Preparing for the February 2024 Email Sender Guidelines
- #Tips
- #Learning
Google will change its email sender guidelines in February 2024, and Yahoo will follow in the first quarter of 2024.
References:
▼Google
https://blog.google/products/gmail/gmail-security-authentication-spam-protection/
▼Yahoo
https://blog.postmaster.yahooinc.com/post/730172167494483968/more-secure-less-spam
Our team has already taken several steps, so I will summarize them here.
Guideline changes
- Authenticate the email sender domain.
- Provide one-click unsubscribe.
- Monitor spam complaint rates.
These changes primarily affect bulk senders targeting Gmail and Yahoo addresses, such as newsletter operators.
Authenticating the sender domain
Sender domain authentication ensures the sender is not spoofed. The guidelines call for industry-standard mechanisms such as SPF, DKIM, and DMARC.
SPF verifies that the sending mail server’s IP address is allowed. You configure it by adding an SPF record to the DNS for the sending domain.
DKIM uses digital signatures to verify that the sender and the message contents have not been tampered with. You need to publish the public key in DNS. (How you register the key depends on how you send email.)
We had already configured SPF and DKIM, so this time we set up DMARC.
DMARC controls how to handle messages when SPF or DKIM fails. DMARC itself does not perform authentication.
You can choose how the receiving client should treat failed messages: leave it up to the recipient (none), quarantine them (quarantine), or reject them (reject). You can also configure DMARC to send report emails.
All of this is done by publishing the designated values in DNS.
One-click unsubscribe
Simply placing an unsubscribe link in the body is not enough.
You have to add the following headers:
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <URL for the unsubscribe process>
When the headers are set correctly, mail clients display an unsubscribe link, making it possible to opt out in one click. (In Gmail it appears as “Unsubscribe from this mailing list”.)
We had not implemented this header yet, so we added it.
Monitoring spam complaint rates
We review spam complaint rates during our weekly team meeting. We check Google Postmaster Tools and the metrics in Amazon SES (our application sends via AWS SES) to track complaint and bounce rates.
The guidelines describe acceptable thresholds, so we monitor the numbers and take action if they approach the limits.
Reference:
https://support.google.com/a/answer/9981691?hl=ja
Closing thoughts
Strengthening defenses against phishing is extremely important. Email plays a key role for many services, and if messages land in spam it can damage brand perception. Staying informed and implementing guideline-compliant measures is essential.