Gmail & Yahoo Sender Requirements: 9 Recommendations You Need to Know


In a joint announcement released on October 2023, Google and Yahoo announced new requirements for bulk email senders. These requirements enhance the user experience and elevate previously considered best practices into current mandatory standards.  

According to Google, the purpose of these standards is to "enhance the security and reduce spam in your (the end user's) inbox." If your organization sends 5K+ emails a day to Gmail or Yahoo accounts, this applies to you – and you need to be sure you comply with the new requirements as these changes will be enforced starting in February 2024. While Google and Yahoo have identical requirements, Google has explicitly outlined the parameters to determine who is impacted by these requirements.  

Regardless of your current email volume, our recommendation is to implement the 9 following guardrails: 

  1. Set up SPF or DKIM email authentication for your domain
    Sender Policy Framework (SPF) and DKIM (Domain Keys Identified Mail) are two key components to authenticating your emails, as they specify which email servers are allowed to send emails on behalf of your domain. You likely set up SPF and DKIM records when you activated your marketing automation platform. If you aren’t sure whether this step was done, you can leverage this external tool to verify an SPF or DKIM record is published.  
  2. Ensure that sending domains or IPs have valid forward and reverse DNS records, also referred to as PTR records  
    In other words, you’ll need to confirm that sending domains or IPs have valid forward and reverse DNS records (PTR records).  Utilize Google’s Admin Toolbox Dig tool for a comprehensive check.  
  3. Keep spam rates below 0.3% 
    Google introduced a new industry requirement by announcing they are enforcing a spam rate threshold that bulk senders must stay under. In a webinar presented by Validity, Marcel Becker, Yahoo’s Senior Director of Product Management, recognized that if your spam rate is usually under 0.3% and you suddenly experience a spike, Yahoo won't penalize you. This underscores the significance of keeping the spam rate below 0.3%.  
  4. Format messages according to the Internet Message Format standard (RFC 5322) 
    This necessitates that your emails conform to the standard formats of the Internet, including headers, the body, and attachments. This means you’ll need to ensure conformity to standard internet protocols, including correct HTML formatting and clear sender information. Many marketing automation platforms, such as Marketo, require defining a 'from' name before approving an email for deployment.  
  5. Don’t impersonate Gmail From: headers  
    Steer clear of impersonating Gmail From: headers, as Gmail plans to enforce a DMARC quarantine policy, impacting delivery rates for such senders. This includes headers like "From:" 
  6. If you regularly forward email, including using mailing lists or inbound gateways, add ARC headers to outgoing email  
    ARC headers indicate the message was forwarded and identify you as the forwarder. Mailing list senders should also add a List-id: header, which specifies the mailing list, to outgoing messages. This requirement is relevant for a limited group of senders. In cases where your organization frequently forwards emails, Gmail mandates the addition of an Authenticated Received Chain (ARC) header to your emails to designate your organization as the message forwarder.
  7.  Set up DMARC email authentication for your sending domain. Your DMARC enforcement policy can be set to none  
    As SendGrid put it, “the requirement is to publish a DMARC record, but the record doesn’t have to be at enforcement (p=reject or p=quarantine).” It is required to create a DMARC policy with p=none. Essentially, Gmail acknowledges the complexity of setting up a DMARC policy at scale and encourages bulk senders to “set up DMARC reports so you can monitor email sent from your domain, or appears to have been sent from your domain.” Publishing a DMARC record offers the added advantage of enabling the display of a BIMI logo, which helps build trust with your audience.  
  8. Ensure DMARC Alignment for Direct Mail 
    For direct mail, the domain in the sender's From: header must be aligned with either the SPF domain or the DKIM domain – this is required to pass DMARC alignment. There are strict alignment rules that should be considered and can be complex. Refer to Google’s blog post from to clarify those scenarios.  
  9. Enable One-Click Unsubscribe for Marketing Messages  
    Google specificized that “It should take one click” for users to unsubscribe from unwanted commercial emails. While there’s been some discussion on what “one click” means, Adobe clarified that “Google and Yahoo are not talking about the unsubscribe links in your email body or footer that might be clicked on by a security bot just doing its job or by accident. What they mean is the List-Unsubscribe header functionality for either the “mailto” or “http/URL” versions.” Essentially, this provides the end user with a second method to opt-out from the top of your email. Additionally, unsubscribe requests should be processed within 2 days, which differs from the CAN-SPAM requirement of processing requests at least 30 days after you send your message and honoring requests within 10 business days.  

These measures ensure the scalability of future communications without disruption of your messages so they reach your intended audiences.  

So, now that you know the requirements and the recommendations to implement them, what should your next steps be to ensure you are meeting the new standards? Here’s what we recommend: 

  1. Audit your domain and marketing automation platform’s architecture. This process entails examining email authentication and security, assessing email formatting, and evaluating subscription management procedures.  
  2. Based on the results of your audit, develop an action plan for implementing changes. Note that some of these changes require technical assistance.  
  3. Utilize deliverability or postmaster tools to continuously monitor and receive alerts for any negative indicators. Some alerts we recommend setting up are:  
  • Spam complaints 0.3%  
  • DMARC usage  
  • Gmail missing 5%  
  • Yahoo missing 5%  
  • Monitor spam trap hits  

We also recommend you future-proof your email marketing and messaging strategy by following these steps:  

  1. Adjust your content and refine your mailing lists in response to negative signals from ongoing monitoring.  
  2. Publish a BIMI logo to increase brand recognition, engagement, and build trust with your audience.  
  3. Update your preference center and unsubscribe pages to ensure that the expectations regarding the timing and purpose of communications are clearly defined.  
  4. Segment operational and marketing emails on different IP addresses each with its own DKIM, to safeguard the delivery rates of your marketing communications.  
  5. Start planning on how to evolve your DMARC policy with p=quarantine and p=reject settings.  

Adhering to Gmail and Yahoo’s new requirements will continue to evolve with the needs of its users. Acting now will help reduce any negative impact your organization may experience and build a solid foundation for continued inbox placement for your audiences. By following these recommendations and adhering to the updated standards, you’ll be setting up your bulk email senders for success.