{"id":17364,"date":"2023-10-12T15:23:32","date_gmt":"2023-10-12T19:23:32","guid":{"rendered":"https:\/\/www.thesslstore.com\/blog\/?p=17364"},"modified":"2023-10-31T13:10:24","modified_gmt":"2023-10-31T17:10:24","slug":"google-yahoo-to-roll-out-new-email-authentication-spam-prevention-requirements-in-february-2024","status":"publish","type":"post","link":"https:\/\/www.thesslstore.com\/blog\/google-yahoo-to-roll-out-new-email-authentication-spam-prevention-requirements-in-february-2024\/","title":{"rendered":"Google &amp; Yahoo to Roll Out New Email Authentication &amp; Spam Prevention Requirements in February 2024"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\" id=\"h-starting-early-next-year-new-digital-identity-validation-and-spam-prevention-requirements-for-bulk-email-senders-will-kick-into-effect-are-you-ready\">Starting early next year, new digital identity validation and spam-prevention requirements for bulk email senders will kick into effect. Are you ready?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Does your organization send out emails to subscribers, customers, or prospects? Does that list include email addresses that end in \u201c@gmail.com,\u201d \u201c@googlemail.com\u201d or \u201c@yahoo.com\u201d? How about Google Workspace email accounts (i.e., those that don\u2019t end in the traditional @gmail.com\u201d)?<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you answered yes to any of those inquiries, then you should probably be aware of email security changes coming down the pike. Google and Yahoo have teamed up to start rolling out new email authentication and user rights requirements for bulk mail senders who send messages to Gmail account users.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">But what do these changes mean for your organization?<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Let\u2019s hash it out.<span id=\"newline\"><\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-to-know-about-the-new-requirements\">What to Know About the New Requirements<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/blog.google\/products\/gmail\/gmail-security-authentication-spam-protection\/\">Google announced<\/a> it would be implementing new bulk email protections for Gmail users starting in February 2024. The requirements span from enhancing message authentication to improving unsubscription capabilities. It\u2019s part of the company\u2019s continuing efforts to fight spam, which is greatly needed when you consider that it reports blocking \u201c<a href=\"https:\/\/blog.google\/products\/gmail\/holiday-season-scams\/\">15 billion unwanted emails per day<\/a>.\u201d <\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-this-effort-extends-beyond-google-and-is-poised-to-impact-the-email-community-at-large\">This Effort Extends Beyond Google and Is Poised to Impact the Email Community at Large<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">That\u2019s right \u2014 Google isn\u2019t alone in this initiative. According to the company\u2019s official statement: \u201cKeeping email more secure, user friendly and spam-free requires constant collaboration and vigilance from the entire email community.\u201d&nbsp;The announcement shares that other industry partners, including Yahoo, have committed to instituting new policies as well.&nbsp;<a href=\"https:\/\/blog.postmaster.yahooinc.com\/post\/730172167494483968\/more-secure-less-spam\">Yahoo also announced the initiative separately as well on its own blog<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Since <a href=\"https:\/\/workspace.google.com\/blog\/productivity-collaboration\/how-gmail-in-google-workspace-continues-to-innovate-and-delight-users\">Gmail is a part of Google Workspace<\/a>, which has more than 3 billion users, it\u2019s easy to see the potential reach of these changes. Because these requirements are built upon open standards, they\u2019re poised to benefit most email recipients \u2014 even those using other email service providers \u2014 when senders implement the necessary changes.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-who-the-new-requirements-will-apply-to\">Who the New Requirements Will Apply To<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">New requirements apply to <a href=\"https:\/\/support.google.com\/mail\/answer\/81126?hl=en#zippy=%2Crequirements-for-sending-or-more-messages-per-day%2Crequirements-for-all-senders\">all senders who send messages to Gmail account holders<\/a>. If you\u2019re sending <a href=\"https:\/\/support.google.com\/mail\/answer\/81126?hl=en#zippy=%2Crequirements-for-sending-or-more-messages-per-day\">5,000 or more messages to Yahoo or Gmail email addresses in a day<\/a>, then heads up \u2014 there are additional new requirements that will apply to you.