{"id":132875,"date":"2024-01-31T09:33:44","date_gmt":"2024-01-31T08:33:44","guid":{"rendered":"https:\/\/spotler.com\/?post_type=blog&#038;p=132875"},"modified":"2026-01-27T11:00:29","modified_gmt":"2026-01-27T10:00:29","slug":"yahoo-google-new-dmarc-requirements","status":"publish","type":"blog","link":"https:\/\/spotler.com\/en-gb\/blog\/yahoo-google-new-dmarc-requirements","title":{"rendered":"Under the skin of the Yahoo\/Gmail update: what you need to do and how to do it"},"content":{"rendered":"<p><strong>As marketers, we spend a lot of time thinking about the purpose of an email campaign, how it looks and what content to include. We don\u2019t necessarily think much about how it is getting into our customers\u2019 inboxes.<\/strong><\/p>\n<p><strong>So we asked Daniel Thorpe, Spotler Group\u2019s Head of Deliverability, to explain properly what the Gmail &amp; Yahoo updates of February 2024 mean, who can implement the requirements, and the steps they need to take.<\/strong><\/p>\n<p><a href=\"https:\/\/spotler.co.uk\/resources\/yahoo-gmail-updates-what-does-it-mean-for-your-sending\" target=\"_blank\" rel=\"noopener\">Watch the recorded session here<\/a>.<\/p>\n<h2 class=\"wp-block-heading\">Requirements Recap<\/h2>\n<p>Google: <a href=\"https:\/\/support.google.com\/a\/answer\/81126?hl=en\" target=\"_blank\" rel=\"noopener\">Google Workspace Admin Help<\/a><\/p>\n<p>Yahoo: <a href=\"https:\/\/senders.yahooinc.com\/best-practices\/\" target=\"_blank\" rel=\"noopener\">Yahoo Sender Hub<\/a><\/p>\n<p>Spotler already take care of most of the items in this list for our customers; you&#8217;ll just need to focus on the ones in italics.<\/p>\n<p>If you\u2019re using a different ESP, you&#8217;ll need to check how much rests with you to carry out.<\/p>\n<p><strong>All senders<\/strong><\/p>\n<ul class=\"wp-block-list\">\n<li>Set up SPF or DKIM email authentication for your domain.<\/li>\n<li>Ensure that sending domains or IPs have valid forward and reverse DNS records, also referred to as PTR records.<\/li>\n<li>Use a TLS connection for transmitting email.<\/li>\n<li><em>Keep spam rates reported in Postmaster Tools below 0.10% and avoid ever reaching a spam rate of 0.30% or higher. <\/em><\/li>\n<li>Format messages according to the Internet Message Format standard (RFC 5322).<\/li>\n<li>Don\u2019t impersonate Gmail From: headers. Gmail will begin using a DMARC \u201cquarantine\u201d enforcement policy, and impersonating Gmail From: headers might impact your email delivery.<\/li>\n<li>If you regularly forward email, including using mailing lists or inbound gateways, add ARC headers to outgoing email. ARC headers indicate the message was forwarded and identify you as the forwarder. Mailing list senders should also add a List-id: header, which specifies the mailing list, to outgoing messages.<\/li>\n<\/ul>\n<p><strong>If you send more than 5000 emails per day:<\/strong><\/p>\n<ul class=\"wp-block-list\">\n<li>Set up DMARC email authentication for your sending domain. Your DMARC enforcement policy can be set to \u201cnone\u201d.<\/li>\n<\/ul>\n<ul class=\"wp-block-list\">\n<li><em>For direct mail, the domain in the sender&#8217;s From: header must be aligned with either the SPF domain or the DKIM domain. This is required to pass DMARC alignment. <\/em><\/li>\n<\/ul>\n<ul class=\"wp-block-list\">\n<li>Marketing messages and subscribed messages must support one-click unsubscribe, and include a clearly visible unsubscribe link in the message body.<\/li>\n<\/ul>\n<p><strong>\u201cBetter to have it and not need, than need it and not have it\u201d<\/strong><\/p>\n<p>As these steps are being taken to crack down on spammy behaviour and illegitimate senders, it seems reasonable to think that they will be added to in the coming years or even months. So we believe that if you are currently sending any bulk mail, setting up DMARC now is still a smart move. Spotler clients have been encouraged to set up DMARC authentication for several years, regardless of how much sending they are doing. This not only leaves them free to concentrate on producing the highest-quality emails rather than fiddle about with technical compliance, it also sends a clear message to their audience that they take privacy and security seriously, and that they are proactive in following industry best practices.