Inbox providers like Gmail and Yahoo! face a daily battle to protect their users’ inboxes. As Marcel Becker, Sr Director of Product Management at Yahoo!, says, “A key mission of Yahoo is to deliver messages that consumers want to receive and filter out the messages they don’t.”
Spammers and other bad actors are going nowhere.
In a new effort to further protect their users’ inboxes, both Gmail and Yahoo! introduced a new set of requirements senders must meet by February 2024 in order for mail to be delivered as expected to their subscribers. If a sender does not meet the requirements by February 2024, they will start to see temporary errors occurring on a small percentage of their non-compliant mail to Google recipients. In April 2024, a small percentage of the mail will be rejected and that percentage will gradually increase over time. The requirement for senders to implement one click unsubscribe will not be enforced until June 2024
Google provided an example in their blog post: If 75% of a sender’s traffic meets our requirements, we’ll start rejecting a percentage of the remaining 25% of traffic that isn’t compliant.
There’s no need to panic though. If you’re using Eazyvoice, you’re probably already following a lot of these requirements.
• If you’re sending messages to anyone using a Yahoo, Gmail, Googlemail, or Google Workspace address, you’ll need to follow these requirements.
• If you’re sending more than 5,000 emails within a 24-hour period, you’ll have to follow a couple of extra bulk sender requirements. We’ll point out which ones in the list below.
This new update helps Gmail and Yahoo! keep spammers and malicious messages from getting through to their users’ inboxes. As such, all of these new requirements have to do with email security.
By checking these boxes, you can increase your chances of landing your emails in the inbox (AKA improving your email deliverability). So let’s get going!
SPF and DKIM are two identity authentication requirements. Authenticating your domain using SPF and DKIM proves you are who you say you are, and that the emails you are sending belong to your domain. This protects you from spoofing, or people pretending to be you.
SPF tells the receiver which IP addresses are associated with the sender’s domain and therefore allowed to send email.
DKIM is an encrypted signature of your message. This tells the receiver that the content of the email hasn’t changed while sending it. It also confirms that the email is from your domain.
What to do:
Most email senders use their email service provider’s (ESP) shared IP address and don’t need to set up SPF. With Eazyvoice, only clients who use a dedicated IP address need to set up SPF authentication. Eazyvoice manages the shared IP addresses’ sender reputation.
You do need to follow Eazyvoice’s anti-spam policy though to help you avoid accidental spammy practices. Otherwise, you run the risk of having your email-sending capabilities suspended.
All Eazyvoice users need to set up DKIM authentication because it relates to your domain and the content of your messages.
Further reading: Understanding Email Authentication Protocols: SPF, DKIM, and DMARC
After setting up SPF and DKIM authentication, you’ll need to follow up with DMARC policy.
DMARC authentication tells mailbox providers what to do with an email that fails SPF and DKIM checks, but claims to be from your domain (which could be a case of spoofing, or someone pretending to send mail from your domain).
Your DMARC policy (p) instructions can tell receiving inboxes what to do in this scenario.
None: Receiving inbox does nothing
Quarantine: Receiving inbox puts the message in the spam folder
Reject: Your message is not delivered and produces a soft bounce
What do to: Your domain must have a DMARC record.
The simplest DMARC record you can use is “v=DMARC1; p=none”, but it’s not the most secure.
These instructions tell Gmail that if your emails fail the SPF and DKIM identity checks, they will still be sent to the recipient’s inbox.
This also means that if someone fakes your email address, for example, and tries to send malicious messages, these messages will still go through to the recipient’s inbox.
However, since you now have DMARC records, you can track who sent the emails from your domain.
If someone fakes your identity, fails SPF and DKIM checks, and tries to send spam, setting your DMARC policy to “p=reject” will stop those emails from being delivered.
Eazyvoice users:
You’ll need to set this up by February 2024. Learn more about DMARC authentication from our Help Center to get you started.
If you have a p=none policy on your DMARC record, you also need a rua tag on your DMARC to allow receiving DMARC reports.
Also known as PTR records, reverse DNS (rDNS) records confirm that your domain is associated with your IP address. When you send emails, the receiving inbox provider (Yahoo!/Google) looks at this record to verify that the IP address sending the email matches the domain.
What to do: If you’re using Eazyvoice’s shared IP address, nothing. This is already done and you don’t need to worry.
If you set up a dedicated IP address with Eazyvoice, you’ve already done this as part of the setup.
Further reading: Learn how to set up a dedicated IP address.