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-the-three-new-email-security-requirements-entail\">What the Three New Email Security Requirements Entail<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The new changes boil down to three salient points for email senders:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-1-enable-email-authentication\">1. Enable Email Authentication<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Sending authenticated messages enables email security systems to successfully identify and block billions of scam and malicious emails and eliminate inbox clutter. Google states that for your emails to be trusted, senders must follow email security best practices. This involves implementing the traditional trifecta of authenticated email delivery:<\/p>\n\n\n\n<ol class=\"wp-block-list\" type=\"1\">\n<li><a href=\"https:\/\/www.thesslstore.com\/blog\/email-security-spf\/\">Sender policy framework (SPF)<\/a> prevents unauthorized users from sending messages from your domain.<\/li>\n\n\n\n<li><a href=\"https:\/\/www.thesslstore.com\/blog\/dkim-domainkeys-identified-mail\/\">Domainkeys identified mail (DKIM)<\/a> enables recipient servers to check whether messages received from your domain actually came from your organization, and<\/li>\n\n\n\n<li><a href=\"https:\/\/www.thesslstore.com\/blog\/dmarc-reporting-and-email\/\">Domain message authentication reporting (DMARC)<\/a> provides instructions for what to do with messages that fail SPF and DKIM.<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">Not sure whether your domain has any of these email security measures enabled? Check your domain using a DNS record-checking tool. For example, here\u2019s what it looks like when we ran a check on TheSSLStore.com\u2019s DNS txt records:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"685\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/10\/dmarcian-example-thesslstore-1024x685.png\" alt=\"An example screenshot of the DMARCian domain checker tool results for thesslstore.com\" class=\"wp-image-17365\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/10\/dmarcian-example-thesslstore-1024x685.png 1024w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/10\/dmarcian-example-thesslstore-300x200.png 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/10\/dmarcian-example-thesslstore-768x514.png 768w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/10\/dmarcian-example-thesslstore.png 1154w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: An example screenshot we captured when checking TheSSLstore.com\u2019s SPF, DKIM, and DMARC records using DMARCian.<\/em><\/figcaption><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-pro-tip-don-t-just-implement-spf-dkim-and-dmarc-use-bimi-and-vmcs-too\">Pro Tip: Don\u2019t Just Implement SPF, DKIM and DMARC\u2026 Use BIMI and VMCs, Too!<\/h4>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignright size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2020\/07\/vmc-phone.png\" alt=\"An example of how verified logos display when an organization pairs BIMI with a verified mark certificate (VMC)\" class=\"wp-image-12574\" style=\"width:413px;height:434px\" width=\"413\" height=\"434\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2020\/07\/vmc-phone.png 498w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2020\/07\/vmc-phone-286x300.png 286w\" sizes=\"auto, (max-width: 413px) 100vw, 413px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">Do you know what would be a great addition to this list of authentication and email security measures? Using brand indicators for message identification (BIMI) and <a href=\"https:\/\/www.thesslstore.com\/digicert\/verified-mark-certificate.aspx\">verified mark certificates (VMCs)<\/a>. This potent combination enables organizations to display their verified logos in recipients\u2019 inboxes so users can verify the authenticity of a message before clicking on it.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This would be especially fitting when you consider that <a href=\"https:\/\/www.thesslstore.com\/blog\/google-announces-bimi-and-vmc-support-for-increased-email-authentication-and-brand-trust\/\">Google announced its support of BIMI and VMCs<\/a> for greater email authentication and brand trust.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Now, we won\u2019t get into all of the details about those security tools here, but you can read more about them in our other blog posts:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.thesslstore.com\/blog\/verified-mark-certificates-the-bimi-standard-show-your-company-logo-in-your-customers-inbox\/\">Verified Mark Certificates &amp; the BIMI Standard: Show Your Company Logo in Your Customer\u2019s Inbox<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.thesslstore.com\/blog\/how-to-get-a-verified-mark-certificate-vmc-the-ultimate-guide\/\">How to Get a Verified Mark Certificate (VMC \u2014 The Ultimate Guide)<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.thesslstore.com\/blog\/how-can-i-brand-my-mail-use-a-vmc-and-bimi\/\">How Can I Brand My Mail? Use a VMC and BIMI<\/a><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link has-central-palette-2-background-color has-text-color has-background wp-element-button\" href=\"https:\/\/www.thesslstore.com\/digicert\/verified-mark-certificate.aspx\" style=\"border-radius:3px;color:#ffffff\">Shop Verified Mark Certificates<\/a><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Alright, let\u2019s get back to Google\u2019s list of new bulk email requirements.