Google + Yahoo’s new sender requirements: how to optimize your strategy

By now, you’ve probably heard about Google and Yahoo’s new sender requirements.

And they may be making you sweat. But take a deep breath—we’ve got good news.

First, there’s no rush. That’s right, you can keep your focus on BFCM. None of these changes will take place until Q1 of 2024. (In fact, we recommend that you don’t take action on any of this until after BFCM.)

Second, the requirements are good for your customers, good for your deliverability score, and chances are, you’re already doing most of it.

Shane McElroy, product manager at Klaviyo, emphatically agrees: “The upcoming requirements have long been recommended by inbox providers as best practices. By moving from recommendation to enforcement, Google and Yahoo are making it clear that proper authentication is essential for email marketing success.”

“Meeting these requirements will make it easier for inbox providers to identify you as a legitimate sender, which in turn will make it easier than ever for you to reach your subscribers,” he continues.

Quick note: Because Google’s requirements are stricter—once you meet those, you’ll also meet Yahoo’s—we’ll walk you through Google’s in this article.

Let’s start with some basics.

Who needs to make changes? Everyone—especially bulk senders

Google has a new set of requirements for all senders, and some extras for bulk senders—those who send 5k or more emails to Google accounts per day.

If you’re not sure if you meet that 5k threshold, here are some guidelines:

• Google will include personal accounts ending in @gmail.com and @googlemail.com.
• All traffic from a given sender will count towards that 5k threshold, including transactional emails.

So, you may be closer to that 5k threshold—and qualifying as a bulk sender—than you realize.

To ensure deliverability success for our customers, Klaviyo is enforcing Bulk Sender requirements for customer accounts with at least 5k emailable profiles. While some accounts above that threshold do not yet send 5k+ daily messages, as your business continues to grow, we want to make sure you’re in compliance for when that day comes.

Now, let’s take a look at what the changes are and what you can do to prepare.

3 big new requirements to plan for

There are 3 main requirements that you’ll need to satisfy if you meet the bulk sender threshold:

1. Set up DMARC authentication for your sending domain

This new requirement is a great one to get ahead of (but, to re-emphasize, not before BFCM is in your rearview mirror).

You can set up DMARC authentication for your sending domain in your DNS provider yourself, and you can take care of it at any time. Your DMARC enforcement policy can be set to none, and Google has some specific guidelines to set your brand up for success.

Keep an eye out for a tutorial (coming soon!) from Klaviyo Academy.

Lauren Del Vecchio, manager of global email deliverability at Klaviyo, shares a tip on DMARC: “Configuring DMARC p=none is a great first step to analyze mail streams using your domain and working towards DMARC enforcement.”

2. Align your “From:” header with your domain

If you’re a bulk sender, you need your own sending domain—you can no longer use a shared domain. And the domain in your friendly “From:” header (what your subscribers see in their inbox) has to align with your sending domain in order to be compliant with DMARC alignment.

If your account is making use of an info@domain.com “From” address, it’s already aligned with a send.domain.com dedicated sending domain. So, you don’t need to update your “From: address” to something like info@send.domain.com.

This goes for both marketing and transactional emails.

Note: While you won’t be able to use a shared domain, you don’t need a dedicated IP—using a shared one is still OK.

For a deeper understanding, visit Klaviyo Academy’s action plan for meeting the requirement.

3. Make unsubscribing easier and clearer

This requirement is actually two:

1. Your marketing emails must include a method to unsubscribe in just one step.
2. There must also be an unsubscribe link in the message body—but that link does not have to be one click to unsubscribe.

“If it’s difficult for your recipients to unsubscribe, they’re more likely to mark your emails as spam, which damages your deliverability reputation,” McElroy points out.

It’s true—a clearly visible unsubscribe link and a short journey to no longer receive marketing messages are best practices. So, if you need to get compliant on this point, know that your deliverability score, sender reputation, and engagement with customers is likely to improve once you’ve got it in place.

Klaviyo will implement a “list unsubscribe header”—instructions to Gmail and Yahoo to provide an unsubscribe link at the top of the email—beginning before February 1, 2024. This will satisfy the “one click to unsubscribe” requirement, automatically apply to all marketing emails built in Klaviyo, and brands won’t need to configure anything.

