New Email Marketing Requirements

Google and Yahoo announced new requirements for email “bulk senders” last year. They will start enforcing new requirements on February 1, 2024.

*Please note I'm offering my take on these requirements... please do your own due diligence from your email marketing platform and other resources to make sure you are meeting the requirements you need to meet for your business and situation.

How are these requirements going to work?

Google and Yahoo are out to protect their free inboxes. Email delivered to gmail.com or yahoo.com email addresses will need to follow these requirements or have their emails marked as spam.

Google initially said it would apply these requirements to email delivered to its Google Workspace inbox clients as well, but have walked that back at this point. Will it eventually come back? No telling, but better to be prepared.

What happens if you don't meet the requirements?

Google says they will start sending emails that don't meet the requirements to spam.

Does that mean that all your emails will immediately go to spam in Google and Yahoo emails if you don't meet the requirements by the deadline?

Google says no. It says the implementation will happen slowly, with errors on some of the email that doesn't meet the requirements. This is to give senders a chance to correct any issues.

In April, Google says they will move from error codes to rejecting emails that don't meet the requirements, and they will increase the rate of emails they reject over time.

Is this something you need to worry about?

If you send marketing emails, my recommendation is yes.

Google has divided its requirements into those who send more than 5,000 emails a day and those who send less.

However, the ConvertKit webinar that I watched recently mentioned that you’re only a viral post away from having your subscriber list blow up, and I agree.

Honestly, I ignored the whole thing, thinking it didn't apply to me since I had less than 5,000 subscribers, until I watched the webinar.

Now, I think differently.

I am going to consider all the new requirements as best practice for any email marketer.

Also, the timing of some of these requirements is phased over the next few months. Again, I'm going to get them in place as quickly as I can for myself, so that I'm prepared.

What about other types of email?

People are asking about other types of email besides marketing messages, such as transactional messages for e-commerce, etc.

I'll repeat that to me, these are best practices to help the world of email that's drowning in spam and fraudulent messages.

I'd implement the requirements as quickly as possible for your business.

What are the requirements?

Use an authenticated domain to send emails
Keep your spam rates low
Make it easy to unsubscribe
Send emails users want to receive
Only email people who have opted in to your emails

That’s a lot, so let’s go through them one by one.

1. Use an authenticated domain

This one sounds like Greek to a lot of people. Let’s pick it apart.

First, use a domain email to send marketing emails.

A domain email is an email address from a domain that is registered to you.

You’ll need an email address that looks like [[email protected]] which means having a registered domain and an email host for that domain.

That means that free emails are not going to work well - maybe at all- for sending marketing emails.

This is an email address like:

[email protected]

If you don’t have a domain registered or domain email set up yet, that’s step 1 and 2.

My favorite domain registrar is Namecheap, if you want a recommendation.

Email hosts options - sometimes your website host will offer both domain registration and domain email hosting.

Google Workspace is a popular option.

Other options are Namecheap and Zoho, but they can be trickier to manage without some technical knowledge. Protonmail is another option, but again, can be tricky to get to work with popular email clients like Outlook.

The next part is use an authenticated domain.

What does this mean?

"Authenticated" means the domain you are sending from is valid and verified.

If your domain is NOT authenticated, then the email you send could be from someone harmful - the recipient can't be sure of who is sending the email!

Spoofing, phishing, spam, and other fraudulent email is at record levels.

One way to send harmful emails is by using someone else’s email address to send those emails. Domain authentication is intended to prevent these types of emails.

If your domain is authenticated, then Google and Yahoo can be assured that you are really sending those emails and they are not harmful.

What are these types of authentication?

There are three types of authentication. SPF, DKIM, and DMARC.

Google differentiates between which ones are required and when that requirement is phased in.

I say, if you're going to have to go through the process, do them all at once.

Also, Google and Yahoo say that only high-volume senders need to have all three. Low-volume senders only need to have either SPF or DKIM. Again, I say - you can be high-volume quickly without realizing in this world of viral posts.

One more bit of nuace: most email marketing platforms have DMARC records with p=none. All that means is that by setting that record in place, you can see all the emails being sent from your domain - and make sure they are all YOU.

Google and Yahoo intend to have high-volume senders increase their level of security for DMARC over time.

What that means is that high-volume senders will need to continue to keep an eye on the requirements. This is not a "one-and-done" deal.

How do I know if my domain is authenticated?

You can use this website's checker: dmarcian.com

You'll get a result that looks like this:

Note that getting a result like this means your domain is authenticated with all 3 authentication standards, even with the "red X" by DMARC. It DOES have a DMARC policy in place.

So how do you authenticate your domain?

For email marketers:

You connect your email marketing platform to your domain using something called DNS records.

