Summary
Google and Yahoo's new email authentication policies require senders to authenticate their email using SPF, DKIM, and DMARC to combat spam, fraud, and abuse. Senders should own a domain for DKIM signing and use their organizational domain in the From header, aligning SPF and DKIM. ESPs are adapting their platforms, but preventing the use of freemail addresses remains a challenge. High-volume senders should avoid shared, unaligned DKIM, and those on shared IPs may face deliverability issues if others don't follow best practices. Increased scrutiny will occur for senders using shared domains or ESP authentication, and senders with poor reputations will be negatively impacted. Understanding and implementing DMARC is crucial, and those on shared hosting must ensure ESP compliance. Smaller businesses should correctly set up DKIM and DMARC and monitor deliverability. Mailbox providers prioritize customer satisfaction but will show less sympathy for those neglecting authentication. ESPs will require bulk mailers to authenticate using DMARC. Microsoft is also implementing similar requirements and providing a sender support portal. Senders not following the rules can expect blocking and spam placement, while low-volume senders with no complaints might initially be unaffected. Forward and reverse DNS records are essential, and ESPs handling client authentication will need configuration changes.
Key findings
- Authentication Required: Google, Yahoo, and Microsoft require email authentication (SPF, DKIM, DMARC).
- Domain Ownership: Owning a domain and using it for DKIM signing is highly recommended.
- SPF/DKIM Alignment: Alignment of SPF and DKIM records with the organizational domain is essential.
- Freemail Restriction: Preventing the use of freemail addresses in the From header is a key challenge.
- Shared DKIM Issues: Shared, unaligned DKIM is not preferred, especially for high-volume senders.
- Reputation Matters: Senders with poor reputations will experience negative deliverability impacts.
- DMARC Crucial: Understanding and implementing DMARC is critical for all senders.
- ESP Compliance: Senders on shared hosting must ensure their ESP complies with new standards.
- Volume Sensitivity: Deliverability issues are more likely for higher volume senders (over 5000 messages).
- Industry Shift: The email industry is moving towards stricter authentication requirements.
- Importance of DNS: Valid DNS Records are required.
Key considerations
- Domain Authentication: Implement SPF, DKIM, and DMARC for your sending domains.
- ESP Evaluation: Evaluate and ensure your ESP complies with new authentication standards.
- Sender Reputation: Monitor and maintain a good sender reputation through responsible sending practices.
- Shared IP Awareness: If on shared IPs, understand the impact of other senders' authentication practices.
- DMARC Policy: Implement and actively manage your DMARC policy.
- Monitor Deliverability: Regularly monitor email deliverability to identify and address any issues promptly.
- Proactive Adaptation: Be proactive in adapting to new email authentication requirements to avoid deliverability problems.
- Review and Update Authentication Settings: Verify and Update Authentication Settings.
What email marketers say
10 marketer opinions
Google and Yahoo's new email authentication policies will significantly impact senders using shared domains and ESP authentication. High-volume senders must avoid shared, unaligned DKIM, and ESPs will adapt to guide users in setting up proper authentication. Senders on shared IPs might face deliverability issues if others don't follow best practices. Increased scrutiny will occur for senders using shared domains or ESP authentication, emphasizing the importance of aligning SPF and DKIM. Senders with poor reputations will experience negative impacts, highlighting the need for good sending practices. Understanding and implementing DMARC is crucial, and those on shared hosting must ensure ESP compliance. Smaller businesses should set up DKIM and DMARC correctly and monitor deliverability, while ESPs handling client authentication need to change configurations, prompting senders to check DMARC, SPF, and DKIM.
Key opinions
- DKIM Alignment: High-volume senders should avoid shared, unaligned DKIM.
- ESP Adaptation: ESPs will adapt their platforms to guide users in proper authentication setup.
- Shared IP Risks: Senders on shared IPs may face deliverability issues if others don't follow best practices.
- Increased Scrutiny: Senders using shared domains or ESP authentication will face increased scrutiny.
- Reputation Impact: Senders with poor reputations will experience negative impacts.
- DMARC Importance: Understanding and implementing DMARC is crucial for all senders.
- ESP Compliance: Those on shared hosting must ensure their ESP is compliant with the new standards.
- Smaller Business Action: Smaller businesses need to ensure DKIM and DMARC are correctly set up and monitored.
- ESP Configuration Changes: ESPs handling client authentication will need to change their configurations.
Key considerations
- Dedicated DKIM Setup: Explore setting up dedicated DKIM if using platforms like Klaviyo.
- Proactive Authentication: Take responsibility for proper email authentication and educate yourself on best practices.
- SPF/DKIM Alignment: Ensure SPF and DKIM records are aligned to match the sending domain.
- Reputation Management: Prioritize good sending practices to maintain a positive sender reputation.
- DMARC Implementation: Start with a 'p=none' policy to monitor email flows before implementing stricter DMARC policies.
- ESP Evaluation: Evaluate your ESP's compliance with the new standards and switch providers if necessary.
- Deliverability Monitoring: Monitor email deliverability regularly to catch any issues early.
- DMARC,SPF and DKIM Checks: Carefully check your DMARC, SPF and DKIM records.
Marketer view
Email marketer from SparkPost Blog indicates senders using shared domains or ESP authentication might face increased scrutiny. Aligning SPF and DKIM records to match the sending domain becomes critical for maintaining deliverability.
31 Mar 2022 - SparkPost Blog
Marketer view
Email marketer from SMTP2Go Blog discusses that senders on shared IP addresses might experience deliverability issues if other users on the same IP are not following authentication best practices. Proper authentication is crucial to avoid being flagged as spam.