<\/p>\n<p>What do these updates need you to do?<\/p>\n<p><strong>One-click unsubscribe<\/strong><\/p>\n<p>This is not a function of your email design. It refers to a process between Gmail\/Yahoo and your ESP. The jargon you need to know is \u201cList-Unsubscribe\u201d or List-Unsubscribe-Post\u201d Header. The Mailbox Provider will use these headers to provide an unsubscribe link in the UI, to encourage users to unsubscribe safely if they don\u2019t want to engage with the email directly.&nbsp;<\/p>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/spotler.com\/wp-content\/uploads\/2024\/09\/0ne-click-unsubscribe-example.png\" alt=\"\" class=\"wp-image-79950\"\/><\/figure>\n<p>It also encourages the recipient to not complain and report the email as spam.&nbsp;Most Unsubscribe links that are included in email designs are two-click: clicking the link takes you to a preference centre where you click a button to Unsubscribe. But unfortunately, if recipients don\u2019t want to receive the email, they are very unlikely to use that unsubscribe. Instead, they are more likely going to report the email as spam.<\/p>\n<p>With Google and Yahoo focusing a lot on complaints and spam rates, an unsubscribe is a better outcome. This helps avoid the spam rate 0.1% and 0.3% thresholds.<\/p>\n<p>This particular requirement has actually been delayed until June 2024, as it requires development work from ESPs, which takes a while to test and deploy.<\/p>\n<p><strong>Google Postmasters<\/strong><\/p>\n<p><a href=\"http:\/\/gmail.com\/postmaster\" target=\"_blank\" rel=\"noopener\">Google Postmaster Tools<\/a><\/p>\n<p>This is a set of tools that show you various metrics for your delivery to Google.&nbsp;The 2 best graphs to pay attention to are \u201cUser-Reported Spam\u201d, where you\u2019ll see how close you are to the target of &lt;0.3%, and \u201cDomain reputation\u201d. Domain reputation is mostly for B2C senders at this point, as it measures how you perform when sending to @gmail, and @googlemail, but not GSuite (Google\u2019s business accounts). However, there is a belief among deliverability experts that this will be expanded, so it\u2019s worth familiarizing yourself with the tool now and benchmarking your current performance.<\/p>\n<p>Access to this data does depend on you sending enough volume to register, and if you have a good enough reputation. Google do not show any data for very bad senders because information can be used, and they don\u2019t want to give information to spammers.<\/p>\n<p><strong>DMARC<\/strong><br \/>DMARC stands for Domain-based Message Authentication, Reporting and Conformance. It lives on the <em>visible <\/em>From address that you use to send your campaigns.<\/p>\n<p>There are several different tools you can use to check whether you have a DMARC record set up, two popular ones are:<\/p>\n<ul class=\"wp-block-list\">\n<li>Dmarcly: <a href=\"https:\/\/dmarcly.com\/tools\/dmarc-checker\" target=\"_blank\" rel=\"noopener\">dmarcly.com\/tools\/dmarc-checker<\/a><\/li>\n<li>Dmarcian: <a href=\"https:\/\/dmarcian.com\/dmarc-inspector\" target=\"_blank\" rel=\"noopener\">dmarcian.com\/dmarc-inspector<\/a><\/li>\n<\/ul>\n<p>Whether you have a DMARC record, and whether it is doing what it needs to do are not exactly the same question, but in practice if you have a DMARC record it will be effective.<\/p>\n<p>If you don\u2019t already have a DMARC record, here\u2019s what you need to know.<\/p>\n<p>DMARC has 3 policy levels, which you should move through one at a time:<\/p>\n<ol class=\"wp-block-list\">\n<li>P=None (minimum requirement)<\/li>\n<li>P=Quarantine<\/li>\n<li>P=Reject (best)<\/li>\n<\/ol>\n<p>These are basically instructions to mailbox providers for how to handle emails from your domain which fail authentication.<\/p>\n<p>\u201cP=none\u201d means no further action is required automatically. \u201cP=reject\u201d means you are confident all email sent using your domain passes authentication, and an email which fails DMARC checking should be deleted. \u201cP=Quarantine\u201d is in the middle; the mailbox provider should quarantine the email so the recipient could still get to it.