Your 2024 guide to Google & Yahooâs new requirements for email senders
Google and Yahoo are turning what was once considered best practices for email authentication into mandatory requirementsâand senders who donât comply with the new requirements will start to see issues getting their emails delivered in 2024. If you want to make sure your emails keep making it to the inbox, follow these 5 steps.
Since the announcement in October, 2023, the email industry has been buzzing about these collaborative announcements from Google and Yahoo. These two receivers have agreed it's time to start enforcing new rules to help protect recipients from unwanted emails.
Why Google and Yahoo are changing the rules for email senders #
Properly authenticating your emails has always been a best practice, but not all senders are using the tools available to protect their emails. And thatâs a major problem: If senders donât properly authenticate their emails, theyâre making it incredibly easy for bad actors to impersonate domains and to send phishingâand that will damage your sending reputation.
Gmail and Yahoo are on a mission to protect their users from spam and unwanted emails, but if senders fail to properly secure their systems and leave the door for exploitation wide open, that job is a whole lot harder. Thatâs why Gmail and Yahoo decided that proper email authentication and following deliverability best practices are no longer a nice-to-have. If you want to ensure your emails continue to make it to the inbox, youâll have to comply with key best practices for email authentication and spam prevention. According to the inbox providers, that means:
Authenticating your emails using DKIM, SPF, and DMARC.
We'll show you how to do that.Reducing spam and maintaining a spam complaint rate under 0.3%.
Here's how you can keep an eye on that.Allowing people to unsubscribe by clicking just one link, and honor unsubscribes within two days.
Postmark handles unsubscribes for Broadcast messages for you so you don't have to worry about that.RFC 5322 compliance, PTR records, rDNS
Postmark has you covered here.Making sure your sending server IP addresses have valid reverse DNS records.
Postmark has you covered here.Use a TLS connection for transmitting email.
Out of the box, Postmark supports opportunistic TLS for all outbound email, ensuring messages are encrypted in transit.
Our take: These changes matter for every email sender #
Gmail and Yahooâs new requirements primarily target large bulk senders, and if youâre diving into their requirements in detail, youâll see that some of them will only apply to high-volume senders who send more than 5,000 emails a day. If youâre a smaller sender or only send transactional email, youâre less likely to be impacted by the changesâbut that doesnât mean you can ignore them.
Whatâs required for large senders today will likely become a requirement for all senders in the future. Plus, operating in the âbarely compliantâ zone, hoping the authorities donât look at you too closely because youâre a small fish is rarely a good strategy. We believe this isnât just true when you do your taxes, but for sending email, too.
So whether you send one email or a few million, protecting your domains, avoiding spam, and following deliverability best practices is the key to keeping your subscribers safe and your email program healthy.
Get ready for the Gmail and Yahoo changes in 5 steps #
If youâre a Postmark customer, here are the top 5 steps we recommend you take now to make sure your emails keep making it to Google and Yahoo inboxes in 2024:
1. Understand what domains you use for email sending today (and whether theyâre already authenticated) #
Before you can start sending email with Postmark, we ensure you own the mailboxes you want to send from. You can either validate a single email address (i.e. we just send you a confirmation link via email that you need to click on), or you can validate an entire domain by making some tweaks to your DNS records.
The first option is simpler, but as Gmail and Yahoo tighten their requirements, we encourage you to fully authenticate your sending domains.
Head over to the Sender Signatures tab in your Postmark account to see what email addresses and domains are set up in your Postmark accountâand to see the status of each domain.
If youâve only verified individual email addresses, youâll see that you still need to take action to properly authenticate your domain:

Click on the DNS settings for a more detailed overview of your domainâs status. If you see a row of green check marks here, your domain is properly authenticated (and you can jump ahead to task #4). If your domain details look like this though, youâll want to take action to properly authenticate your sending domain:

2. Authenticate your mail with custom DKIM #
DKIM (DomainKeys Identified Mail) is an email authentication method that confirms your legitimacy and trustworthiness as a sender and verifies that the messages were not altered in transit. Going forward, Yahoo! and Gmail will require all email to be DKIM signed, so if you havenât already, now is the time to implement your custom DKIM signature.
This custom DKIM setup will require you (or whoever manages your domain) to add a TXT record to your domainâs DNS. We show you what values you should include when you visit your domainâs DNS setting in Postmark:

