How to prepare for Google’s email authentication requirements
Last updated: October 7, 2024
Google recently announced a series of major changes in how it handles email in order to cut down on spam and keep inboxes safe.
Starting February 2024, Google says that it will require the following for any domain sending 5,000 or more emails per day:
- Authenticate outgoing email. To cut down on cyberattacks and phishing, Google will require all bulk senders to authenticate their domains following a set of documented best practices by February 2024. Messages that aren’t authenticated will be rejected or marked as spam.
- Avoid sending unwanted and unsolicited email. Google will tighten enforcement of its current spam threshold of 0.3%. Senders exceeding this number may not get their emails delivered.
- Make it easy to unsubscribe. Bulk senders will need to offer a one-click unsubscribe button in their messages and process unsubscribes within two days.
Other providers are following Google’s example: Yahoo recently announced its own similar requirements, which will also take effect in February 2024.
Stay ahead and read our Q3 2024 email engagement report to uncover trends & best practices for success:
These changes are set to impact virtually anyone with a medium-sized marketing list, from marketers and publishers to standalone creators with a Substack. Fail to meet these requirements and you could lose access to your audience’s inboxes.
Sounds scary. But really, Google and Yahoo are just reinforcing standard best practices. If you were violating these before, your deliverability was likely already suffering. Now the punishment will be more severe. If you’re following best practices, and taking advantage of Omeda’s email marketing and deliverability resources, you should be in good shape.
But if you need to catch up, don’t worry. You’ve got time to get your domain ready.
In this post, we’re breaking down Google and Yahoo’s new sending requirements and helping you prepare your list for each one.
Google and Yahoo’s new sending requirements: how to prepare
1. Meet Google and Yahoo’s authentication requirements
Authentication verifies that your emails are coming from you, which has a lot of important benefits from both you and your subscribers. This includes:
- Protecting your recipients from malicious messages, such as spoofing and phishing messages.
- Preventing you and your organization from being impersonated.
- Lowering the chances that your messages are rejected or marked as spam by Gmail.
According to Google and Yahoo’s new sending guidelines, bulk senders will need to verify that their email sending platform can follow the requirements listed below. (For the record, Omeda’s email and marketing automation platform provides all of the below for clients. So if you’re an Omeda client, you’re already prepared.)
Make sure you’re caught up on the full authentication requirements below:
- Set up SPF or DKIM email authentication for your domains. If you’re an Omeda customer, these have already been built into your domain (and when you join Omeda, our Customer Success team will guide you through setting this up). But if you’re just getting started, you might be wondering what these authentication methods are and why they matter so much. So here’s a quick rundown of the different types of domain authentication — and how they protect your deliverability:
SPF domain authentication: SPF (Sender Policy Framework) authentication is an email authentication standard that helps you verify your identity as a sender.This protects your recipients from spam, spoof and phishing. Adding an SPF record to your domain naming system (DNS) gives your recipients a public list of senders that are approved to send email from your domain. When you send an email, receiving mail servers will make sure that your message originates from a server that’s on your list. If it doesn’t, the receiving server will consider it a fake and block the email. (Learn how to set up SPF authentication on your domain here.)
DKIM domain authentication: Like SPF, DKIM (DomainKeys Identified Mail) authentication also protects you and your recipient against malicious emails sent by impersonators pretending to be your brand. This protocol uses a unique digital signature to verify that your email is coming from you and has not been changed in transit. Receiving servers will check your email’s digital signature against your DKIM signature to confirm that the email’s coming from the authorized sender. (Learn how to set up DKIM authentication on your domain here.) - Set up DMARC email authentication for your domains: DKIM is necessary, but not sufficient, for preventing spoof and phishing attacks. That’s because non-technical users can’t see your DKIM signatures and worse, hackers can steal your domain’s DKIM signatures. That’s where DMARC comes in. DMARC (Domain-based Message Authentication Reporting and Compliance) adds another layer of security to the SPF and DKIM protocols. DMARC ensures that the “from” address shown in inboxes matches the sender’s IP address to prevent spoofing and phishing. Combined with SPF and DKIM, DMARC can greatly reduce your exposure to these kinds of attacks. (Learn how to set up DMARC authentication here.)
- Ensure that sending domains or IPs have valid forward and reverse DNS records. DNS servers publish important information about the sending domain, such as SPF authentication and Sender ID records.
- Stop impersonating Gmail From: headers. Attackers often forge the headers of emails to impersonate legitimate senders and trick recipients into revealing sensitive information. Here’s an example from Hook Security:
The sender, pretending to be project management software Monday.com, is asking the recipient to join a shared project, where they’ll be most likely be prompted to share sensitive documents. However, pay attention to the header. The sending email address does not match Monday.com — a sign that this email is fake. To prevent this, Gmail will begin using a DMARC quarantine enforcement policy, and impersonating Gmail From: headers might impact your email delivery. - For direct mail, the domain in the sender’s From: header must match the SPF domain or the DKIM domain. This is required to pass DMARC alignment.