<\/p>\n<p>DMARC DNS records can also use a reporting address (rua and ruf) for where mailbox providers should send reports about your DMARC authentication.<\/p>\n<p>The idea with DMARC is that you should use the reporting feedback and start with a \u201cnone\u201d policy.&nbsp; You check the reports and make sure every email you send for your domain passes authentication, fixing any that fail.&nbsp; When you are confident that all your genuine mail passes, you move to the \u201cquarantine\u201d policy and monitor again. When you are confident everything still passes ok, you move to the \u201creject\u201d policy. If you are already 100% confident you could start with \u201creject\u201d straight away.<\/p>\n<p>An example DMARC record for a staged rollout with reporting would look something like:<\/p>\n<ul class=\"wp-block-list\">\n<li>v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com; ruf=mailto:dmarc@yourdomain.com<\/li>\n<li>v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com; ruf=mailto:dmarc@yourdomain.com<\/li>\n<li>v=DMARC1; p=reject; rua=mailto:dmarc@yourdomain.com; ruf=mailto:dmarc@yourdomain.com<\/li>\n<li>(optional) v=DMARC1; p=reject;<\/li>\n<\/ul>\n<p>Getting all this set up is complicated, and should be the responsibility of your DNS administrator.<\/p>\n<p><strong>Our Recommended Next Steps<\/strong><\/p>\n<p>Ensure Opt-Ins &#8211; Ensure you are emailing people who want to hear from you<\/p>\n<p>Test Subscribed Contacts &#8211; Periodically send messages to ensure subscribed contacts are engaging<\/p>\n<p>Avoid Spam Content &#8211; Links and attachments should be visible and easy to understand. Don\u2019t encourage contacts to click on links they don\u2019t understand<\/p>\n<p>Unsubscribe Contacts &#8211; Consider manually unsubscribing contacts who aren\u2019t interacting<\/p>\n<p>Readability &#8211; Keep spam score down with clear and engaging subject lines, and avoid misleading text<\/p>\n<h2 class=\"wp-block-heading\">Need more help?<\/h2>\n<p>If you\u2019re a Spotler customer, as much of this work as possible has been done for you already, as we challenge ourselves to stay ahead of industry best practices as much as possible. <a href=\"mailto:acccountmanagers:@spotler.co.uk?subject=DMARC;%20Yahoo%20&amp;%20Gmail%20updates\">Your account manager is the best person to contact<\/a> if you want further information and support to roll out these changes.<\/p>\n<p>Not using Spotler yet? <a href=\"https:\/\/spotler.co.uk\/demo\" target=\"_blank\" rel=\"noopener\">Let\u2019s talk about how we can help you<\/a> send better, more secure emails.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Spotler Group&#8217;s Head of Deliverability, Daniel Thorpe, shares the key details you need to know about Google and Yahoo&#8217;s new DMARC requirements.<\/p>\n","protected":false},"author":25,"featured_media":229417,"template":"","cat_industry":[],"cat_topic":[1636,766,1002],"class_list":["post-132875","blog","type-blog","status-publish","has-post-thumbnail","hentry","cat_topic-deliverability-en-gb","cat_topic-email-marketing-en-int","cat_topic-email-marketing-en-gb"],"acf":[],"_links":{"self":[{"href":"https:\/\/spotler.com\/en-gb\/wp-json\/wp\/v2\/blog\/132875","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/spotler.com\/en-gb\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/spotler.com\/en-gb\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/spotler.com\/en-gb\/wp-json\/wp\/v2\/users\/25"}],"version-history":[{"count":2,"href":"https:\/\/spotler.com\/en-gb\/wp-json\/wp\/v2\/blog\/132875\/revisions"}],"predecessor-version":[{"id":162903,"href":"https:\/\/spotler.com\/en-gb\/wp-json\/wp\/v2\/blog\/132875\/revisions\/162903"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/spotler.com\/en-gb\/wp-json\/wp\/v2\/media\/229417"}],"wp:attachment":[{"href":"https:\/\/spotler.com\/en-gb\/wp-json\/wp\/v2\/media?parent=132875"}],"wp:term":[{"taxonomy":"cat_industry","embeddable":true,"href":"https:\/\/spotler.com\/en-gb\/wp-json\/wp\/v2\/cat_industry?post=132875"},{"taxonomy":"cat_topic","embeddable":true,"href":"https:\/\/spotler.com\/en-gb\/wp-json\/wp\/v2\/cat_topic?post=132875"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}