To help protect their customers from malicious and junk emails, Google and Yahoo have announced that they will begin to enforce additional requirements for emails from bulk email senders in February 2024. Failure to meet these requirements will result in emails being placed in the spam folder instead of the inbox, or possibly not being delivered at all. This includes both personal and business inboxes. Other email providers are expected to follow suit, so any application that sends email should work towards adhering to these requirements, regardless of recipients or message volume.
Update: Google has begun to reject messages from bulk senders that do not comply with authentication requirements.
Updated on 2024-02-24 to reflect Clarified guidance from Google.
Google defines bulk senders based on the main domain of the from address. If 5,000 or more emails are ever sent Gmail customers from a domain or its subdomains combined, that domain and its subdomains are permanently considered bulk senders.
Even if a domain is not currently considered a bulk sender, properly authenticating your emails is a deliverability best practice that will make it more likely that your emails reach the inbox.
rua value set so that the domain owner can monitor DMARC compliance reports provided by receiving email services.
dmarc=pass in the
Authentication-Results-Original email headers after the email has been delivered.
More information about SPF, DKIM, and DMARC authentication can be found in my complete guide: Demystifying DMARC: A guide to preventing email spoofing.
DKIM is the most reliable way to pass DMARC. Ensure that your emails are DKIM signed as the domain you are using in the message from header. With most vendors this can be configured by the customer. Other vendors may require a support case. Generally, the process works like this:
If a vendor does not support DKIM signing as a customer’s domain, check to see if they support other options to pass DMARC, such as alignment via SPF or using a custom email relay. Dmarcian maintains a helpful public list of known DMARC support options for a variety of services.
Your vendor may already have this deployed. To check this, look for a
List-Unsubscribe email header. The user’s email service will also show an unsubscribe button above the email body. If not, ask your vendor for guidance for implementing one-click unsubscribe as defined in RFC8058.
This post was last modified on February 25, 2024 1:05 am