For step-by-step instructions on how to validate your domain using DKIM, check out our support article here.
3. Authenticate your mail with custom SPF #
The Return-Path (also known as the "envelope-from") is the address where bounces and other email feedback are sent, and it's also the domain used for SPF authentication. It is specified by the Return-Path header in an email, and by default, the Return-Path for emails sent through Postmark is:
Return-Path: <pm_bounces@pm.mtasv.net>
Replacing Postmarkâs default Return-Path domain with your own sending domain means your messages are now SPF authenticated with your sending domain. This helps build your domain's reputation while also providing SPF domain alignment for your domain's DMARC policy.
You can set up a custom Return-Path by adding a CNAME record to your DNS that points to pm.mtasv.net. This is so that Postmark is still able to collect bounces and other feedback sent to that address.
4. Set up DMARC #
DMARC is an email security standard that allows domain owners to monitor whoâs sending email using their domain and instructs email receivers (like Gmail) to approve, quarantine, or reject emails that arenât sent from an authenticated source.
Gmail and Yahoo will start requiring DMARC for all bulk senders who send more than 5,000 messages a day, but even if you arenât sending at that volume, we encourage you to set up DMARC anyway. Hereâs a step-by-step walkthrough of how you can set up DMARC for your domain. Gmail and Yahoo don't require strict DMARC policies, so you can get started with a âp=noneâ policy. With that policy in place, you can start monitoring whoâs sending email using your domain without receivers taking any action just yet.
DMARC monitoring for humans
If youâre looking for a simple DMARC monitoring tool, try Postmarkâs DMARC Digests

If you visit your domain details in Postmark at this point, you should be able to see what we call the magic trifecta of email authentication 🔐🔐🔐.

5. Register your domain for Google Postmaster Tools and keep your spam complaint rates under 0.3% #
Gmail will require senders to keep the spam complaint rate below 0.3%. If a larger share of your recipients mark your emails as spam, your sender reputation will decreaseâand youâll have a harder time reaching the inbox.
If youâre a Postmark customer, you can see spam reports from most inbox providers in your Postmark account, but Gmail is a bit of a special case. Since Gmail doesnât provide a feedback loopâthatâs the process for sharing spam report data with email providersâyou canât see spam reports from Gmail users in your Postmark account.
To keep an eye on your spam report data from Gmail users, youâll have to register your domain with a dedicated service, Googleâs Postmaster Tools. Registering your domain is free, only takes a minute, and once youâre set up and Google has collected some email data, you can see aggregated spam report information in your Postmaster account.

If you see your user-reported spam rate grow beyond 0.1%, that shows that thereâs room for improvement. If you see your spam rate approach 0.3%, thatâs a sign you should urgently take action.
Follow these best practices to reduce your spam rate
If you have any additional questions about these changes, check out our FAQ belowâand if you donât find the answer to your question there, please reach out! Weâre here to help.
FAQs #
Q. What happens if I send mail that doesn't meet these requirements? #
A. âIf senders donât meet these requirements, messages might be rejected or delivered to recipientsâ spam folders,â say the folks at Gmail.
Q. When will these changes take place? #
A. Changes are set to roll out gradually from February 2024, allowing for optimization and adjustments based on industry feedback.
Q. Yahoo and Gmail mention additional requirements in their documents that you donât mention in the blog post above. Why do you not include them in your tips for senders? #
A. If youâre sending email with Postmark, we automatically take care of some of the crucial requirements that the inbox providers will be enforcing. For example, we automatically include a list-unsubscribe header to all Broadcast emails you might send with Postmark and handle FCrDNS (Forward-Confirmed Reverse DNS) for all our sending IPs.
Q. How will this affect transactional senders? #
A. While the changes primarily target bulk mail, transactional sendersâand especially those that are sending over 5000 messages a dayâshould comply with requirements for enhanced deliverability and engagement. Distinguishing transactional and bulk mail is crucial, and Postmark makes that easy through Message Streams.
Q. ââWhat is the bulk threshold for anti-spam policy?
#
A. Google will be requiring specific rules for users who send over 5,000 messages a day. However, users who send less than 5,000 messages will still need to authenticate their messages with SPF and DKIM.
Yahoo doesn't yet specify any particular volume for these categories of senders, nor do they specify a spam complaint rate threshold.
Q. Could these requirements and our understanding of them change? #
A. Absolutely - in fact, let's expect them to!