Gmail and Yahoo have rolled out some major changes to email-sending rules as a direct response to the sudden rise in spam and phishing attacks.

The changes aim to boost security and make it harder for others to “spoof” (read: impersonate) and/or damage your brand.

If you’re sending more than 5,000 daily emails to Gmail and Yahoo users, it’s time for some updates to your email marketing system settings. Making these changes will help to safeguard your brand, meet the new requirements, and make sure your emails land in your recipients’ inboxes instead of spam folders. This policy went into effect on February 1, 2024. But it’s not too late to make sure your email-sending settings are up-to-date in compliance with the new requirements.

Even if you’re not hitting that 5,000-email mark daily, it’s still important for you to get on board with these new requirements. Why? It helps protect you from bad actors pretending to be your organization and running digital scams with what appears to be your brand domain.  This could obviously do serious harm to your brand and business and you can substantially reduce the risk by making a couple of small updates to your email configuration. Plus, making the changes to your configuration now will enhance your overall email deliverability.

Not making these small changes could put your brand in the crosshairs of hackers pretending to be you, and might impact your ability to send mass emails to Gmail or Yahoo users (including businesses that use Google Workspace).

Here are the key changes you need to make now to keep your brand protected and to ensure your recipients can trust the messages they receive from your organization:

• Authenticate Your Emails:

• • • Implement Sender Policy Framework (SPF): SPF is an email authentication system that aids in identifying which mail servers are allowed to deliver emails for a specific domain to prevent email spoofing attacks.
    • Use DomainKeys Identified Mail (DKIM): DKIM uses digital signatures to validate the From: address and the content of the message to ensure that they remain unaltered during transit.
    • Set up Domain-based Message Authentication, Reporting, and Conformance (DMARC). DMARC aligns SPF and DKIM protocols, offering guidance on how to manage emails that fail authentication. Emails lacking authentication may be designated as spam, rejected, or placed in quarantine.

• Make it Easy to Opt-Out:

• • • Provide a one-click unsubscribe option for Gmail and Yahoo recipients.
    • Google and Yahoo require that mass senders remove unsubscribed contacts within two days so honor unsubscribe requests within 48 hours

• Maintain Low Spam Complaint Rate:

• • Keep your spam complaint rate below 0.3% (preferably 0.1% or one report for every 1,000 emails.)
  • To keep a low spam report rate ensure all contacts have opted in, include an unsubscribe link, promptly remove unsubscribed contacts within 48 hours of the request, and adjust your sending frequency if necessary.

No matter how big or small your email list is, failing to jump on board with these new rules could leave your company vulnerable to bad actors, causing serious damage that goes way beyond just not being able to send emails or newsletters to Gmail or Yahoo users.

For a deep dive into Gmail’s requirements, click here, and for Yahoo’s rules, check here. Making these changes isn’t just about email security; it’s about safeguarding your brand’s reputation and protecting your business.