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-2-make-unsubscribing-easy-for-users\">2. Make Unsubscribing Easy for Users<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">No one wants to waste time figuring out how to unsubscribe from unwanted emails. Now, all bulk senders must give more control to email recipients via the unsubscribe option. According to Google\u2019s blog post:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\"><em>\u201c[&#8230;] we\u2019re requiring that large senders give Gmail recipients the ability to unsubscribe from commercial email in one click, and that they process unsubscription requests within two days. We\u2019ve built these requirements on open standards so that once senders implement them, everyone who uses email benefits.\u201d<\/em><\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-3-keep-spam-complaints-lower-than-0-1\">3. Keep Spam Complaints Lower Than 0.1%<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">This last requirement is probably the most notable of the bunch. This approach aims to prevent users from being spammed with unwanted or irrelevant messages by implementing a spam rate threshold requirement. Okay, that\u2019s cool, but you may wonder why it\u2019s a big deal. This is because <a href=\"https:\/\/support.google.com\/mail\/answer\/81126?hl=en\">Gmail\u2019s current email sender guidelines<\/a> <em>recommend<\/em> keeping spam complaints below 0.1% (no more than 0.3% for \u201cany sustained period of time\u201d), but it\u2019s just that \u2014 a recommendation that many senders have ignored.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Starting in February, it\u2019ll no longer be a recommendation; rather, it\u2019ll be an enforced requirement. So, if you want to have any hope of your messages reaching recipients\u2019 inboxes, you\u2019d better get started on meeting these requirements now.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To learn more about these three requirements, check out Google\u2019s <a href=\"https:\/\/support.google.com\/mail\/answer\/81126#zippy=%2Crequirements-for-all-senders\">requirements for all senders<\/a> and its additional <a href=\"https:\/\/support.google.com\/mail\/answer\/81126#requirements-5k&amp;zippy=%2Crequirements-for-sending-or-more-messages-per-day\">requirements for sending 5,000 or more messages per day<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-why-bother\">Why Bother?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">According to Google\u2019s blog post, after implementing other email authentication requirements last year, 75% fewer unauthenticated messages made it into users\u2019 inboxes. But more can be done to combat the ever-increasing number of phishing and malicious messages being sent each day.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you\u2019re a large email sender, then you should begin implementing changes now ahead of the upcoming holiday season. This way, you don\u2019t get caught off-guard with other end-of-year priorities and allow this change to fall by the wayside.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you decide you want to up your email security game or have questions about how to get a VMC to display your organization\u2019s verified logo in recipients\u2019 inboxes, <a href=\"https:\/\/www.thesslstore.com\/digicert\/verified-mark-certificate.aspx\">get in touch with one of our email security specialists today<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Starting early next year, new digital identity validation and spam-prevention requirements for bulk email senders will kick into effect. Are you ready? Does your organization send out emails to subscribers,&#8230;<\/p>\n","protected":false},"author":17,"featured_media":17367,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[13107,17,10200],"tags":[7970,13255,222],"class_list":["post-17364","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-beyond-hashed-out","category-industry-lowdown","category-monthly-digest","tag-email-security","tag-gmail","tag-yahoo","post-with-tags"],"views":12088,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/10\/gmail-yahoo-mail-feature.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/17364","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=17364"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/17364\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/17367"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=17364"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=17364"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=17364"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}