Explore these pages to discover how DigiCert and its partners are helping organizations establish, manage and extend digital trust to solve real-world problems.
See what our global post-quantum study uncovered about where the world stands in the race to prepare for quantum computing.
Citing continued efforts to detect and block unwanted inbound emails, Google and Yahoo announced plans to enlist email senders in the fight against malicious and unwanted messages. Both email service providers (ESP) will begin requiring bulk email senders to implement measures that make it harder for bad actors to spoof domains and easier for Google and Yahoo to detect domain spoofing.
The new requirements take effect in February 2024, but let’s face it—these are measures bulk senders should already be taking. Here are the highlights and what you should do.
The new policies affect bulk senders who send mail to Gmail or Yahoo accounts. Google will have additional requirements for organizations that send more than 5,000 daily messages to Gmail accounts. Yahoo does not make any such distinction in the details they provide.
Google and Yahoo will require bulk email senders to configure email authentication records for their sending domains. In more arcane terms, this means setting up SPF, DKIM and DMARC (we’ve written about these before). You do not have to enable DMARC enforcement now, but both Google and Yahoo encourage it, and we can safely assume they’ll require DMARC enforcement soon.
This is obvious. Don’t make users jump through a bunch of hoops to opt-out. Google and Yahoo both mention One Click Unsubscribe as the required definition of “easy unsubscribe.”
Both mailbox providers will enforce a threshold for reported spam rates, above which they will block messages sent from your domain. You can deduce a lot of high-level guidance from this requirement:
Sound governance of your email database: Monitor hard bounces, honor subscription preferences and confirm opt-in for folks that haven’t engaged.
Isolate sending infrastructure: Avoid sending marketing emails from the same systems you use for individual email and transactional emails.
Send good content: It’s easy to succumb to the tyranny of lead-gen KPIs; respect your audience’s intelligence and don’t send fluff.
There’s so much more you can do to keep spam complaints to a minimum and maintain healthy delivery rates. Your IT and marketing operations teams can help.
These moves by Google and Yahoo create a shared responsibility model between email senders and mailbox providers. February will be here before you know it. The seasonal pause on IT changes typically seen in retail and e-commerce will make these industries especially squeezed for time. Get started now by checking the stats of your domain authentication records using this online tool from Valimail.
If you’re already enforcing DMARC, consider amplifying your authenticated domain with a DigiCert Verified Mark Certificate (VMC), which displays your brand logo before recipients open the message. Doing so is the payoff for going through the diligence of configuring SPF, DKIM and DMARC.
Thank you for being proactive and doing your part to keep inboxes a little less cluttered.