Email Compliance: Navigating the New Google and Yahoo Requirements for Email Senders in 2024

  • UPDATED: 19 June 2024
  • 5 min read
article

Reading Time: 5 minutes

In the latter half of 2023, Gmail and Yahoo, two of the largest Mailbox Providers (MBP), published compliance requirements for email senders and additional requirements for bulk senders.

These requirements have been around for years if not decades. But as of 2024, MBPs will start rejecting emails due to non-compliance. Enforcement began for Yahoo and Gmail in February 2024 and April 2024, respectively. June 2024 was the deadline for list unsubscribes.

Why is Email Compliance Important?

Mailbox providers always optimize their systems to provide customers with the best email experience. The new compliance requirements are an extension of this, ensuring that customers always have access to a safe, private email experience.

For MBPs, this also means a renewed focus on reducing spam by separating legitimate and spammy emails. MBPs use specific authentications to identify third-party domains forging your domain, and your email compliance plays a huge role here.

Another update from MBPs is the “one-click unsubscribe” option. This option gives customers an easy way to opt out of your email campaigns if necessary. This way, they don’t have to look for the “report spam” button. This is a win-win for the customer and your brand as well since your brand’s domain reputation will not take a hit from unnecessary spam reports.

Even if you do get spam reports, you must ensure that your spam complaints fall below the threshold of 0.3%. If your brand constantly receives spam complaints above this threshold, your domain reputation will take a hit, and your emails won’t land in the inbox.

7 Email Compliance Requirements At a Glance

The latest email compliance requirements for 2024 are listed below:

  1. Authenticate your email:
    1. Ensure valid SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail)
    2. Ensure valid DMARC (Domain-based Message Authentication Reporting & Conformance)
    3. Ensure your domain in the “From:” header is aligned with either the SPF or DKIM domain. This is mandatory for DMARC to pass
  2. Have a valid forward and reverse DNS record for your sending IPs
  3. Keep spam complaint rates below 0.1%. Avoid reaching 0.3% or higher
  4. Support easy unsubscribes:
    1. Implement the one-click unsubscribe header as per RFC8058.
    2. Gmail has mandated RFC8058-compliant one-click unsubscribe option
    3. Include an unsubscribe link in the body of the email. This can point to your preference center
  5. Use a TLS connection for transmitting emails
    1. TLS encrypts emails for security and prevents unauthorized access
  6. Don’t impersonate Gmail and Yahoo headers.
    1. Yahoo already has a reject policy that blocks unauthenticated emails.
    2. Gmail subdomains have a “quarantine” policy, which directs all unauthenticated emails to spam.
  7. Comply with RFC – 5321 and 5322, the basic standards for SMTP (Simple Mail Transfer Protocol) and Internet email formats.

How to Check If Your Emails Are Compliant

Follow these seven simple steps to check your email compliance levels:

  1. Send an email from your domain to your personal gmail.com/yahoo.com address.
  2. If you receive the email:
    1. You are compliant with RFC 5321 and 5322 standards
    2. IP has valid forward and reverse PTR record
    3. You are passing DMARC or have a non-reject DMARC policy
      1. DMARC policy options are “none” (MBPs can decide based on their discretion), “quarantine” (put emails that fail DMARC to spam), and “reject” (block all emails that fail DMARC)
    4. Your emails are not rejected due to bad reputation
  3. Click on “More” and “Show Original/View Raw Message”

    This is an image of the Email Compliance requirements menu
    Source: Gmail
  4. Look at the authentication results in the header. Search for “Authentication-Results.” This must have:
    1. Must have SPF, DKIM, and DMARC results
    2. Results must be PASS for all three
      This is an image of authentication results for email compliance requirements
    3. To prevent spoofing of your domain, add strict DMARC

      This is an image of DMARC authentication for email compliance
      Note: You can start with a p=none; sp=none policy. Send the reports to a DMARC monitoring tool. Monitor, fix authentications and slowly enforce 100% strict DMARC.
  5. Search for “Received: from,” and you will see the IP with its forward DNS. Gmail completely rejects emails sent from IPs without valid forward and reverse DNS.
    This is an image of email authentication requirements This is an image of email DNS authentication
  6. In the same “Received: from,” you can also see the TLS version.
  7. Search for “List-Unsubscribe.”
    1. You should see two headers:
      1. List-Unsubscribe: <>
        1. It must include a HTTPS URL.
      2. List-Unsubscribe-Post: List-Unsubscribe=one-Click
        1. It’s static and fixed.

This is an image of list unsubscribe options

Learn more about testing your email settings/domain settings here.

Apart from implementing the above, to remain compliant, you must also ensure the unsubscribe requests are honored within 2 days, and spam complaints remain below 0.3%.

Remember, opt-outs are per brand. If you send non-transactional emails from multiple vendors (for example, during migration, you would send emails from two vendors), you must ensure your opt-outs and spam complaints are in sync between all systems.

Overwhelmed? MoEngage can help!

If you’re using MoEngage Email, you don’t need to worry about authenticating domains or configuring forward and reverse DNS for IPs — this is done as an automated mandate. If you’re looking for spam complaint rates, you can access your campaign analytics. For Google spam complaints, you can also check the Google Postmaster.

MoEngage also offers the in-house List-Unsubscribe solution. The self-managed List Unsubscribe option allows you to customize it to include your branded domain and URL and use a unique identifier to identify the customers.

This email shows how MoEngage can help you maintain email compliance

Repercussions of Non-Compliance

Neither Gmail nor Yahoo have specifically quoted the impact of non-compliance on your brand. It’s been left open-ended. However, depending on which particular aspect has been non-compliant (authentications v/s forward and reverse DNS for IPs v/s one-click unsubscribe v/s spam complaints), one or all of these three can happen:

  • Non-compliant traffic could be temporarily rejected
    • This means non-compliant emails will be rate-limited
    • This will result in delayed delivery and eventual blocks
  • Non-compliant traffic may be sent to the spam folder
    • This means non-compliant emails will be sent to spam instead of Inbox.
    • Customers generally do not look for emails in the spam folder, so you will see low open/click/conversation rates.
  • Non-compliant traffic may be rejected
    • If your emails are not compliant, they will not be delivered to the customer.
    • In this case, you will see low delivery rates.
  • Gmail won’t provide mitigation for email delivery/deliverability issues.

As these mechanisms are in place to identify legitimate senders from spam, non-compliance for an extended period could result in you being marked as a spammer. In this case, it will be challenging to recover your reputation. The recovery will also need to meet all the compliance requirements.

You can also look directly through Yahoo’s and Google’s FAQs for more information.

Don’t have MoEngage yet? Talk to us.