- Add ARC headers to outgoing forwarded emails. These headers indicate the message was forwarded and identify your domain as the forwarder. Mailing list senders should also add a List-id: header, which specifies the mailing list, to outgoing messages.
If you fail to meet these requirements, your emails will bounce.
Get ready for the new requirements
Verify that your email service provider offers SPF, DKIM and DMARC authentication, as well as valid DNS servers. If your domain’s not authenticated, set up all three as soon as possible using these instructions.
For more Omeda-specific information, consult our knowledge base or contact your Client Success Manager.
2. Reduce unwanted and unsolicited emails
If you’re already struggling to connect with your audience, Google’s spam threshold of 0.3% might seem intimidating. (Note: Yahoo announced that it will impose a spam threshold, but did not give a specific number.)
But some context is important here:
- Getting a 0.3% spam rate once won’t get your domain blacklisted. Google says that the spam threshold will apply to emails sent within a range of “one day to one year.” So it’s more likely that Google will punish domains that regularly exceed that 0.3% limit over the course of weeks or months, rather than one-time offenders.
- Google’s 0.3% spam threshold isn’t new. They will just enforce it more closely starting in February 2024.
- This requirement is actually more lenient than Omeda’s recommended spam threshold of 0.1%. So if you’re an Omeda customer, and you’re following our practices on deliverability, you’re unlikely to have any issues.
But maximizing engagement and minimizing spam is never a bad idea. There are two ways to reduce complaints on your domain, both of which you’ll need to nail in order to meet Google and Yahoo’s new requirements.
- Keep inactive, invalid and unengaged subscribers off your list.
- Create useful, relevant and engaging content for your audience.
With solid list hygiene, audience insights and personalization, you can spark engagement and keep your spam rates low. Here’s how to do it:
Get ready for the new requirements
Reduce spam rates with these tips:
Don’t message anyone without their permission. And definitely don’t buy email lists!
Warm up your domain. Large spikes in sending volume trigger spam filters and result in deliverability issues. So if you’re just getting started, increase your sending volume gradually (this is also called warming up your domain). This allows you to build your sending reputation over time, rather than making one overly aggressive move that backfires. Want more info on how to warm up your domain? Consult Google’s bulk sending guidelines (navigate to “Increase sending volume slowly.”)
Clean your lists regularly. Clean your lists monthly or quarterly at minimum. Remove any invalid or misspelled email addresses from your list, as well as anyone that hasn’t engaged recently.
Encourage subscribers to add you as a safe sender. Sometimes, your subscribers don’t engage because your emails are being sent to their promotions folders (or spam!). Avoid this by encouraging new subscribers to add you as a contact or to drag your messages out of their secondary folders. This tells their inbox service provider to keep sending your emails to their main inboxes, so they’ll regularly see your emails and stay engaged. (Learn more about improving your inbox placement here!)
Identify and suppress unengaged subscribers. Nobody means to spam their list. But when you’ve got thousands of contacts to manage, it’s impossible to stay on top of everyone’s needs manually. So how can you know who’s interested and who’s one unwanted email away from hitting spam? Use your email service provider’s fatigue filters and segmentation capabilities to isolate your target and unengaged audiences.
With Omeda’s List Fatigue calendar, clients can search their database for recipients who have, or will receive, a certain number of deployments within a select date range, then suppress them from upcoming emails.
Another option: Search your audience for the number of engagements within a specified date range. Then exclude anyone below a set number from your next email. This way, you can send with confidence, knowing that you’re not spamming your audience with too many messages.
Moderate your sending volume with fatigue filters. Say that you’re running a weekly 4-email welcome series for your new subscribers, but Bill is already subscribed to two of your weekly newsletters.
You need Bill to have all the necessary onboarding information, but you don’t want to overwhelm him, either. In this case, you might use a fatigue filter to temporarily stop sending a newsletter to Bill until the welcome series ends.
On Omeda, you can use the fatigue filter to pause sending to recipients that have already gotten a certain number of emails from you within a specific time period (for example, anyone that got 3 emails in the last week will not receive the next email in the series until next week.) This way, you can space out your communications according to each individual’s needs without manually configuring the sending cadence for each one.
Run re-engagement campaigns to win back lapsed subscribers. Leaving inactive subscribers on your list hurts your numbers and opens you up to spam complaints. Prevent deliverability issues by running re-engagement campaigns on your audience at least once per quarter, if not more. At the end of the campaign, remove any users that haven’t engaged with any emails. Your subscriber numbers might suffer in the short term, but you’ll benefit from reduced spam complaints and better deliverability in the long run.