9 Apr 2023 - SMTP2Go Blog
What the experts say
13 expert opinions
The new email authentication policies from Google and Yahoo emphasize the importance of domain ownership and proper authentication. Senders should own a domain for DKIM signing, use their organizational domain in the From header, and align SPF and DKIM. ESPs are adapting to these changes, but a key challenge is preventing users from using freemail addresses. Large mailbox providers will not abruptly penalize senders but will show less sympathy for those neglecting authentication. Mail without SPF and DKIM will be rejected, and alignment is crucial for volumes over 5000. While ESP authentication is allowed, relying on it long-term can harm deliverability, especially for high-volume senders. The industry is moving towards stricter authentication, and non-compliance will result in blocking and spam placement. Smaller senders with low volumes and no complaints may be fine, but issues can arise with increased volume, new mailstreams, or IP changes. ESPs will require bulk mailers to authenticate using DMARC, ensuring proper configuration for shared or dedicated domains.
Key opinions
- Domain Ownership: Owning a domain for DKIM signing is crucial.
- SPF/DKIM Alignment: Aligned SPF and DKIM with organizational domain are essential.
- Freemail Restriction: Using @gmail.com addresses in the From header will be problematic.
- Authentication Enforcement: Mail without SPF and DKIM will be rejected, especially for high volumes.
- ESP Authentication Limitations: Relying solely on ESP authentication can harm long-term deliverability.
- Industry Shift: The email industry is moving towards stricter authentication standards.
- Low Volume Exception: Low-volume senders with no complaints may initially be unaffected.
- DMARC Requirement: ESPs will require bulk mailers to authenticate using DMARC.
- DMARC Configuration: Dedicated domains must be properly configured for DMARC or sender needs to use an ESP Domain.
Key considerations
- Domain Selection: Choose your main organizational domain or a subdomain for the From header.
- ESP Infrastructure: Ensure your ESP is aware of the changes and implementing necessary infrastructure.
- Volume Awareness: Understand volume thresholds, as alignment requirements differ for low vs. high-volume senders.
- Proactive Authentication: Implement basic authentication measures like SPF and DKIM to avoid deliverability issues.
- Monitor Performance: Monitor your sending reputation and engagement metrics to identify and address issues promptly.
- DMARC Configuration: Configure DMARC appropriately on either a dedicated or shared ESP domain.
- Domain Ownership: If using ESP consider moving to authenticating from your own domain.
Expert view
Expert from Email Geeks advises using your main organizational domain or a subdomain in your From header. Aligned SPF or DKIM, ideally both, are crucial. Aligned SPF means your return path is a subdomain of your organizational domain, while aligned DKIM means using your organizational domain in the d= of one of the DKIM signatures.
4 Jul 2023 - Email Geeks
Expert view
Expert from Email Geeks confirms that it will still be allowed for mailers to sign up on an ESP, verify their domain and send using the ESPs authenticated domain without needing to place any records in their DNS.
29 Aug 2024 - Email Geeks
What the documentation says
5 technical articles
Google, Yahoo, and Microsoft are implementing stricter email authentication policies to combat spam, fraud, and abuse. These policies require senders to authenticate their email using SPF, DKIM, and DMARC. Senders also need to maintain a low spam complaint rate and provide easy unsubscribe options. DKIM verifies the source and integrity of email messages, while DMARC allows domain owners to specify how receiving servers should handle messages that fail authentication. Microsoft is also updating its sender guidelines and providing a sender support portal to check sender reputation.
Key findings
- Authentication Required: Google, Yahoo, and Microsoft all require email authentication.
- SPF/DKIM Essential: SPF and DKIM are fundamental authentication methods.
- DMARC Recommended: DMARC is a crucial policy framework to manage unauthenticated mail.
- Low Complaint Rates: Maintaining low spam complaint rates is critical.
- Easy Unsubscribe: Providing easy unsubscribe options is necessary.
- DKIM Function: DKIM verifies source and integrity of messages.
- DMARC Function: DMARC allows domain owners to specify handling of failed authentication.
- Valid DNS Records: Domains and IPs need valid forward and reverse DNS records (PTR records)
Key considerations
- Implement SPF: Set up SPF records for your sending domains.
- Implement DKIM: Enable DKIM signing for your email messages.
- Implement DMARC: Configure DMARC policy to protect your domain.
- Monitor Reputation: Regularly check your sender reputation with Microsoft and other providers.
- Reduce Spam Complaints: Optimize your sending practices to minimize spam complaints.
- Simplify Unsubscribing: Ensure a clear and easy unsubscribe process for recipients.
- Validate DNS: Confirm valid forward and reverse DNS records (PTR records)
Technical article
Documentation from Google Workspace Updates states that to help prevent spam, fraud, and abuse, Google requires senders to authenticate their email. They must set up SPF or DKIM email authentication for their domain and ensure that sending domains or IPs have valid forward and reverse DNS records (PTR records).
5 Jun 2025 - Google Workspace Updates
Technical article
Documentation from RFC 4871 defines DKIM as providing a method for verifying the source and integrity of email messages. This standard ensures that the email hasn't been altered during transit and comes from a legitimate sender.
13 Sep 2022 - RFC 4871
Do Yahoo and Gmail require DMARC authentication for senders?
How can I ensure email compliance with Yahoo/Google rules including DMARC, SPF, and FcrDNS?
How do Gmail and Yahoo's new one-click unsubscribe requirements work?
How will Yahoo and Google enforce their new email sender guidelines?
Is DMARC essential for email deliverability and what to do when Return Path reports spam issues with good open rates?
What are the new email authentication and unsubscribe requirements from Gmail and Yahoo for 2024?
