals for non compliant email. SendGrid expects that these deferrals will apply only to a percentage of your email. SendGrid will automatically retry this email and it will likely eventually reach customers’ inboxes.
Deferrals identified in February and March will provide you with an opportunity to fix any compliance issues in your email integration, while seeing minimal impact to the end delivery outcome.
April 1st and beyond is when you will begin to see substantive impact to your emails in the form of rejections (email is fully blocked by the inbox) if you’re not in compliance with Gmail and Yahoo’s new requirements.
The inbox providers have only indicated that a percentage of non compliant mail will be rejected beginning April 1st and that this percentage will increase over time.
SendGrid is automatically set up to retry any emails that have been deferred by inbox providers. In February and March, non-compliant mail that is deferred will be delayed to the recipient, but will likely be received after some indeterminate period of time. Beginning in April, an increasing percentage of mail will be rejected by the inboxes and will not be delivered. This mail will not be in SendGrid’s control to deliver.
A bulk sender is any primary domain (company.com) that has sent more than 5,000 emails to the given inbox provider in 24 hours. This calculation is determined separately by each inbox provider, however the requirements for each inbox are the same. There is not a definitive date that these providers began measuring, however data will be used prior to February 1st, 2024 to classify bulk senders.
The bulk sending category is not an average over time, and once you enter this category, the inbox providers have not provided a way to leave it.
A bulk sender is calculated at your primary domain (company.com). Bulk sender is NOT segmented or calculated at other aggregate levels such as IP, subdomain or individual email address.
The DMARC policy for all mail and the one click unsubscribe for marketing mail are the two requirements that apply only to bulk senders. All other requirements apply to all senders
All mail sent using your domain will be used to calculate your total email volume and classify you as a bulk sender. This includes both transactional and marketing emails, emails sent using both SendGrid as well as another ESP, and includes any other integrations such as emails sent by a CRM associated with your domain.
While not entirely clear, it’s likely any internal communication sent through Google workspace to emails you own will not count toward this volume.
Google workspace inboxes are Gmail inboxes configured for a company’s domain, such as ‘@twilio.com’. Only mail sent to personal “@gmail.com” accounts will put you in the bulk sender category.
The DMARC policy for all mail and the one click unsubscribe for marketing mail are the two requirements that apply only to bulk senders. All other requirements apply to all senders.
Transactional emails (aka triggered emails) are triggered by a user’s interaction with a web app (e.g., a purchase receipt, 2FA). Marketing email is defined by the FTC as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service.”
Another way to think about the difference is that transactional mail is mail that is necessary for a customer’s existing usage and actions, while marketing mail is designed to drive new engagement with your product or service.
Inbox providers use complex algorithms to analyze message content as well as a sender’s reputation to determine if a message is likely to be marketing or transactional.
DMARC can be implemented both at the primary and subdomain level. A DMARC policy will first be reviewed at the subdomain level. If a policy does not exist, DNS record checks will cascade towards the primary domain until a DMARC policy is found.
To meet the google requirements, a policy of v=DMARC1; p=none is necessary. Additionally Yahoo “strongly recommends” an RUA tag with an email to transmit the DMARC reports to. A DMARC policy of p=none is the easiest to implement, however it doesn’t leverage the value of DMARC.
Once you understand what mail is being sent from your domain you can determine which mail is legitimate and which is not. From there you can take additional steps to implement stricter policies such as p=quarantine or p=reject, which will send unqualified mail to spam or be fully rejected, respectively. For more information on this, see How to Implement DMARC.
Google and Yahoo have not laid out any specific plans or timeline for additional requirements, however a transition to quarantine or reject policies would make sense given the goal of these requirements, in part, are to reduce phishing. Taking steps to implement these stricter policies will improve your email performance and leave you more prepared for any future changes.
Valimail offers Free DMARC monitoring, and paid services like Enforce to help you implement stricter DMARC policies. You can view valimail.com to learn more about all the ways they help make DMARC easier.
Aggregate DMARC reports will provide an overview of email traffic sent from your domain. These reports help identify which emails are failing DMARC and why they are failing DMARC.It will also allow you to determine if that traffic is coming from you or if it is potentially malicious content being sent by another party who is abusing your domain.
One Click unsubscribe refers to the button that can appear at the top of an email in an inbox. This allows email recipients to unsubscribe from email without leaving their inbox.
For more information, see SendGrid’s List-Unsubscribe documentation.
One click unsubscribe only applies to Marketing and Promotional mail. Transactional mail does not require one click unsubscribe, but it does need to meet the other criteria set by Google and Yahoo.
The List-Unsubscribe-Post header communicates that the unsubscribe method is one click via a POST request. Anti spam software may issue GET requests to links in emails. To prevent accidental unsubscribes, add an additional step so that the GET request to that link does not unsubscribe someone.
As an example, you could make the GET request to the link present a landing page to the user containing a link or button to confirm the unsubscribe. A POST request to this link, such as that generated through the one click unsubscribe in the email header, should result in an unsubscribe.
You can still use advanced subscription management or other types of unsubscribe groups, so long as your integration includes the two required headers in the new requirements. You may link to an unsubscribe group in your one click unsubscribe header.
For more information on using unsubscribe groups in general, see SendGrid’s Unsubscribe Groups documentation.
Gmail and Yahoo! are the ultimate deciders of which emails will display a one click unsubscribe button next to the from address of the email. Low sender reputations can occasionally cause the one click unsubscribe button to not be displayed.
An inbox spam rate of 0.3% is the highest rate a sender can see before becoming non compliant with the inbox provider’s new requirements. Google has also stated that a 0.1% or lower inbox spam rate is highly encouraged and rates higher than this will likely also see impacts.
Inbox providers have not given exact time frames for how this metric is calculated. A generally safe assumption is that consistently high spam rates will see higher filtering than spikes in spam rates due to fraud takeovers or an exceptionally poor performing campaign.
Both DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF) are required. DKIM adds a digital signature to outbound email to help prevent spoofing. SPF helps to prevent email sending abuse by ensuring that the IP address from which a message was sent is authorized to send mail on behalf of the domain in the email’s Envelope From or return-path.
The domain authentication process involves setting up both SPF and DKIM. If you’ve already gone through this process and set up your DNS records correctly you will have these two requirements in place.
No. Sending from your workspace email is fine. Only mail from “@gmail.com” or “@yahoo.com” sent through a Mail Transfer Agent (MTA) fails these requirements.
Single sender authentications will likely see significant impacts when sending to Gmail and Yahoo inboxes. Because a single sender authentication can not have SPF or DKIM set up, these emails will be rejected by the inbox providers. As a result, SendGrid expects to see Single Sender accounts be more dedicated to testing integrations internally and will be less viable in use cases that are trying to reach these inbox providers.
Gmail and Yahoo are largely coordinated on this enforcement. Two nuances are that Yahoo “Strongly recommend[s]” a rua tag with a valid email address to send the DMARC reports to. They’ve not labeled this as a requirement however it’s possible this could have an impact on deliverability to these inboxes.
Additionally, Gmail and Yahoo both classify a bulk sender as any domain sending more that 5,000 emails to the respective inboxes in a given day. It’s likely you will be classified as a bulk sender by Gmail before Yahoo as most SendGrid customers send a larger percentage of their mail to Gmail inboxes.
As we continue to partner with our customers to implement these requirements, we’ll be updating our resources and continuing to share more resources. In addition to the webinar, please also visit Gmail and Yahoo’s New Sender Requirements: A Closer Look for more information.
