Google and Yahoo, two of the world’s leading email service providers, have announced new requirements for bulk email senders. These requirements are designed to combat spam and malicious emails. This initiative aims to significantly reduce the amount of unwanted content reaching users’ inboxes, making a significant step forward in email security.
In their October 2023 announcement, Google highlighted the increasing complexity and urgency of current cyber threats, prompting the rollout of these new standards for bulk email senders – which are those sending over 5,000 emails daily to Gmail users. Yahoo was quick to align with Google, updating its own requirements for bulk senders.
Both Google and Yahoo pointed out that the improper setup of email systems by many bulk senders has allowed cybercriminals to bypass security measures undetected.
The core of the new requirements focuses on robust email authentication to verify sender identity, alongside simplifying the process for users to unsubscribe from unwanted emails, thereby keeping inboxes clean.
Key Requirements for Bulk Senders Include:
Email Authentication: Senders must ensure their emails pass both Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) checks, requiring updates to DNS settings to confirm sender identity and the authenticity of the email infrastructure used.
DMARC Compliance: It’s mandatory for the domains sending bulk emails to have a valid Domain-based Message Authentication, Reporting, and Conformance (DMARC) record. This enhances security by integrating with SPF and DKIM to prevent phishing and spoofing attacks.
Easy Unsubscription: Bulk senders must provide a straightforward, one-click process for recipients to opt-out of emails, with the system processing these requests within two days.
Spam Rate Threshold: Google introduced a groundbreaking spam threshold of below 0.3%, with Yahoo adopting a similar stance. This is aimed at improving email trustworthiness for users and maintaining sender reputation for bulk emailers.
Non-compliance with these requirements could result in emails being rejected or relegated to spam folders.
of cyber attacks start with an email
What if your business sends bulk emails?
Don’t worry, there’s still some time to adjust! The changes are being rolled out in stages:
February 2024: Monitoring begins, with potential impacts on non-compliant emails. This is your chance to identify and fix any issues.
April 2024: A portion of non-compliant emails will be rejected, increasing over time.
June 2024: All requirements become mandatory, including one-click unsubscribe.
Why These Changes Are Significant
These updates represent fundamental email security practices, many of which are already met by conscientious senders. They address critical vulnerabilities in the original design of email that cybercriminals exploit. Vulnerabilities such as impersonation and interception, by ensuring that only authenticated, legitimate emails reach inboxes.
Take Action Now!
By proactively meeting these new standards, you can safeguard your email reputation and deliverability, while also protecting your recipients from spam and phishing attacks. Remember: These changes are essential for a safer and more secure email experience for everyone. Let’s work together to keep our inboxes clean and our communication protected!