Gmail and Yahoo have decided to take the security of email communication one step forward. As one of the most widely used mailbox providers, both will tighten their rules for delivering bulk email messages from 1 February 2024. The goal is to reduce the volume of fraudulent messages such as phishing and spam in general.
It’s almost remarkable that both companies were able to agree on the basic principles that both will require. For the most part, these are rules that other mailbox providers, for example, have required before, but on several points this is a major breakthrough in the field of email security. What exactly is this about and what impact will it have on email marketing? Below you will find the most important changes that should be of interest to you. For a full list of changes, see the original sources below the article.
Domain Authentication
In addition to the previously checked authentication using SPF and DKIM records, a DMARC record will also be required.
Details about the DMARC record can be found in this article. In a nutshell, this is a sender domain protection mechanism that instructs mailbox provider servers how to handle inboxes that are not fully authenticated with SPF and DKIM records.
In practice, you can set your own policy on your domain about what the recipient’s server should do with such untrusted emails – this is called a DMARC policy
reject – do not deliver
none – do nothing
quarantine – put in the spam folder
However, Google and Yahoo are aware that most senders are not fully prepared to switch to a stricter policy straight away, as this would put at risk, for example, their corporate communications or transactional emails, which are often poorly secured. Therefore, for the time being, they will make do with the “none” policy, which, although it will have no impact at all on the handling of unsigned emails by other mailbox providers, will serve its purpose – the DMARC record will become public knowledge. So we can expect Gmail and others to start requiring stricter policies in the coming months. For now, however, it is important to have a DMARC record at all.
Easy unsubscribe
- The user must have a simple one-click option to unsubscribe from the newsletter. This puts an end to the complicated processes of replying to emails or calling the customer service line.
- One-click unsubscribe will be required, which is secured by a special header, and e.g. Gmail and other email clients can display an “Unsubscribe” button directly in the user interface.
The body of the email must also prominently display an unsubscribe link, which may lead to a special unsubscribe page.
