If you have a Gmail or Yahoo account, you probably know how cluttered your inbox can get with unsolicited emails and other emails that are trying to defraud you. If you have ever thought to yourself, “Why can’t these companies do a better job blocking these fraudulent messages and make it easier for me to receive less unsolicited mail?” you are not alone.
The good news is that Google, Yahoo, and Apple are doing something about it, and things are about to change for the better for their email users. The bad news: If your company has not fully implemented email authentication measures, you have some work and not a lot of time to do it.
Starting February 2024, Gmail will require email authentication to be in place when sending messages to Gmail accounts. If you’re a bulk sender who sends more than 5,000 emails per day to Gmail accounts, you’ll have even more email authentication requirements to meet. You’ll also need to:
- Have a Domain-based Message Authentication, Reporting & Conformance (DMARC) policy in place
- Ensure Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) alignment
- Make it easy for recipients to unsubscribe (one-click unsubscribe)
You can access Google’s detailed Email Sender Guidelines here.
Yahoo has rolled out similar requirements. It will also require strong email authentication to be in place starting February 2024 to stem the flow of malicious messages and reduce the amount of low-value emails cluttering users’ inboxes.
Just 10 days after Google and Yahoo announced in October 2023, Apple released a best practice guide for iCloud mail. It highlighted many of the same email authentication requirements. While Apple did not set a hard date for publishing a DMARC policy, it recommends that bulk senders follow these best practices so their emails won't be considered junk mail and automatically blocked.
Are you prepared to meet these requirements? Here’s what you should know.
Google, Yahoo and Apple sender requirements at-a-glance
Requirement |
Apple |
Yahoo |
|
DMARC pass required (SPF or DKIM email authentication passes) |
Yes (<5,000 Msgs/day) |
Yes |
Yes |
DMARC pass required (SPF and DKIM email authentication passes) |
Yes (5,000+ Msgs/day) |
- |
Yes |
Ensure valid forward and reverse DNS PTR records |
Yes |
Yes |
Yes |
Spam rates reported in Postmaster Tools <0.3% (ideally, < 0.1%) |
Yes |
- |
Yes |
Message format adheres to email standards (RFC 5321 and 5322) |
Yes |
Yes |
Yes |
No provider domain Impersonation in FROM headers |
Yes |
Yes |
Yes |
TLS required for inbound email |
Yes |
- |
- |
Forwarded email requires ARC headers |
Yes (5,000+ Msgs/day) |
- |
- |
DMARC email authentication for your sending domains |
Yes (p=none DMARC) |
Yes |
Yes (p=none DMARC) |
From: header must be aligned with either the SPF domain or the DKIM domain |
Yes |
Yes |
Yes |
One-Click Unsubscribe for subscribed commercial/promotional messages (RFC 8058) |
Yes (June 1, 2024) |
Yes |
Yes (February 2024) |
Segregate email class types by |
Yes (by domain) |
Yes (by IP or domain) |
Yes (by IP or domain) |
Ensure SMTP tempfailure and rejection errors are adhered to |
Yes |
Yes |
Yes |
Key dates
Keep in mind these dates as these requirements roll out.
January 2024
Apple did not set a date for publishing a DMARC policy, but all other requirements were stated as ones that should be in place now. So, it’s best to assume this means immediately.
February 2024
This is Google and Yahoo’s initial deadline to meet new requirements.
Google provided further clarification about the February deadline after its initial announcement. It stated that bulk senders who don’t meet sender requirements will start getting SMTP protocol-level temporary errors (with error codes) on a small percentage of their non-compliant email traffic. These temporary errors help senders identify email traffic that doesn’t meet the new guidelines and start addressing their non-compliance.
April 2024
Google will start rejecting a percentage of non-compliant email traffic and will gradually increase the rejection rate. For example, if 75% of a sender’s traffic meets their requirements, they will start rejecting a percentage of the remaining 25% of traffic that isn’t compliant.
June 1, 2024
This is Google’s revised deadline for bulk senders to implement One-Click Unsubscribe in all commercial and promotional messages.
What happens if you miss the deadline?
If your company relies on email to communicate with your customers and you don’t implement email authentication, these changes will significantly impact the deliverability of your messages to customers with Gmail, Yahoo, and Apple iCloud accounts. If you send bulk emails to Gmail and Yahoo accounts and fail to have SPF and DKIM, or if you don’t have a DMARC policy implemented, these non-deliveries will have an even greater impact on your business.
Be skeptical of quick fixes
Be cautious about vendors claiming “one-click” implementations to quickly reach compliance.
These announcements caught many companies off guard, and now many are scrambling to catch up. As you research what it will take to meet the new requirements, you may come across claims of “one-click” solutions or solutions that can reach compliance quickly.
When it sounds too good to be true, it usually is. Properly aligning DMARC for your outbound email requires alterations to how your “From:” addresses are passed at the SMTP and email header level so that the domain in the from: addresses matches the domain in the DKIM key and the SPF domain. When these ‘sender addressing’ changes involve working with third-party or SaaS solutions that do not offer flexibility in their configuration, or that don’t support DKIM signing, things can get complex quickly.
BizCare can help
BizCare partners with industry leaders when it comes to email authentication. More Fortune 1000 Companies rely on BizCare's partners for DMARC than our next five closest competitors combined. We have the tools, resources, and experience to assess your status and help close the gap more effectively than you would if you tackled it independently.
Phone: 925-293-2222
Email: support@bizcare.com
Client Portal: www.support.bizcare.com
Website: www.bizcare.com/contact-us