Your email marketing platform will have the records that you need to put in place. (ConvertKit, Mailerlite, Mailchimp, Brevo, AWeber, Flodesk, etc)

You take those records and add them to your DNS (Domain Name System) records on your domain host. This may be where your domain is registered or just where your DNS is managed.

(What is DNS: DNS is how humans interact with the internet using domain names that are easy to remember. The internet actually runs on IP Internet Protocol) addresses that we humans would have a hard time remembering or recognizing.)

When the records from your email marketing platform are added to your domain’s DNS, then the link between your email marketing and your domain is established - and your domain is authenticated.

Your emails can be validated as coming from a trusted source, your verified domain.

If you’re not familiar with DNS records and a bit hazy on where they might be located, here are some resources:

Where to manage your DNS records (look for Name Server):
Builtwith.com

Again, here's the link to check your domain authentication:
dmarcian.com

Ok, another question - what if your domain, your email marketing, and your website are all on the same platform, like Shopify or Wix?

That’s fine, you’ll still need to find out what DNS records the email marketing side requires and add them to the DNS records for your domain, you’ll just do it all on that one platform.

Steps for authenticating your Domain

Register domain (if needed)
Domain email address setup
Check domain authentication: dmarcian.com
Check DNS management if you're not sure where your DNS is: Builtwith.com
Log into email marketing platform to get DNS records
Log into domain host for DNS management
Add DNS records to domain host
Wait at least 5 minutes (but up to 24-48 hours)
Check your email marketing platform for domain validation if there is a domain validation check available
Check domain authentication again
*Note that if you have DMARC in place, you may still get a "red x" - you can ignore it as long as it says that your domain has a valid DMARC record.

Will you do it for me?

Before we move on the the other requirements, which hopefully are slightly clearer than mud, I can see somebody waving a hand in the back asking if they can just hire me to do it for them already??

And I'm sorry, no, I don't offer this as a done-for-you service.

Done with you (me)

I do offer 1-hour consultations if you'd like a done-with-you version.

If you’d like to update your DNS records but you're a bit nervous, you can schedule a 1-hour consultation and I'll look over your shoulder while you do it.

Here's the link to my calendar, it's $125 for an hour.

Also, if you’re just lost and would like to ask me questions, 1:1, I’m happy to have you book an hour and I’ll help you get started.

Done for you (other people)

If you would like for someone to just do it for you - dmarcian.com has some done-for-you services you can check into.

Also, Stacy Clements at milepost42.com has a done-for-you service. Here's the blog post where she gives you the link to her service.

Ok, moving on - here are the rest of the new requirements.

2. Keep your spam rates low

Next is keeping your spam rates low - less than 0.1%. This is best practice, you only want to be sending to people who want to hear from you.

Your spam rates, by the way, are the percentage of your emails that recipients complain about or mark as spam.

How do you know what your spam rate is?

Google offers Postmaster Tools that you can sign up for to help with that. You add your domain and it starts tracking the email you send with that domain. It keeps track of the spam rates and other domain reputation metrics.

There’s one caveat though - if you don’t send ENOUGH email - you might not have enough data for your spam rate to even register on Postmaster Tools.

With my tiny email list, this is me at this point, by the way.

In that case, make sure you’re following best practices for keeping your email list cleaned up and your deliverability high. You can check with your email marketing platform to find out their recommendations for better deliverability.

Here’s the link for Postmaster Tools: https://postmaster.google.com/

3. Easy unsubscribe

Google wants people to be able to unsubscribe quickly and easily. Most email providers offer the ability to put unsubscribe links in your emails, and this is definitely best practice.

However, Google wants one-click unsubscribes in your email HEADERS - what does that mean?

It's something that your email marketing platform will provide, not something you can do on your own. So just make sure you check with your provider if you have any questions.

4. Send emails subscribers want

This seems like a bit of a no-brainer, but it kinda goes back to why you have an email list in the first place, and letting people know what to expect.

If you told them you would have a monthly email but start sending daily emails on a subject not related to what they signed up for, you’re likely going to have frustrated subscribers.

While most subscribers expect you to market to them, think about the relationship you are building with them, rather than just selling to them all the time.

Consider what adds value and be sensitive to what they are looking for from you.

5. Only email people who want to hear from you

Also, hopefully the norm nowadays, but only email people who have let you know they want to hear from you.

There’s a bit of debate about single or double opt-in. Single opt-in allows people to subscribe by hitting a button or clicking a link, and they are in! Double opt-in requires people to click subscribe to an initial email that checks if they really want to receive your emails.

I prefer double opt-in - fewer subscribers but more interested in what I send. Other people prefer single opt-in - less friction for their subscribers.

Ok, that's the end of the requirements!