Deutsch
Arabic
Armenian
Bosnian
Bulgarian
Croatian
Czech
Danish
Dutch
Estonian
Finnish
French
Georgian
Greek
Icelandic
Italian
Latvian
Lithuanian
Luxembourgish
Macedonian
Norwegian
Polish
Portuguese
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Turkish
Ukrainian
In order to improve inbox security for users and combat the flood of spam messages, Google and Yahoo have decided to tighten the guidelines for receiving messages from 1 February 2024. The new policy will particularly affect domain owners who send more than 5,000 emails per day to personal email addresses on the gmail.com, googlemail.com, yahoo.com and ymail.com domains. All emails, regardless of their type (marketing or transactional), are counted towards the daily email volume.
To ensure the delivery of emails, Google and Yahoo have defined three main requirements:
- Implement email authentication
For email authentication, bulk email senders must now set up SPF, DKIM and DMARC for their sending domains. To fulfil the DMARC requirements of Yahoo and Google, a valid DMARC record with a policy of at least p=none should be present in the DNS settings for the sending domain. Although the current guidelines only require the DMARC record to be matched to SPF or DKIM, a full match to both protocols is strongly recommended. This will most likely also become a sender requirement in the future. Furthermore, Google and Yahoo refer to the creation of DMARC reports with an RUA tag. These reports provide you as a bulk sender with an overview of your domain's email traffic, further information on the status of the authentication checks and the source from which the messages were sent.
If you are not sure how to create a valid DMARC entry, you are welcome to use our DMARC generator. - Simple deregistration
To make life easier for email users, marketing and subscription messages must support a one-click unsubscribe mechanism and include a clearly visible unsubscribe link in the email body. However, it is important to mention that the second link does not have to be accessible with one click.
If an email user decides that they no longer wish to receive emails from a sender, the sender is obliged to fulfil the request within 2 days and remove the recipient from the mailing list. - Low spam rate
To ensure the delivery of your messages, it is also important that the spam rate is at or below 0.3 %. Ideally, the spam rate should be below 0.1%, which corresponds to a rate of less than 1 in 1000 messages. If your messages are frequently labelled as spam, the likelihood that future messages from your domain will automatically be reported as spam increases. It is therefore advisable to only send emails to recipients who actually want to receive them.
In addition to these three main requirements, there are other additional requirements that senders of emails must observe. These are:
- Sending domains or IP addresses must have valid PTR records.
- The messages must be formatted in accordance with the "Internet Message Format Standard".
- No "Google Mail From:" headers may be imitated.
- If emails are regularly forwarded, the ARC headers must be added to the outgoing messages.
Further details and instructions on the new Google and Yahoo sender requirements are available in Google's email sender guidelines and Yahoo's email sender requirements.
As some of the new requirements apply to all senders and not just bulk senders, we have compiled an overview below of what needs to be implemented:
| All senders | Bulk senders (> 5000 emails per day) |
| SPF or DKIM authentication | SPF or DKIM authentication |
| Valid PTR entries | Valid PTR entries |
| Spam rate below 0.3% | Spam rate below 0.3% |
| Message format according to RFC 5322 | Message format according to RFC 5322 |
| No imitation of Google Mail "FROM:" headers | No imitation of Google Mail "FROM:" headers |
| Requirements for e-mail-forwarding | Requirements for e-mail-forwarding |
| DMARC authentication | |
| Alignment "FROM:" headers with SPF or DKIM domain | |
| 1-click unsubscribtion |
WHAT CAN HAPPEN IF THE REQUIREMENTS ARE NOT MET?
If bulk senders do not comply with the new Google and Yahoo email guidelines by the deadline, the emails may be labelled as spam or rejected by the recipient's email provider. This has the effect of reducing the reach and therefore the effectiveness of communication and marketing efforts. Furthermore, the sender's reputation can also be damaged, which influences the decision as to whether a message ends up in the inbox or spam folder or is rejected altogether.
FAQ
WHAT IS SPF?
SPF stands for Sender Policy Framework and its purpose is to prevent email spoofing. Email spoofing is a common tactic in phishing attacks. The attacker falsifies the sender in the "FROM:" field of the message header in order to impersonate another person and conceal their own identity. You can find more information on the structure and design of an SPF entry in our FAQ article "What is an SPF entry and how must it be designed?". You are also welcome to use our SPF generator to create the right SPF for your domain.
WHAT IS DKIM?
DKIM stands for DomainKeys Identified Mail and makes it possible to verify that an email actually originates from the specified sender and has not been modified during transport. The sending mail server adds a digital signature to the message header, which the receiving mail server can check using a public key in the DNS zone of the sender domain. You can find more information about DKIM in our FAQ article "What does DKIM do for me and why should I use it?".
WHAT IS DMARC?
DMARC stands for Domain-based Message Authentication, Reporting & Conformance and ensures that the sender displayed is trustworthy. The e-mail authentication protocol is designed to prevent the misuse of e-mails, such as e-mail spoofing. DMARC is based on SPF and DKIM and checks the authenticity of the "FROM:" line in the message header. You can use the DMARC guidelines to define how the receiving mail server should authenticate an incoming message and what to do in the event of an error. You can find more information about DMARC and its structure in our FAQ article "What is DMARC and what is it used for?". Use our DMARC generator to generate your personal DMARC entry.
HOW CAN I ANALYZE THE DMARC REPORTS?
In the DMARC entry for your domain, you can define an e-mail address to which the receiving mail servers send back reports that can be used for analysis. This allows you to identify which servers are actually sending emails on your behalf, locate authentication and policy issues, prevent misclassification of your emails or detect unauthorized use of your domain for spam, malware or phishing attacks. If you send a large number of emails, an analyzer tool such as our free DMARC Analyzer tool can help you keep track. It automatically aggregates and organizes the data from the DMARC reports and creates a comprehensive overview.