Google and Yahoo have dropped the hammer on email senders, which will quite likely impact the email marketing done by you and your clients.
To me, this is a bit like a helmet law; it seems crazy that a motorcycle rider needs a LAW to make them wear a helmet when speeding down the highway! Similarly, all of the things Google and Yahoo are now requiring, have been best practices all along. If you have been wearing your helmet ever since you mounted the email marketing motorcycle, you are probably ok, but it’s worth reviewing to be sure.
There are a million articles out there doing deep dives on the subject, but here’s a quick checklist to give you an overview of what you need to do to ensure compliance.
First up, familiarize yourself with the requirements directly from the sources.
- Google – New Gmail protections for a safer, less spammy inbox
- Yahoo – Sender Requirements & Recommendations
What are the 2024 email sender requirements?
The following seven items are the best-practices-turned-requirements, according to Google and Yahoo.
Be sure to have the following protocols added to your sending domain. Each are a TXT DNS record.
- DMARC – Gold star for you if you knew that DMARC stands for “Domain-based Message Authentication, Reporting, and Conformance.” Just rolls off the tongue, doesn’t it? DMARC protocols help to authenticate emails, prevent phishing, and ensure sender legitimacy. They do this by verifying the next two protocols.
- SPF – A Sender Policy Framework (SPF) record helps prevent spoofing and phishing scams by verifying that the IP address sending the email is authorized by the domain. An example of this would be the equivalent of you saying, “Yes, I authorize Mailchimp to send emails on my behalf.” Note that you can only have one SPF record per domain, but you can “authorize” multiple senders within that one DNS record.
- DKIM – A DKIM (Domain Keys Identified Mail) record provides a mechanism for email senders to digitally sign their messages. This signature allows email providers to verify the authenticity of the sender and detect any tampering during transit. DKIM is crucial for email deliverability as it enhances message integrity, reduces the risk of phishing, and builds trust with email providers, contributing to higher inbox placement and overall email security.
If you are reading this list, you are most likely using email automation software like Mailchimp, Activecampaign, FluentCRM, etc. to send bulk emails. If so, you can probably breeze past this step as those programs typically include the unsubscribe link on your marketing messages by default. If the unsubscribe link has been disabled for some reason, time to turn it back on.
Low Spam Rate
Regularly monitor email deliverability metrics, focusing on spam rates, and utilize tools like Google’s Postmaster Tools to keep spam rates below the specified threshold of 0.3%. The solution for this one is a bit more ambiguous, but basically: Don’t Send Spam. Send emails that are relevant and helpful to your audience. Put yourself in their shoes and send emails that benefit THEM, not YOU.
Remove Invalid Recipients
It might feel good to see a nice fat number on your email recipient list, but it is advantageous to cut out any dead weight. This means removing anyone from your list who isn’t opening your messages or that results in a hard or soft bounce.
RFC 5322 Compliance
Ah, yes, the ol’ RFC 5322. This intimidatingly named set of standards defines the approved format of email messages, including their structure and content. It basically makes sure that everyone puts the email address, subject line, message, attachments, etc. in the right place so they can be universally understood by the receiving service. If you are using any remotely reputable service for email marketing, you can likely check this off the list.
Highly recommended as a cure for insomnia: View RFC 5322.
Reverse DNS Records
A Reverse DNS (rDNS) record, also known as a PTR (Pointer) record just for fun, is a type of DNS record that associates an IP address with a domain name, which is the opposite of a standard (forward) DNS record, which maps a domain name to an IP address. Hence, reverse DNS.
Your email marketing app may do this for you. Check their knowledgebase or do a search to confirm.
Require a Secure Connection
Setting up a secure TLS (Transport Layer Security) connection for email sending involves configuring both your email server and your email client. As with other items on this list, the exact steps will depend on your specific setup.
If you are a Google Workspace user, you can follow Google’s instructions here: Require a secure connection for email. Microsoft also has a list of steps to enable TLS for Office365 and Exchange email. Search for instructions for your specific plan. Every email you send via Yahoo Mail has TLS enabled by default, so there are no additional steps. Score one for the big purple Y!
