Gmail and Yahoo: Guide to New Authentication Requirements

Starting from 1 February 2024, Gmail >> and Yahoo >> introduce stricter authentication policies for mass email senders (i.e., those who have ever sent more than 5000 emails in one day). These new requirements, aimed at protecting users from phishing, spam, and malware, force marketers to tighten up their security measures—if they want to keep sending emails to subscribers with @gmail.com and @yahoo.com addresses.

If you use a SALESmanago Email Marketing sender account, you will be classified as a mass (bulk) sender irrespective of the number of emails you send. While the new policies may require some adjustment on your part, there is no need to panic. Read this guide to learn about the scope of the new requirements and what you can do (or not do!) to meet them.


Contents

  1. Getting started
  2. Quick summary: New requirements for DNS settings
  3. Guide: New authentication requirements and how to meet them

1. Getting started

New security challenges and the volume of spam and malicious communications sent worldwide have led two large email clients, Gmail and Yahoo, to impose new requirements on bulk (mass) email senders. The requirements are likely to apply to SALESmanago customers who:

  • use a SALESmanago Email Marketing sender account, or
  • use an External (SMTP) sender account and send (regularly or occasionally) more than 5,000 emails a day.

Go to Menu → Channels → Email Marketing → Email Marketing Settings to view your existing sender accounts or create a new one.

The new protection measures introduced by Gmail and Yahoo are aimed at protecting email users from:

  • spam—unwanted emails,
  • phishing—a fraudulent practice in which emails pretend to be sent from legitimate companies or known contacts,
  • malware—malicious software attached to emails, designed to infect the recipient’s computer.

While compliance with the new policies will be enforced gradually, starting from February 2024, the best option is to prepare for the changes as soon as possible, to ensure that nothing prevents or limits your communication with your subscribers.

The new Gmail and Yahoo requirements can be summarized as follows:

  • Emails must be sent from the sender’s own domain.
  • The following protocols must be implemented for the sending domain: SPF, DKIM, DMARC.
  • The sender must have a low user-reported spam rate (for Gmail, this means a rate below 0.3%).
  • Email recipients must be able to easily unsubscribe.

While all these things are well-established best practices for email marketing, they now become compulsory if you want to keep sending emails to Gmail- and Yahoo-based inboxes.

Read this article to find out what you can do to be well-prepared and reduce the risk that the new policies will affect your deliverability and, consequently, your marketing reach.


2. Quick summary: New requirements for DNS settings

The table below sums up the DNS entries required by the new Gmail and Yahoo policies. Consult this table if you have the technical knowledge that allows you to quickly implement the required changes in your domain settings.

Remember to replace the details marked in green with your own data.

Protocol Name Type Value TTL
SPF example.com TXT v=spf1 include:_spf.jupiter.salesmanago.pl 3600
DKIM salesmanago._domainkey.example.com CNAME salesmanago._domainkey.smgrid.com 3600
salesmanago2._domainkey.example.com CNAME salesmanago2._domainkey.smgrid.com 3600
DMARC _dmarc.example.com TXT v=DMARC1; p=quarantine; rua=mailto:dmarcreports@example.com; ruf=mailto:dmarcreports@example.com; adkim=r; aspf=r; 3600
RECOMMENDED: Record for automatic DKIM verification by SALESmanago example.com TXT smv=clientId 3600

IMPORTANT: If you have an existing v=spf record, simply extend it with:

include:_spf.jupiter.salesmanago.pl

For instance, if your current entry is:

v=spf1 mx include:_spf.google.com -all

Change it to

v=spf1 mx include:_spf.google.com include:_spf.jupiter.salesmanago.pl -all

Note that flags, such as -all, must be placed after the newly added part.


3. Guide: New requirements and how to meet them

A. REQUIREMENT: Send emails from your own domain.

SOLUTION: The sender’s email address must be at your own domain, such as yourcompany.com, yourcompany.es, or yourcompany.com.de. Do not send emails from addresses ending with @gmail.com (for example, yourcompany@gmail.com) or @yahoo.com (for example, yourcompany@yahoo.com).

To ensure that your sender account is correctly configured, go to Menu → Channels → Email Marketing → Email Marketing Settings and review its settings. If you have more than one sender account, review all of them.

B. REQUIREMENT: Implement SPF, DKIM, and DMARC protocols for your domain.

SOLUTION: SPF, DKIM, and DMARC are email authentication protocols that serve the following functions:

  • SPF (Sender Policy Framework): Specifies the servers and domains that are authorized to send email on behalf of your organization.
  • DKIM (DomainKeys Identified Mail): Adds a digital signature to every outgoing message, which lets receiving servers verify the message actually came from your organization.
  • DMARC (Domain-based Message Authentication, Reporting, and Conformance): Lets you tell receiving servers what to do with outgoing messages from your organization that don’t pass SPF or DKIM.

Source: Google Help Center >>

To comply with the new requirements, make sure that you have all these protocols implemented for your domain. The SPF and DMARC protocols are added as TXT records, and DKIM is added as a CNAME record.

Our instructions can help you implement these protocols even if you have no technical knowledge. Additionally, we recommend adding a fifth record that will enable SALESmanago to automatically verify your DKIM configuration.

See instructions for configuring SPF, DKIM, and DMARC >>

C. REQUIREMENT: Keep your spam rate low (preferably below 0.3%).

SOLUTION: Follow the best practices for avoiding the spam folder.

In particular, follow these guidelines:

  • Obtain consent. Ensure that you send emails only to opt-in Contacts, i.e., Contacts who have agreed to receive your communications. To set the highest standards for your database hygiene, consider implementing the double opt-in (subscription confirmation) mechanism.
  • Respect unsubscribe requests. Make it easy for users to opt out and do not try to bypass their opt-out status.
  • Regularly clean your Contact database. Remove inactive subscribers and incorrect email addresses to maintain data hygiene.
  • Segment your Contacts. Tailor your content to different segments of your audience to increase relevance and engagement.
  • Provide high-quality email content. This way, you reduce the risk that your recipients will mark your emails as spam.
    • Test your emails. Even if you preview your email for different devices, make sure to test your emails and check whether they are displayed as intended on different devices and email clients. Verify the correctness of your subject line and all other content, including the general layout. Make sure that the data in the footer is up to date.
    • Personalize your emails. Use recipient names and personalized content to make emails more engaging and less spam-like.
    • Avoid spam triggers. Steer clear of language and formatting that are commonly flagged as spam, like excessive use of capital letters, exclamation marks, and spammy words.

D. REQUIREMENT: Make unsubscribing easy and respect the opt-out status.

SOLUTION: Make sure that the opt-out link is clearly visible in your email and that the unsubscription process is quick and simple. In particular, follow these guidelines:

  • Don’t require your Contacts to log into their account in your store to confirm their decision to unsubscribe.
  • Don’t make the unsubscription process lengthy and complicated, e.g., by including many steps that need to be completed.
  • Don’t use excessively long and complicated forms that need to be filled out before a Contact can unsubscribe.

The SALESmanago solution for the unsubscription process balances the ease of opting out and the need to collect data, and should be perfectly sufficient to meet the new authentication requirements, including the Gmail requirement that unsubscription requests must be processed within two days.

You can customize your unsubscribe pages in Menu → Channels → Email Marketing → Email Marketing Settings.

Finally, don’t send marketing communications to any opt-out Contacts. This is an illegal practice that is very likely to result in your emails being marked as spam.

If you need more information about the topic mentioned above, please contact us: support@salesmanago.com +1 800 960 0640