More Clarity Around the Gmail and Yahoo Bulk Sender Policy Changes

Tom Sather2023-12-18

Discover the essential updates to Gmail and Yahoo's bulk sender guidelines starting February 2024, and learn how to avoid deliverability issues.

As many have read over the last couple of months, Gmail and Yahoo have updated their bulk sender guidelines for enforcement starting in February 2024. Bulk senders are defined as anyone sending to more than 5,000 Gmail addresses. This only applies to gmail.com addresses, not Google Workspace hosted email accounts.

Gmail has also been making minor updates since the initial announcement in response to questions received. At a high level, the requirements are:

1. Authenticate with SPF, DKIM and DMARC, and ensure they are aligned with the From: address.

2. Keep subscriber spam complaints under 0.1%, and don’t exceed 0.3%.

3. Use the RFC 8048 List-Unsubscribe header, commonly referred to as the one-click unsubscribe. Gmail is giving bulk senders until June 2024 to comply with this requirement.

4. Use a TLS connection for transmitting mail (added in December 2023).

5. Warnings of non-compliant traffic will start in February, and rejections will begin in April.

I also analyzed over 500 senders across various industries to provide insight into the potential impact.

Authentication Requirements

Most senders already authenticate with SPF and DKIM, which has been best practice for over a decade. All email service providers have baked this into their services, making compliance fairly straightforward. In fact, all 500 senders I examined were publishing SPF records and signing with DKIM—an impressive adoption rate.

DMARC ties together SPF and DKIM, allowing senders to instruct ISPs on handling spoofed emails (which consequently fail SPF/DKIM checks). Adoption isn’t as high but has increased substantially in recent years. Gmail recommends publishing a DMARC record with alignment (meaning the From: domain matches the SPF/DKIM domains).

Of the senders examined, about 20% lacked a DMARC record. Only a few had misaligned records. Publishing a DMARC record is easy, so I expect adoption to increase as the deadline approaches. I used to think DMARC wasn't essential for smaller brands, but I was completely wrong. Surprisingly, over 50% of traffic for one client was spoofed! Enabling DMARC makes email safer for everyone.

Subscriber Complaint Requirements

Ideally, complaint rates should be 0.1% or less (just one complaint per 1,000 emails). This isn't strictly enforced but provides a benchmark for good senders. Gmail states rates above 0.3% negatively impact reputation and may cause messages to go to spam. Many factors contribute to reputation, so an occasional spike may not be detrimental. However, consistently exceeding 0.3% is problematic and will likely result in spam folder delivery.

One-click Unsubscribe Header

Unfortunately, fewer than 10% of the 500 senders examined were compliant with the RFC 8048 one-click unsubscribe requirement. Around 10% lacked any list-unsubscribe header, while 80% still use the mailto: option.

The good news: Given implementation challenges, Gmail extended the compliance deadline to June 1, 2024 versus February for other requirements. However, meeting the original date is recommended, and Yahoo expects mailto: compatibility as well. Including both options covers all bases.

Gmail also made "unsubscribe" much more visible, increasing font size and switching to blue. The old fine print gray button blended into messages. When the one-click unsubscribe is present, Gmail will now prompt the user to deliver future messages to spam when used. I don't believe these will count as complaints though. If someone is repeatedly emailed after unsubscribing, moving messages to spam seems reasonable.

Consequences of Non-Compliance

Gmail has stated that senders that aren't in compliance with their new guidelines, specifically complaints and DMARC compliance will see temporary errors in February, followed by rejections based on a percentage of non-compliant traffic:

In February 2024, bulk senders who don’t meet sender requirements will start getting temporary errors (with error codes) on a small percentage of their non-compliant email traffic. These temporary errors are meant to help senders identify email traffic that doesn’t meet our guidelines so that senders can resolve issues that result in non-compliance.
In April 2024, we’ll start rejecting a percentage of non-compliant email traffic, and we’ll gradually increase the rejection rate. For example, if 75% of a sender’s traffic meets our requirements, we’ll start rejecting a percentage of the remaining 25% of traffic that isn’t compliant.

Consistently exceeding 0.3% complaint rates typically correlates with bad reputation and spam delivery already. However, Gmail won't assist with mitigation above that threshold—no point opening tickets.

Lack of one-click unsubscribe won't directly cause spam marking or penalties. But without proper implementation, mitigation assistance will be unavailable for Gmail delivery issues. Don't open tickets unless your implementation is fully functional.

I hope this breakdown makes the requirements clearer! Please email tom@emaillookout.com if you have any other questions or want help confirming compliance.


See More Posts

background

Why Isn't the Gmail Unsubscribe Button Appearing in My Emails?

Tom Sather

background

Snooze You Lose: Google Says "See Ya Later" to Sleepy Gmail Accounts

Tom Sather

background

More Clarity Around the Gmail and Yahoo Bulk Sender Policy Changes

Tom Sather

Show more