Gmail and Yahoo demanding new email certification rules 1Q 2024
Gmail has introduced new measures to reduce unwanted emails for users, effective from February 1, 2024. Currently, you might encounter the "bounce apocalypse" as dormant or inactive Gmail accounts are being removed from their servers. Bounce messages, including phrases like "inactive mailbox" and "disabled mailbox," will be bounced back to your email marketing system. This presents a valuable opportunity to verify that your data is active, cleaned, and opt-in compliant.
But the big blow will come on 1 February 2024, when Gmail has announced new tightening of the email certifications SPF, DKIM and DMARC to minimize spam mails to their 1.2 billion users (2023).
As an emailer, you must be aware that the requirement, among other things, is that everyone who sends more than 5,000 emails a day to Gmail must have SPF, DKIM and DMARC verified emails.
Here is a brief explanation of what email certifications are:
SPF prevents spammers from sending unauthorized messages that appear to come from your domain. Configure SPF by publishing an SPF record on your domain. The SPF record for your domain must reference all email senders for your domain. If third-party senders are not included in your SPF registration, messages from these senders are more likely to be marked as spam. Learn more about how to define your SPF record and add it to your domain.
Enable DKIM for the domain that sends your mail. Recipient servers use DKIM to verify that the domain owner sent the message. Learn more about how to enable DKIM for your domain.
Important! Sending to personal Gmail accounts requires a DKIM key of 1024 bits or greater. For security reasons, we recommend that you use a 2048-bit key if your domain provider supports this. Learn more about DKIM key length.
DMARC allows you to tell recipients what to do with messages from your domain that do not transmit SPF or DKIM. Set up DMARC by publishing a DMARC record for your domain. Messages must be authenticated by SPF and/or DKIM to pass DMARC authentication. The authentication domain must be the same domain that appears in the From: header of the message. Learn more about how to add a DMARC record to your domain.
We recommend that you set up DMARC reporting so that you can monitor mail that is sent from your domain or that appears to be sent from your domain. DMARC reports help you identify senders who may be impersonating your domain. Learn more about DMARC reporting.
When you configure DMARC, you can optionally configure BIMI to add your brand logo to messages sent from your domain. Learn more about how to add your brand logo with BIMI.
Here are the requirements for 5000+ sends daily from the Gmail Postmaster support page:
- Configure SPF and DKIM mail authentication for your domain.
- Ensure that sender domains or IP addresses have valid forward and reverse DNS records. These are also called PTR records. Get more information.
- Keep spam rates reported in Postmaster Tools below 0.3%. Get more information.
- Format messages according to the Internet Message Format standard (RFC 5322).
- Don't mimic Gmail's From:-headers. Gmail will begin using the quarantine enforcement policy for DMARC, and impersonating Gmail's From:-headers may affect the delivery of your mail.
- If you regularly forward emails, e.g. using mailing lists or inbound gateways, add ARC headers to outbound mails. ARC headers indicate that the message has been forwarded and identify you as the person who forwarded it. Mailing list senders should also add the List-ID header, which identifies the mailing list, to outgoing messages.
- Configure DMARC mail authentication for your sender domain. Your DMARC enforcement policy can be set to none. Get more information.
- In the case of direct mail, the domain in the sender's From: header must be aligned with either the SPF domain or the DKIM domain. This is required to be approved after a DMARC adjustment.
- Marketing and opt-in communications must support one-click opt-out and include a clearly visible unsubscribe link in the message text. Get more information.
If you send more than 5,000 emails per day before February 1, 2024, you must follow the guidelines in this article as soon as possible. You may be able to improve your mail delivery if you meet the requirements to send before the deadline. If you do not meet the requirements described in this article, your mail may not be delivered as expected or may be marked as spam. You can get help with mail delivery problems by going to Troubleshooting.
For more information on configuring SPF, DKIM, and DMARC, go to Avoid spam, spoofing, and phishing with Gmail authentication.
Yes, it's boring and nerdy text, but it will be necessary to double check that your sending domains are set up correctly in DNS before the deadline.
Yahoo Mail has similar plans in the works.
Microsoft free mail universe, with Hotmail, Outlook etc., have not announced any measures regarding certification yet.
If you have a system with a portal that forwards e-mails, e.g. a mail form that maintains the user's own email and sending domain, it will cause delivery problems, so remember that you can send "on behalf of" with your own domain if it has a correct DNS configuration.