A guide to the new Google and Yahoo changes
If you're using EmailOctopus Connect, read this article to ensure you comply with Google's and Yahoo's changes.
Yahoo and Google recently announced some major changes to how they started to handle emails sent to them from February 2024 onwards. If you're unsure whether your sending practices are compliant, we’re here to break it down and explain how we’re making this process as pain-free as possible for all our users.
What are the changes?
Gmail and Yahoo have collectively announced that from 1st February 2024, they're introducing new requirements for “bulk senders”. These changes build on existing best practices, so many of them will be already in place, but there are a few new rules to note. We’ve summarised the changes below:
Make it easy to unsubscribe
- You must make it easy for your recipients to unsubscribe from your messages, including an unsubscribe link in each message.
- If you send more than 5,000 emails per day, your marketing/subscriber emails (i.e. those sent through an email marketing platform like EmailOctopus) must support one-click unsubscribe.
Make it clear the email is from you using authentication
- Set up SPF or DKIM email authentication for your domain. SPF and DKIM are records you add to your domain name system (DNS), proving to the recipient server that these are legitimate emails and not phishing.
- Don’t impersonate Gmail From: headers. Google will stop users from sending emails from a Gmail address, unless those emails originate from their own servers or through their own dashboard. They are doing this by introducing a DMARC quarantine enforcement policy.
- If you’re sending 5,000 or more emails per day, set up DMARC email authentication for your own sending domain. The DMARC enforcement policy can be set to none.
- Ensure that sending domains or IPs have valid forward and reverse DNS records and use a TLS connection for transmitting email.
Ensure that the email you send is wanted
- Keep spam rates reported by Google at less than 0.10% and avoid ever reaching a spam rate of 0.30% or higher.
What are EmailOctopus doing to help?
Here's a breakdown of the changes per category
EmailOctopus already provide a compliant one-click unsubscribe link. This can be seen in the headers (i.e. the code) of your email. We’ll continue supplying this, and no action is needed.
While the code is always there, the one-click unsubscribe link may not always show up in Google or Yahoo mailbox. The two platforms decide on a per-user basis whether to include it.
This section applies to EmailOctopus users. If you're using EmailOctopus Connect with Amazon SES, follow this guide to set up DKIM, SPF and DMARC for your domain.
If you have previously verified a domain within EmailOctopus, then DKIM and SPF will also have been set up at the same time. While this means you’re in a good position, assuming you send to fewer than 5,000 Gmail users per day, we think it’s important to future-proof your delivery. So from 8th January 2024, we began including the DMARC record when verifying a domain.
If you have verified your domain before 8th January 2024, we will soon be automatically checking your domain and its status, updating it with one of the following statuses:
A DMARC record already exists, giving you the confidence that your emails will be delivered. We won’t notify you if that’s the case – you can continue sending as usual.
This means DKIM and SPF for your domain exist, but DMARC doesn’t. We will provide you with a DMARC record for you to add to your DNS, which we strongly recommend.
The domain no longer has DKIM, SPF or DMARC. You’ll need to re-verify the domain by adding the records we generated for you to your DNS.
If you don’t own a domain or cannot verify it
We appreciate not everybody can verify their domain or even owns a domain. If you fall in this category, we are making changes so you can continue to use EmailOctopus.
If you send from an email address which belongs to a domain where DMARC isn’t enabled, you’ll continue to send exactly as you do now. You’ll create a campaign, provide the from email address, and we’ll send it as if we were you.
You may run into some delivery issues if you send high volumes of emails (i.e. over 10,000 emails per day), so we’d always recommend verifying your domain if you can.
If you send from a Gmail address or any other email address belonging to a domain where DMARC is set to Reject/Quarantine, we’ll make some changes to ensure your emails are delivered. From your side you’ll continue to send exactly as you do now. You’ll create a campaign and provide the from email address, but when it comes to the sending process, we’ll make an automatic change so the email goes out from one of our fully verified domains.
if you send from firstname.lastname@example.org while theoctopus.com has a DMARC policy set to Reject or Quarantine and you haven't verified theoctopus.com with EmailOctopus, we’ll rewrite it to be: email@example.com
This means your recipients will still see an email address which looks like your own and if they reply to the email it’ll go directly to your own mailbox.
If you don’t want your sender email to change like this, you can always send from another domain without DMARC enabled. Or, if you can, verify your domain.
All our servers have valid forward and reverse DNS records and use a TLS connection for transmitting emails as required by Yahoo and Google.
We continue to monitor all accounts for spam complaints and share this within your Dashboard. Keep in mind that the Complaint data in the EmailOctopus dashboard does not include complaints from Google-based accounts, as they do not share this data with us. That said, the figures displayed in your reports will give you a good general indication as to how your emails are being received.
We recommend regularly pruning your list and removing inactive contacts to reduce the likelihood of spam complaints. You can learn more about it here.