Review your reports. Track your email reports for any spikes in unsubscribes or complaints, especially from Gmail and Yahoo. That’s your first sign that your audience is starting to lose interest. And if you’re an Omeda user, check your Total Emails Sent report to see how many emails your subscribers are receiving. For more specificity, you can segment this based on rate based on the date range, deployment type (newsletters v. promotions or ads), and domain. Also check out your Spam Score — a score over 5 indicates that you’re having spam issues.
Ground your content strategy in audience data. Think about the times you’ve hit “spam” on a sender. It’s usually because they were sending you way too many messages selling themselves without giving you any value in return.
Catchy copy and snappy subject lines won’t save you if you’re not giving your audience what they want. Instead, base your content strategy on your audience’s observable interests, needs and preferences.
Some places to start:
1. Conduct audience research. Dive into your audience data to uncover their engagement history and generate your ideal subscriber profile. This alone can kickstart your content strategy.
But if your audience data is spread across different solutions, this is usually easier said than done. You may need to manually transfer data to your system of record, unify everyone’s data into one profile, delete dupes, etc., all before accessing someone’s record.
A customer data platform will streamline this process immensely. These platforms take in audience data from every source according to automated workflows, validate it, clear it of duplicates, and create a single profile for each audience member. (No manual transfers required!). This gives you the most current, complete view of each subscriber — so you can create the best strategy possible.
2. Use your website analytics solution to see which topics and writers attract the most interest. Also see what paths take upon landing on your website, then plan your content around those topics.
3. Review your email reports to see which links have generated the most clicks. If you use Omeda, you can also see which links yield the most webite traffic, giving you a clear picture of which content generates the most traffic and conversions to your site.
You can also see which users have clicked which link and, because Omeda’s email provider is connected to a CDP, that data is automatically added to their system of record. This gives you a blueprint for engaging each person on your list — just what you need to avoid the spam button.
4. Segment your audience. A one-size-fits-all strategy guarantees that a good chunk of your list won’t find a particular email relevant. Before long, that will yield spam complaints. Instead, segment your audience to make sure everyone’s getting content geared to their needs. Besides demographic factors, you can also segment your audience based on their:
Interaction with your content: The best indicator of someone’s future interest is their past interest. So segmenting your audience by interest is a really actionable and effective way to improve your content strategy. For example, on Omeda, you can identify people who have engaged in specific behaviors during a certain time period and create segments for each.
This includes website visits, webinar and event registrations, eBooks downloads, ad clicks and more.
Purchase history: Give your audience offers and promotions based on subscriptions or purchases they’ve made in the past
Engagement level: In the previous section, we stressed the importance of removing inactive subscribers from your list. But what about passive subscribers? They might read your newsletter once a week, but get annoyed by your daily sends. So how can you keep them on your list without triggering a spam complaint?
Segment your list by engagement level. This way, you can stagger your outreach based on someone’s level of participation and prevent spam complaints. In Omeda, you can query your audience by their most recent engagement date; number of engagements; or any combination of frequency, intensity and momentum scores to determine someone’s engagement level, then add them to an appropriate segment.
5. Use dynamic content in your emails: Despite its benefits, segmentation still targets outreach based on shared characteristics, not individual behaviors and preferences. That’s where dynamic content comes in: Each recipient gets email content based on their unique engagement and purchase history. Personalization is your best protection against spam complaints, so double down on dynamic content going forward
6. Find the right sending cadence. Over-message your audience and you’ll get spam complaints fast. Unfortunately, finding the right sending schedule takes a little experimentation: Start by reviewing your email reports to determine what days of the week, times and frequencies generate the most responses. From there, test out different options to see what works best for your audience.
(Want more help? Check out our framework on finding the right send time and day of week for your audience.)
Also consider allowing your audience to select their preferred frequency during subscription sign-up. The more control your audience has over how they receive your content, the less likely they are to hit spam.
3. Make it easy to unsubscribe
Finally, Google and Yahoo will require that large senders allow recipients to easily opt out from emails via list-unsubscribe — and that they process requests within two days.
Spoiler alert: If you’re an Omeda client, you’re not going to be impacted by this requirement.
Here’s why: There are three ways to unsubscribe from a list in Gmail. One of these is via the “unsubscribe” link located in the email header of the message within Gmail or Yahoo (this is also called “list-unsubscribe”).
In the pop-up that appears, the recipient confirms their unsubscribe.
Right now, Google and Yahoo say that the list-unsubscribe method is acceptable under their new requirements.
