The new Gmail and Yahoo! sender requirements are effective since February 2024. They’re here to make emailing safer and inboxes less spammy. In this article, we’ll help you (email senders) prepare and align with these requirements to make sure your emails reach your audience.
Starting in February 2024, these two major mailbox providers tightened their spam checks. If you want your email marketing messages to reach your audience’s inbox, you’ll need to follow Gmail and Yahoo! sender requirements.
If you don’t take action, your emails might be flagged as spam, rejected, or not delivered at all, which could damage your sender reputation.
| Understanding the new Gmail and Yahoo! sender requirements from an expert “After years of discussing email best practices, Gmail and Yahoo! are working together to raise email marketing standards. This big move will help protect users against unsolicited messages. It also offers an opportunity for legitimate marketers to reinforce trust in email campaigns and reach their subscribers more effectively.” – Simon Bressier, Head of Deliverability and Anti-Fraud at Brevo |
There’s no need to panic though. If you’re using Brevo, you’re probably already following a lot of these requirements.
Let’s dive in to see what to expect and what you need to do to get ready for February.
Table of Contents
Who do the Gmail and Yahoo! sender requirements affect?
- If you’re sending messages to anyone using a Yahoo, Gmail, Googlemail, or Google Workspace address, you’ll need to follow these requirements.
- If you’re sending more than 5,000 emails within a 24-hour period, you’ll have to follow a couple of extra bulk sender requirements. We’ll point out which ones in the list below.
Gmail and Yahoo! sender requirements for all senders
This new update helps Gmail and Yahoo! keep spammers and malicious messages from getting through to their users’ inboxes. As such, all of these new requirements have to do with email security.
By checking these boxes, you can increase your chances of landing your emails in the inbox (AKA improving your email deliverability). So let’s get going!
1. Use SPF and DKIM email authentication
SPF and DKIM are two identity authentication requirements. Authenticating your domain using SPF and DKIM proves you are who you say you are, and that the emails you are sending belong to your domain. This protects you from spoofing, or people pretending to be you.
- SPF tells the receiver which IP addresses are associated with the sender’s domain and therefore allowed to send email.
- DKIM is an encrypted signature of your message. This tells the receiver that the content of the email hasn’t changed while sending it. It also confirms that the email is from your domain.
What to do:
Most email senders use their email service provider’s (ESP) shared IP address and don’t need to set up SPF. With Brevo, only clients who use a dedicated IP address need to set up SPF authentication. Brevo manages the shared IP addresses’ sender reputation.
You do need to follow Brevo’s anti-spam policy though to help you avoid accidental spammy practices. Otherwise, you run the risk of having your email-sending capabilities suspended.
All Brevo users need to set up DKIM authentication because it relates to your domain and the content of your messages.
Further reading: Understanding Email Authentication Protocols: SPF, DKIM, and DMARC
2. Set up DMARC authentication for your domain
After setting up SPF and DKIM authentication, you’ll need to follow up with DMARC policy.
DMARC authentication tells mailbox providers what to do with an email that fails SPF and DKIM checks, but claims to be from your domain (which could be a case of spoofing, or someone pretending to send mail from your domain).
Your DMARC policy (p) instructions can tell receiving inboxes what to do in this scenario.
- None: Receiving inbox does nothing
- Quarantine: Receiving inbox puts the message in the spam folder
- Reject: Your message is not delivered and produces a soft bounce
What do to: Your domain must have a DMARC record.
The simplest DMARC record you can use is “v=DMARC1; p=none”, but it’s not the most secure.
These instructions tell Gmail that if your emails fail the SPF and DKIM identity checks, they will still be sent to the recipient’s inbox.
This also means that if someone fakes your email address, for example, and tries to send malicious messages, these messages will still go through to the recipient’s inbox.
However, since you now have DMARC records, you can track who sent the emails from your domain.
If someone fakes your identity, fails SPF and DKIM checks, and tries to send spam, setting your DMARC policy to “p=reject” will stop those emails from being delivered.
Brevo users:
You’ll need to set this up. Learn more about DMARC authentication from our Help Center to get you started.
If you have a p=none policy on your DMARC record, you also need a rua tag on your DMARC to allow receiving DMARC reports.
3. Make sure your sending domain or IPs have valid reverse DNS records
Also known as PTR records, reverse DNS (rDNS) records confirm that your domain is associated with your IP address. When you send emails, the receiving inbox provider (Yahoo!/Google) looks at this record to verify that the IP address sending the email matches the domain.
What to do: If you’re using Brevo’s shared IP address, nothing. This is already done and you don’t need to worry.
If you set up a dedicated IP address with Brevo, you’ve already done this as part of the setup.
Further reading: Learn how to set up a dedicated IP address.
4. Keep spam rates below 0.3% according to Postmaster Tools
Any time someone marks one of your emails as spam, your spam rate increases. If your spam rate is too high, your emails will more likely be marked as spam and will not make it to the inbox.
What to do: Monitor your email spam rate using Google’s Postmaster Tools if you are sending campaigns to Google email addresses.