In the case of bulk emails, the email client would be your email marketing service provider. Check with them for steps to enable; most will have this enabled by default.
To ensure secure sending of bulk or transactional emails from your website, we use and highly recommend Postmark.
Why is email security so complicated?
If you made it this far and feel overwhelmed or more confused than when you started, don’t stress! Chances are, if you have been succeeding with email marketing, these steps have already been addressed. If you are new to the quest for the inbox, or inheriting a client, it would be a good idea to double check that you are compliant.
If you don’t know where to begin, or just plain don’t want to deal with it, no worries – that’s what FocusWP is here for! We will take care of all the mind-numbing details to secure your marketing email sending. Here’s how:
Submit a ticket in your Agency Portal
Copy the following text, paste it into a new Development ticket in your Agency Portal, enter in your relevant details, then sit back and relax. (To submit a ticket, you will need some Focus On Demand hours in your account. You can start or top-up on the Focus On Demand page. Bundles start at just 3 hours.
Ticket Title: Please configure secure email sending for [domain]
- My email is hosted by: [Google Workspace, o365, Rackspace, etc.]
- I have (choose one)…
- added firstname.lastname@example.org as a delegate on my nameserver account: [nameserver – this is wherever your DNS records live, likely either your hosting company or (preferably) Cloudflare]
- securely shared login details for my nameserver account with email@example.com
- My email marketing app is: [Mailchimp, ActiveCampaign, SendFox, etc.] and I have added firstname.lastname@example.org as a delegate to my account
- (optional, but recommended) I have added email@example.com as a delegate on my Postmark account.
Time Estimate: There are a lot of variables to consider, but most cases can be completed in 1 hour (or less!)
Markup: They say “the money is in the list,” so having their email marketing properly configured should be very valuable to your clients. You could easily charge anywhere from $199 to $399 for this service.
Selling this service to your clients: Swipe the email copy below, season to taste, and send it out to your clients that are doing email marketing. Then send the tedious task over to your FocusWP team. No work, all the lory. That’s what I’m talkin about!
Subject: Important Update: Security Update Required for Your Emails
Hi [Client’s Name],
As you know, we always have our ear to the ground for new and relevant developments in the tech world. One of the new headlines will affect you! Google and Yahoo have recently dropped the gauntlet and are enforcing certain security protocols for anyone sending out emails, whether 1:1, newsletters, or the automated confirmation messages from your website.
Why is this important for you?
Google and Yahoo provide about 30% of the inboxes in the world (nearly 80% in the US!). If you want your marketing messages to avoid the spam filter and make it safely into those inboxes, we’ll need to play by their rules.
It may seem like a hassle, but this actually isn’t a bad thing. Everything Google and Yahoo are requiring will only move us forward to a more secure email experience for everyone. Remember, you and I have inboxes, too! Personally, I’m looking forward to fewer spammy messages and shady schemes.
What is required to comply with the latest industry standards and best practices?
Here’s a brief overview of the key requirements:
- Advanced Authentication Protocols: An alphabet soup of robust authentication protocols such as SPF, DKIM, and DMARC will verify the authenticity of your emails, reducing the risk of inadvertently being flagged as spam. It will also reinforce against bad players sending out phishing emails or other scams in your name.
- Secure Transmission: You know we are always saying not to send sensitive info via email? Well…still don’t do that! But, progress is being made with these adjustments to make email a private, safe place to share information.
- Stay Out of Spam Folders: By conforming to these strict (but reasonable) email server settings, regularly pruning your list of recipients, and avoiding spammy subject lines & content, your emails will be much more likely to land in inboxes and avoid spam folders.
We have just launched a new service called “Inbox Mastery” to implement all required security features. The one-time price is $249 and can be completed within 3 business days.
There is a lot of information about these changes on the web if you would like to research it yourself. Fair warning – it can get pretty technical. To proceed with the “Inbox Mastery” service and secure your email accounts, just reply to this email and we will take it from there! I suggest we take action before your next newsletter goes out on [day].
Your friendly neighborhood Email Avenger,
Drop a comment below and let us know how you tweak the sales email for your clients, and what results you get!