Omeda places “unsubscribe” header links in every email on behalf of our clients. So if you’re an Omeda client, you’re covered. Unsubscribes are automatically registered in real time, so you’ll stay in compliance with the new 2-day processing time requirement as well.
Some other ways to prepare:
- Confirm each user’s email address before subscribing them.
- On your preference pages, clearly state your list’s unsubscribe options.
- Let recipients review the individual mailing lists they’re subscribed to. Let them unsubscribe from lists individually, or all lists at once.
- Google recommends automatically unsubscribing anyone who bounces multiple times. (Omeda clients have bounce thresholds that can be set at a soft and hard bounce level. Once those bounce counters are hit, we automatically flag that email address as invalid.)
- Consider using a customer data platform so that unsubscribe requests are automatically added to the person’s system of record and made available to your email team. This way, you can process unsubscribe requests more quickly and easily apply them across your entire database.
How Omeda helps you protect your deliverability
Google and Yahoo’s newest requirements have raised the standard for email marketers. To reach inboxes, you can’t just stay away from spam trigger words and hope for the best.
Every piece of your email strategy needs to elevate your sending reputation, from your data quality and list health to your content strategy, personalization efforts and unsubscribe process.
That’s a lot of moving pieces to manage — all before you actually get in front of your audience.
Omeda’s here to help. We’re built specifically to help media companies grow, engage and activate their audiences — and helping you stay in their inboxes is a vital part of that.
Here’s how we do it:
Email and marketing automation connected to the rest of your database
Omeda’s audience marketing solution connects an email and marketing automation tool with a native customer data platform. This has a lot of important benefits for email marketers, including:
Maximize your data quality. Omeda doesn’t actually clean your data for you. But its integrated database makes it easier to avoid the common mistakes that dirty your data, and in turn, leave a ton of inactive or incomplete accounts on your list.
Omeda’s customer data platform takes in audience data from every touchpoint and centralizes it in one database. This prevents different teams from adopting different labeling and naming standards that you’ll have to standardize later on. That, in turn, keeps misspelled or duplicate accounts from dragging down your deliverability numbers.
Omeda also checks every incoming record against your existing database for potential duplicates. It’ll flag possible dupes, then allow you to merge the profiles or keep them separate. So if your event tool records Suzy’s attendance at a conference, and your email service provider tracks her email clicks, that activity isn’t split between two tools. Rather, everyone on your team can see her activity in one place — and use it to serve her more relevant messaging.
Use our AtData (fka FreshAddress) integration to verify that every account on your list is accurate and current.
Strengthen your content strategy and engagement with a single audience view. An integrated database gives everyone on your team a single view of your audience. And with one search, they can create segments based on the most complete, current and predictive data.
So if you’re emailing recent event attendees, for example, you don’t need to download your attendee list from your event management tool, upload it to your email builder, standardize the formatting and labels, and remove duplicates, before launching.
Personalize your marketing at scale — and prevent spam complaints with ease.
Stay on top of unsubscribes and opt-outs. Someone might unsubscribe from your email list on Monday. But if you can’t access their data and add them to your opt-out list quickly enough, they might still get your next weekly newsletter. It’s an innocent mistake, but it still makes you look spammy.
Avoid this situation with an integrated database: Unsubscribes and opt-outs are automatically applied to all channels, so you can easily stay in compliance with Google’s 2-day unsubscribe rule, as well as the GDPR and other data privacy regulations.
Create more responsive campaigns. Sometimes, unengaged subscribers don’t want to be removed from your list entirely. They just need some space. Reduce list fatigue and increase long-term engagement with Omeda’s campaign planning tools, including fatigue filters and list fatigue calendars.
See what moves the needle with Omeda’s comprehensive reporting. Besides opens and clicks, you can track bounce and deliverability rates, click bot activity, opens by device, total emails sent, individual link and performance, conversions to tracked web pages and much more. You can also analyze someone’s engagement over a period of time, or track click activity when content is multi-purposed over multiple deployments. Easily identify success factors, eliminate weak links and replicate over time.
Daily deliverability tracking. Who’s got time to monitor their deliverability when they’re busy building campaigns and writing copy? That’s why we offer a dedicated deliverability team. They monitor your deployments to flag issues before they impact your inbox placement.
And if you do experience deliverability issues? They work on your behalf to resolve those problems with the ISPs and blocklists that they are able to. This includes, but isn’t limited to, ISP blocks, blocks due to listing services, and temporary deferrals.
Subscribe to our newsletter
Sign up to get our latest articles sent directly to your inbox.
What you should do now
- Schedule a Demo to see how Omeda can help your team.
- Read more Marketing Technology articles in our blog.
- If you know someone who’d enjoy this article, share it with them via Facebook, Twitter, LinkedIn, or email.