You can keep spam complaint rates down and your sender reputation up by following these best practices:
- Use double-opt-in when collecting new contacts
- Clean your email list
- Make unsubscribing easy with one-click unsubscribe links
- Do not buy email lists or addresses
If you’re a real business with real messages for people, chances are you won’t have to worry about your spam rate. But it’s still good to follow email deliverability best practices to create trusting customer relationships.
Read more about email deliverability best practices.
5. Don’t impersonate a Gmail “From” header
This new Gmail and Yahoo! Sender requirement just means you shouldn’t use a free email address (@gmail, @googlemail, @yahoo, etc).
Why? Gmail’s DMARC policy is changing. Since February 2024, the DMARC policy on Google changed from “none” to “quarantine”. What this means is that any email sent from a Gmail address from outside of the Gmail app will go to the spam folder (AKA quarantined).
This is to help protect Gmail users from people pretending to have a gmail address. Spammers might fake a gmail address to get sensitive information from people, also known as phishing.
What to do: Use your real business email address associated with your domain and you’ll be fine. If you don’t have a domain yet, consider getting one to avoid delivery problems down the road.
6. Follow Internet Message Format standards (RFC 5322) for your emails
This requirement just means that your email headers, text, attachments, and content must be formatted correctly. Brevo monitors this for you automatically, so you don’t have to worry about running into any problems.
Gmail and Yahoo! bulk sender requirements 2024
If you send more than 5,000 marketing email messages within a 24-hour period, you also need to follow these additional Gmail and Yahoo! sender requirements.
7. The domain in your “From” header must match your SPF or DKIM domain
To complete DMARC authentication, you’ll need to make sure your “From” header uses the domain you authenticated from either the SPF or DKIM checks.
What to do:
Brevo users who send with Brevo’s shared IP address only need to authenticate their sending domain (which is done during DKIM setup).
For users with a dedicated IP address, all senders (email addresses you will use to send mail) need to use sender domains that match the domain you authenticated during the DKIM setup.
For example, if you authenticated the domain name (website) thegreenyoga.com during DKIM setup, your email addresses should also use this domain.
Contact @ thegreenyoga.com
James @ thegreenyoga.com
8. Make unsubscribing easy
Sometimes contacts don’t want email messages from you anymore, and that’s okay. Make it easy for them to unsubscribe, or risk getting spam complaints. This Gmail and Yahoo! sender requirement will protect your sender reputation in the long run.
The unsubscribe policy applies to emails that people need to subscribe to in the first place, such as email marketing campaigns.
| Brevo users: Brevo already enforces these two unsubscribe rules. You don’t need to worry about this update since you’re already doing it. |
To make unsubscribing easy, email senders need to:
- Enable one-click unsubscribe links in your email header. This is also known as a list-unsubscribe header and takes subscribers off of that mailing list.
- Use a clear and visible unsubscribe link in your email body.
Clear unsubscribe links are required in the USA under the CAN-SPAM Act for any commercial messages.
Gmail and Yahoo! Sender requirement checklist for Brevo users
This table is your guide to knowing what steps you need to take, and what’s already been done for you.
The ✅ means there is nothing to do on the user side.
“To verify” means you need to check and make sure you’re following this requirement.
| Gmail and Yahoo! Sender requirement | Brevo users |
| SPF authentication | ✅ (unless you use a dedicated IP address) |
| DKIM authentication | To verify |
| rDNS records | ✅ |
| Keep spam levels below 0.3% | To verify |
| Don’t impersonate gmail addresses | ✅ |
| Follow internet message format standards (5322) | ✅ |
| Set up DMARC authentication | To verify (if you are sending or planning to send 5,000 emails/day you need to set up DMARC authentication) |
| Domain “From” header must match SPF or DKIM domain | To verify (Only users with a dedicated IP address and multiple senders) (Needed if you’re sending more than 5,000 emails/day) |
| Use one-click unsubscribe | ✅ |
| Use list-unsubscribe headers | ✅ |
Pass the Gmail and Yahoo! sender requirements with Brevo
In a nutshell, the new Gmail and Yahoo! sender requirements make sure that your sending domain is verified. This protects you from being spoofed and protects Gmail and Yahoo! Users from getting spam or phishing emails.
As Simon Bressier, Head of Deliverability and Anti-Fraud at Brevo, says,
“At Brevo, we encourage email security from day one. Most of our users are probably already familiar with the Gmail and Yahoo! sender requirements and are fully prepared to adapt.”
Brevo takes email security seriously and always implements best practices to keep you ahead of the game.
Jumpstart your email strategy with BrevoFree plan includes access to all core email features, 300 emails/day, 40+ email templates, and customizable signup forms to grow your email list. |
Transactional emails technically don’t need an unsubscribe link. However, if your email has enough promotional content (even if it’s also transactional) you need an unsubscribe link to comply with the CAN-SPAM Act. To be safe, it’s recommended to link to a preference center where subscribers can choose which transactional emails they want to receive or not.
