Blog, Learning Center February 1, 2024

From Confusion to Clarity: Red Sift Breaks Down Google and Yahoo’s Email Security Requirements

Many people around the world right now are confused as to whether their organization is ready for Google and Yahoo’s new requirements for bulk senders. 

So don’t worry, you’re not alone. 

Back in October the announcement was made that there would be consequences for organizations sending more than 5,000 emails a day who didn’t have their email security in order. But what are the consequences? And who really needs to worry? 

Luckily the teams here at SecurityScorecard and Red Sift have helped prepare this handy overview for readers who want to check that their messages won’t be rejected or delivered to recipients’ spam folders starting today (February 1st, 2024).

Who’s going to be affected by these requirements? 

Google is quite clear in their definition, stating that “A bulk sender is any email sender that sends close to 5,000 messages or more to personal Gmail accounts within a 24-hour period. Messages sent from the same primary domain count toward the 5,000 limit.” 

What are the domain authentication requirements for Google and Yahoo’s new bulk sending guidelines?

In essence any domain an organization sends mail from needs to have: 

  • SPF and DKIM set up
  • An aligned `From` domain in either the SPF or DKIM domains
  • A published DMARC policy with at least a policy of “none”
  • FcrDNS set up
  • A TLS connection for transmitting email

Other “bulk” sending requirements to keep in mind

  • Multiple sending services

Be careful if you’re using more than one sending service (like Hubspot, Outreach, Marketo, etc.) as you’ll need to make sure that each individual service provider meets these new requirements. Otherwise, you may see deliverability issues.

  • Easy unsubscribe

One of the primary objectives of Google and Yahoo’s bulk sending requirements is to make inboxes less spammy, so that means senders need to make it easy for people to stop receiving their emails. 

You’ll need to ensure you have one-click unsubscribe included on all commercial messages and you’ll have until June 1, 2024 to do so. 

  • Low reported spam rates

Finally, you need to keep your organization’s spam rates reported in Postmaster Tools below 0.3%, ideally below 0.1%. If you’re a Yahoo mail user, you can sign up for the Complaint Feedback Loop (CFL) program to check spam rates.

What happens if you fail to comply?

Failure to comply with these new security requirements will lead to emails not being delivered or ending up in Spam folders. Luckily, enforcement for bulk senders that don’t meet Google‘s Email sender guidelines will be gradual and progressive.

In February 2024, bulk senders who don’t meet sender requirements will start receiving temporary errors (with error codes) on a small percentage of their non-compliant email traffic. These temporary errors are meant to help senders identify email traffic that doesn’t meet their guidelines.

In April 2024, Google will begin rejecting a percentage of non-compliant email traffic and we expect that percentage to increase as the year progresses.

Navigating Yahoogle’s Email Security Requirements with SecurityScorecard

As Google and Yahoo implement stricter email security requirements, it’s crucial for organizations sending bulk emails to understand how to comply and assess their current preparedness. For SecurityScorecard customers, our platform offers critical tools and insights to effectively navigate these new standards.

By utilizing SecurityScorecard, you can easily evaluate whether your organization’s email security protocols align with Yahoogle’s requirements. The platform’s comprehensive analysis includes checks for essential components like SPF and DKIM setup, DMARC policies, and TLS connections. These elements are vital to meet Yahoogle’s criteria and avoid potential delivery issues or spam flagging.

Moreover, SecurityScorecard’s detailed reports and intuitive interface allow you to pinpoint specific areas of non-compliance or vulnerability within your email sending infrastructure. This targeted approach helps in making necessary adjustments swiftly, ensuring your organization adheres to the new bulk sending guidelines before the enforcement deadlines.

For a more granular understanding, the scorecard includes visual indicators and detailed explanations of each compliance aspect, offering actionable insights. This feature is particularly beneficial for organizations utilizing multiple email-sending services, as each service needs to comply individually with the new requirements.

SecurityScorecard equips you with the necessary tools and information to ensure your organization’s email practices are up to date with Yahoogle’s new security standards. By leveraging the platform’s features, you can confidently maintain effective email communications while safeguarding your organization’s reputation and email deliverability.

The good news: Red Sift makes it easy to validate that you’re ready

If you want an easy way to make sure your email-sending domains are ready come February 1, 2024, Red Sift makes it easy. 

Use our Investigate tool to make sure that your email passes upcoming Google and Yahoo requirements. It will take you less than 60 seconds per email-sending service to verify, I promise.