There is a seismic shift in the email landscape occurring, led by Google, and starting at Gmail and Yahoo in February. Google is shifting long-standing best practices around authentication, encryption, and anti-spam into requirements for emails to be delivered to the inbox.
The changes that Google is pioneering will be difficult for many, but they are the right things to make email safer, more reliable, more trusted, and ultimately, a better experience for everyone.
At Valimail, we’ve been fully bought into these changes since day one, and we’ve been discussing this directly with Google from the outset. One concern for all has been the time frame for many customers and the possibility that good senders would encounter problems in February when the new rules started taking effect.
Last night, Google updated its guidance to give senders more time to get things right and more warning about potential problems before they turn into rejections. This is a great thing, but it doesn’t alleviate any pressure for senders to get this all done as quickly as possible. Before, senders were convinced there simply wasn’t enough time. Now, there may be just enough. If you get started today.
Let’s recap the requirements that have grown since the original announcement in October and now include:
- Authenticate all messages with DMARC (technically, authenticate all messages with SPF or DKIM aligned with the From domain)
- Send from a domain with a DMARC policy of at least p=none
- Have valid forward and reverse DNS that match each other
- Use the one-click unsubscribe header and an unsubscribe link in the footer
- Maintain a low spam rate of < 0.1%
- Encrypt your email (technically, require TLS)
Below, we’ll dive into some of the updates from Google, the new timelines around how these requirements will be rolled out, definitions around bulk email senders and the types of mail that might be impacted, and other updates we’ve seen.
Google’s Updated Timeline
Google recently refined the timeline for enforcing its updated email sender guidelines, offering more breathing room for senders to prepare. Here’s a quick recap:
- February 2024: All senders, regardless of volume, must comply with the general email-sending practices outlined in the guidelines.
- February 2024: Bulk email senders must start implementing enhanced requirements, including email authentication (messages must pass DMARC to be delivered and come from a domain with at least p=none). A percentage of messages that do not meet these requirements will start getting temporary errors.
- April 2024: Messages that are not compliant will start getting rejected.
- June 2024: Senders must implement one-click unsubscribe in all commercial and promotional messages.
There are a handful of benefits to the new, expanded timeline. Not only does it provide bulk senders more time to implement the technical changes, but it also helps ensure a smoother transition and prevent potential disruptions. Finally, it provides Google with an opportunity to gradually ramp up enforcement. This timeframe shows that Google is committed to these changes, is listening to the feedback of senders, and is planning to stay the course of enforcing these requirements.
We believe this is an excellent strategy for implementing these new requirements in a permanent, scalable way. There will be a learning curve for many email senders, but this will help them adopt crucial elements, like DMARC, for the long term. If Google proceeds to evolve these requirements and begins requiring DMARC enforcement, all these senders will be in a better place to meet those future requirements.
Clarifying “Bulk Email Sender”
When Google first announced these requirements, they were called “bulk sender guidelines,” and later, Google changed the name to “email sender guidelines.” Why? Because the term “bulk sender” was confusing. Technically, “bulk email” refers to marketing and other messages sent to a large number of recipients at once. However, Google’s guidelines apply to all senders of email, not just those that send large amounts of marketing messages. That said, the guidelines still refer to “bulk email senders,” now with valuable clarification on their definition. From Google’s support article:
A bulk sender is any email sender that sends close to 5,000 or more messages to personal Gmail accounts within a 24-hour period. Messages sent from the same primary domain count toward the 5,000 limit.
Sending domains: When we calculate the 5,000-message limit, we count all messages sent from the same primary domain. For example, every day you send 2,500 messages from solarmora.com and 2,500 messages from promotions.solarmora.com to personal Gmail accounts. You’re considered a bulk sender because all 5,000 messages were sent from the same primary domain: solarmora.com. Learn about domain name basics.
Senders who meet the above criteria at least once are permanently considered bulk senders.
Email Sender Guidelines
What this means is if you’ve ever sent more than 5,000 messages in a day, even just once, all these requirements apply to you, and you must authenticate your email. It does not matter if you consider the email “bulk” marketing messages or simple transactional messages; they all get swept up in the same requirements.
The crux of this message is simple: Regardless of your sending volume, you’re better off adhering to the new sending requirements if you want to ensure email delivery.
If the mail can’t get a DMARC pass, it won’t be delivered to Gmail, Yahoo, and potential other mailbox providers later this year. The best thing you can do is make sure you follow the new sending requirements, regardless of the type of email message or domain you’re sending from.
Why We Support These Changes at Valimail
At Valimail, we firmly believe that Google’s new sender requirements are a positive step forward for the entire email ecosystem. They will:
- Reduce spam and phishing: Email authentication and DMARC make it harder for spoofers and scammers to infiltrate inboxes.
- Improve deliverability: Senders who comply with the requirements will benefit from better inbox placement and higher sender reputation.
- Empower users: One-click unsubscribe makes it easier for people to control their inboxes and opt out of unwanted emails.
As a leading provider of continuous, automated DMARC, we’re here to help you navigate the new Google sender requirements with ease. We offer a comprehensive suite of tools and resources, including DMARC monitoring and enforcement and compliance reporting to help you determine if your emails will be blocked by these new requirements or not.
It’s important to remember that Google’s sender requirements are part of a larger trend toward increased email authentication across the industry. Yahoo is also implementing similar guidelines and Microsoft has concurred, stating that authenticating email improves deliverability. This means that embracing email authentication now is not just about complying with Google; it’s about future-proofing your email sending practices for a more secure and reliable email ecosystem.
“We’re so excited that Google and Yahoo are now both requiring strong email authentication as a prerequisite for delivery. Email authentication is the single best defense against fraud and abuse. It provides protection globally, creates herd immunity, and protects against bad actors. Email authentication has been a best practice for decades, and this is a step in the right direction. Requiring it for senders will make a demonstrable change for good for everyone, especially consumers who deserve a more trusted inbox.”
Seth Blank, CTO of Valimail
With Valimail as your guide, you can approach these changes with confidence. Follow our blog and social media accounts, and we’ll continue to keep you updated on the latest developments and provide the resources you need to stay ahead of the curve. Let’s work together to build a brighter future for email, one where senders and recipients alike can trust and enjoy the power of this essential communication channel.