Starting February 2024, Google and Yahoo will introduce new rules for senders who send mass emails to Google and Yahoo email addresses. The guidelines for email marketers who send more than 5000 emails per day are more strict, but mostly the same as for the smaller senders. You must set up authentication via SPF and DKIM, include an unsubscribe link into your messages, and watch your spam rate.
Set up email authentication
Google and Yahoo now require that you set up email authentication methods SPF and DKIM for your messages, which help them to verify that the messages actually come from you and not from spammers or hackers impersonating your company. Authentication protects your recipients against unwanted emails, spoofing, and phishing attacks. So it’s crucial to verify that your DNS records (SPF, DKIM, and DMARC) exist and are valid.
An SPF record (Sender Policy Framework) is published in the DNS and lists the mail servers that are allowed to send email on behalf of your domain. The SPF record for your domain should include:
- your email provider such as Google Workspace,
- your hosting service if you send emails from it (including the emails sent programmatically from WordPress or another CMS),
- transactional email providers like SendGrid or PostMark if you use them,
- any other technologies that you use to send emails and newsletters.
To send email with YAMM, you just need the include:_spf.google.com mechanism to allow sending emails from Google Workspace. You should check the support documentation of any additional providers that you use and add their includes to your SPF record. The SPF record must start with v=spf1, then the includes for each provider that you identified, then the ~all or -all mechanism to prohibit all other senders.
You should use Google Admin Toolbox to check your SPF record. If you see any syntax errors or messages about a missing SPF record, you need to fix them.
Changing the SPF record for your domain involves updating the DNS settings of your domain registrar or DNS hosting provider. You need to login to your domain registrar (the service where you initially purchased your domain), look for a section called "DNS Settings", “DNS Management”, or something similar, find the existing SPF record for your domain, or add a new TXT record to your domain. In the simplest case, your SPF record for Google Workspace should look like this:
Host / Name: @
Value: v=spf1 include:_spf.google.com ~all
TTL: 3600 seconds
After editing the record, click the Save button and allow it up to 48 hours to propagate (usually, the propagation takes just several minutes). The exact steps may vary depending on your domain registrar or DNS hosting provider. If in doubt, please consult with their support documentation.
DKIM (DomainKeys Identified Mail) is another authentication method that adds a digital signature to outgoing messages. Your email provider digitally signs the message body and selected headers. On the recipient’s side, Google and Yahoo can verify the signature using your public key published in the DNS, which allows them to check if the message actually came from you. Google requires that the DKIM key length should be at least 1024 bits; a 2048-bit key is recommended.
To set up DKIM, you should get the DKIM public key from your email provider’s dashboard, paste it to your domain registrar (just like you did for the SPF record), then turn on DKIM signing in the email’s provider’s dashboard to start adding a digital signature to the outgoing emails. If you use Google Workspace, you should copy the DKIM public key from your Admin console. A DKIM record looks like this:
Host / Name: google._domainkey (for Google Workspace)
Value: v=DKIM1; p=... (the key that your copied from the Admin console)
TTL: 3600 seconds
If your domain sends not only emails from Google Workspace, but also transactional emails or emails sent programmatically, you need to add another DKIM record for them. You can have multiple DKIM selectors for different parties sending emails on your behalf. In the example above, the selector is google, so the DNS host is google._domainkey
DMARC (Domain-based Message Authentication, Reporting and Conformance) allows you to receive reports from Google, Yahoo, and other email providers about messages from your domain that fail SPF or DKIM checks, so you can check that your setup works correctly. You can also instruct the recipient’s server to reject the messages that fail SPF / DKIM checks (e.g., phishing emails impersonating your organization).
Before setting up DMARC, you should set up SPF and DKIM, then wait for 48 hours to ensure that the DNS records were propagated. You can also check that SPF and DKIM work correctly using Google Admin Toolbox or another third-party checker.
Then, you should define your DMARC policy. According to the Google and Yahoo guidelines, it’s enough to have the p=none policy, so you don’t have to reject the messages that fail the SPF / DKIM checks. This is safer; even if your SPF/DKIM setup is incorrect, the messages will not be blocked by the DMARC policy.
The simplest DMARC record could look like this:
Host / Name: _dmarc
TTL: 3600 seconds
This record instructs the recipient’s email server to do the SPF/DKIM checks with the default settings and send the reports to firstname.lastname@example.org without blocking any messages. Please replace email@example.com with your email address. The best practice is to use a dedicated email address such as postmaster@yourdomain for these reports. Note that this email address is publicly visible in your DNS records and spammers will see it, too, so you need a spam filter for it.
You can also read more about different DKIM policies and settings, but the example above should be enough to start with. Later, you can add a more strict policy, although this is not required by Google or Yahoo.
Just like with SPF and DKIM, you should login to your domain registrar or DNS hosting provider, then add the DMARC record. After this, you will receive daily reports in the XML format to the email address specified in the DMARC record. Please look for the <spf> and <dkim> tags in them. If you see:
then everything is okay. But if you see <spf>fail</spf> or <dkim>fail</dkim>, then you need to investigate. When sending a lot of emails, you will receive dozens of such reports daily, so you may want to use a third-party tool to parse these reports and warn you about any failures.
Include an unsubscribe link
You should include unsubscribe links in your emails to avoid recipients reporting your messages as spam to Google or Yahoo. When a recipient cannot unsubscribe easily, they will press the Spam button, which reduces your domain reputation. It’s also a legal requirement in the US (under CAN-SPAM Act) and EU (under GDPR) to provide a visible and working way to opt-out from your marketing emails.
According to Google and Yahoo, the senders who send thousands of emails daily must also set up one-click unsubscribe using the List-Unsubscribe-Post email header.
As a general rule, you should honor the unsubscription requests and avoid sending emails to people who don’t want to receive them. You should also remove invalid recipients and hard bounces from your mailing list.
When using YAMM, you can easily insert an unsubscribe link, track the unsubscriptions, and avoid sending future campaigns to the unsubscribed recipients or to the bounced email addresses.
Watch your spam rate
You should register at Google Postmaster Tools and Yahoo Complaint Feedback Loop, where you can watch your spam rate and domain reputation. In the Google Postmaster Tools, you should keep your spam rate below 0.10%; in Yahoo CFL, you should keep it below 0.3%.
Google Postmaster Tools also display the following useful information:
- DKIM, SPF, and DMARC success rates;
- usage of TLS encryption for transmitting emails (Google requires that your email provider must support TLS when sending emails to Gmail accounts);
- your domain reputation;
- delivery errors.
Create a dedicated email address for newsletters
Google recommends sending newsletters and marketing emails from a dedicated email address such as firstname.lastname@example.org or email@example.com to avoid mixing them with the emails sent manually from your domain.
If you also send transactional emails such as purchase confirmations, you should set up another email address for them. Avoid including promotions in the transactional emails.
The requirements from Google and Yahoo are mostly technical. While setting up the DNS records takes some time, it reduces the chance of your emails being treated as spam. The other requirements such as the forward and reverse DNS records, RFC 5322 compliance, and using a TLS connection are already satisfied if you send with YAMM from Google Workspace.