typing on a computer

Gmail and Apple begin enforcing stricter email requirements for delivery.  Are you in compliance?

With 90% of email users worldwide now getting their email through Gmail, Apple, or Yahoo, the new deliverability standards announced by the three email giants last year are kind of a big deal. Now that enforcements have begun, organizations that don’t meet the new standards are hurrying to get in compliance and keep their messages going through to customers using these email providers.   

Who is affected by this? The short answer is, all senders. Starting in February of 2024, some email authentication protocols that used to be optional are now mandatory even for low volume senders and additional authentication is required for bulk senders.    

This means that all senders to Gmail or Yahoo addresses need to have Sender Policy Framework (SPF) or DomainKeys (DKIM) email authentication in place for their domain at a minimum and to keep complaint rates below 0.10% on average. Google also requires all senders to use a TLS connection for sending email and to format messages in compliance with the Internet Message Format standard RFC 5322.    

For bulk senders to Gmail, Apple, and Yahoo addresses, you will also need to have a Domain-based Message Authentication Reporting and Conformance (DMARC) policy in your DNS records in addition to both SPF andDKIM. Google defines bulk senders as those who email over 5,000 messages per day. Those senders should also have a PTR record for their sending IPs and a clearly visible unsubscribe link within every email. Yahoo goes further by requiring bulk senders to include a one-click unsubscribe link in emails by June of 2024.    

Fortunately, enforcements are being rolled out gradually so only a small percentage of non-compliant messages are being rejected for now. But as enforcements ramp up progressively, email deliverability will go down over time which can ultimately impact sales and customer relationships. On the other hand, putting these authentications in place now will also boost inbox placement across the board for messages sent to all email providers.   

If your organization hasn’t implemented all the authentications to meet the new standards, you’re not alone. With the lack of publicity around the announcement last October, many companies are just learning about the changes now. For companies that still need to bring their domains up to compliance, this is something that can be handled quickly by an expert in email security and deliverability. Not only can they review your DNS records and update your authentications, they can also alert you to potential security vulnerabilities in your email infrastructure and identify configuration issues affecting deliverability, user experience, or employee productivity.

Contact us to learn more and schedule a Tech Heads expert to cross this off your list.