Gmail and Yahoo Tighten Incoming Email Rules: DKM and DMARC Now Mandatory

Man

Man

Professional
Messages
3,068
Reaction score
599
Points
113
s8rxoy38l0zkzpv0pknt45amhp4.png

How SPF Works

Owners of their own mail servers (on their own hosting) constantly have to monitor that their domain or IP address is not blacklisted. And from February 2024 it will be even more difficult, since Gmail and Yahoo have tightened the rules for incoming emails (Gmail announcement, Yahoo announcement).

For regular users, the good news is that there will be less spam. And now mail server owners will also have to monitor the "spam level" from their servers, that is, how many users mark their emails as spam.

Gmail changes coming February 2024​


Since February 2024, Gmail has begun purging inactive accounts. In addition, the provider has begun closely monitoring domains that send more than 5,000 messages per day to Gmail boxes.

Google employees explained that many mailing list owners incorrectly configure their systems. This allows attackers to exploit their shortcomings by sending their (malicious) emails under the guise of legitimate ones. This is what is behind the tightening of rules for outgoing emails, the most serious tightening of rules in recent years.

Both Gmail and Yahoo highlighted three key changes for incoming mail that came into effect in 2024:
  1. Email Authentication: Senders must verify the sender's identity using industry-standard SPF, DKIM, and DMARC protocols.
  2. Easy unsubscribe: For bulk emails, senders should include a one-click unsubscribe link in emails so that recipients can easily unsubscribe.
  3. Only the emails that users want. Gmail and Yahoo have taken spam monitoring seriously, and senders must ensure that the number of emails they send does not exceed the established threshold of 0.3%.

0fokp7qcwrgr7x2srsifemfkci0.png

How DKIM Works

These requirements will only apply to bulk senders, which Google defines as senders sending 5,000 or more messages to Gmail addresses per day.

In principle, the requirements are not unexpected or revolutionary, but many senders still do not comply with them. For example, email authentication with SPF, DKIM, and DMARC has been highly recommended for several years. However, Mailgun's 2023 statistics report shows that about 44% of senders are unsure or do not use SPF and DKIM.

For such users, we can recommend a test on knowledge of SPF, DKIM, and DMARC, in a game form.

vvmhvs2gbdrlowqvpz2m_efsj04.png


Gmail requirements:
  • Special requirements for senders with a volume of 5,000 or more messages to Gmail addresses per day
  • Mandatory use of SPF, DKIM and DMARC with minimal configurationp=none
  • Unsubscribe in one click within two days
  • The spam level (when users move emails to spam) from this sender is no more than 0.3%: it should be monitored via Google Postmaster Tools

Otherwise, the sender risks being blacklisted by Gmail.

The question remains how Google will distinguish marketing emails from transactional notifications, which can also be sent to Gmail users in large quantities. Such emails do not contain the necessary attributes, such as one-click unsubscription. Transactional emails are service emails from a website, such as password change notifications, product delivery notifications, messages with a one-time code for two-factor authentication, and the like.

Yahoo Changes from Q1 2024​


Yahoo is making similar changes to its rules from Q1 2024, including mandatory SPF, DKIM, and DMARC, as well as a spam level of no more than 0.3%.

iiqp3ypmdtcmyspo7vxoq1phxv0.png

How DMARC works

So, when sending emails now, you should never ignore SPF, DKIM, and DMARC. In 2022, Gmail began requiring senders to provide some kind of authentication. This reduced the volume of incoming emails without authentication by four times.

Google has published instructions on the best way to implement DKIM authentication for your domain.

Today, SPF and DKIM support is the absolute minimum for outgoing emails, otherwise Google will send the emails to the Spam folder. For DMARC, you need to implement at least the field p=none.

Conclusion​


It is obvious that the effectiveness of email as a communication channel depends on the satisfaction of recipients. The more spam they have, the less likely it is that important messages will be read.

For this reason, it is important to monitor changes in how email providers change the way they handle spam. The mandatory requirement of SPF, DKIM and DMARC, as well as the 0.3% spam threshold, is the most serious tightening of rules for incoming emails in recent years.

Source
 
You must log in or register to reply here.

Similar threads

Man
Protecting your email address from being forged. Why SPF, DKIM and DMARC don't work
Replies
0
Views
253
Man
Man
Man
Email address spoofing: how attackers impersonate others
Replies
0
Views
200
Man
Man
Man
Fighting Spam and Improving Deliverability: How to Ensure Maximum Effectiveness of Mass Mailings
Replies
0
Views
187
Man
Man
Father
Google vs phishing: the company changes the rules for sending emails
Replies
0
Views
152
Father
Father
Father
Protect your email from spam
Replies
0
Views
204
Father
Father
Back
Top