Requirements for all senders

If you send to Google email accounts at all—even if you don’t regularly send 5k messages or more a day—you’ll need to meet some new requirements.

Keep your spam rates low

You probably try to keep your spam complaints as low as possible already to avoid the spam folder—now you’ll need to keep them under 0.10%. You can use Google’s Postmaster Tools to monitor your spam complaint rates.

“Keeping spam complaints low has always been a deliverability best practice. This new requirement gives senders crystal clear guidelines and the tools you need to take full control over your sending reputation,” shares Del Vecchio.

Don’t impersonate Gmail “From:” headers

This one should only impact you if you’re an entrepreneur just getting started. If you don’t yet have your own domain and you use gmail.com or googlemail.com in your friendly “From:” address, your email will end up in the spam folder.

So, if you’re thinking of getting your own domain, it’s worth investing in before February 1, 2024.

Del Vecchio sees this requirement as 100% positive:

“Ultimately,” she says, “this is a great chance to build your brand’s reputation with inbox providers and recognition with your customers.”

Are there any other new requirements?

There are also a handful of new requirements that, if you’re using Klaviyo, you don’t need to worry about, as we’ve already taken care of them for you.

Those are:

• Setting up SPF and DKIM email authentication for your domain
• Ensuring your sending domain and IP has valid forward and reverse DNS records
• Formatting messages according to the Internet Messaging Format standard

New sender requirements FAQs

Here are some frequently asked questions (and answers) about the new sender requirements.

When will the new requirements be enforced?

Google has said that they will start enforcing the new requirements starting February 1, 2024, while Yahoo hasn’t specified beyond Q1 of 2024.

Will transactional messages also need to have 1-click unsubscribe links?

No, 1-click unsubscribe links are not required for transactional emails. With marketing emails, Klaviyo will automatically add these links for you, but in transactional emails, they’re not necessary.

Who will these changes affect?

These changes are positive for everybody: your subscribers will have a cleaner, less spammy inbox, your deliverability score is likely to go up, and the requirements will keep you following email marketing best practices.

What is a friendly “From” address?

This is simply the “From” address that most people are familiar with. It usually includes the email account name and the company email address.

What is a DNS provider? How can I look mine up if I don’t know it?

DNS providers—also called “registrars,” “web hosting,” or “domain hosting” companies—are the entities that allow you to add DNS records.

Typically, your domain is hosted by the company that you bought the domain from. Popular domain vendors include GoDaddy, Namecheap, and hostgator. If you’re not sure of yours, use MXToolbox DNS Lookup tool to find out.

Can brands choose to work with a DMARC vendor?

Brands can work with third-party DMARC vendors like Valimail, dmarcian, and MXToolbox to authenticate their domains. This is a good option for brands with limited technical resources or bandwidth to manage their DMARC policy on their own, or for brands with large email streams spanning across multiple vendors.

What if my domain’s DMARC policy is already at enforcement?

If your domain’s DMARC policy is at p=reject or p=quarantine, you don’t need to move to p=none. Your domain is already at the stricter policy. p=none is the minimum requirement.

Do emails sent outside of Klaviyo need to be DMARC authenticated?

It’s best to confirm with the other external provider directly. Generally, if those emails are using the same from address as emails sent from Klaviyo, they would need to have a dedicated sending domain that matches their “from” address.

Do brands need to set up reporting by adding a “rua” tag to their DMARC record?

No, it is not required at this point. However, Gmail and Yahoo have strongly recommended setting up DMARC reporting. To be proactive, set up reporting in your DMARC policy by setting a “rua” tag with a valid email address to receive these reports. For example, “rua=mailto:dmarc-reports@mybrand.com.”

Before adding a rua tag, make sure you swap out the placeholder email address above “dmarc-reports@mybrand.com” with an email address that is prepared to receive DMARC reports. Once the DMARC record is published, then that inbox will begin to receive DMARC reports in .xml format. These reports are difficult to read, so there are services that you can employ to process them and present the information in an insightful way.

How do I interpret the DMARC reports that were sent to me?

DMARC vendors such as dmarcian, EasyDMARC, or Valimail can help you. Typically, they will have you change your “rua” tag to redirect your DMARC reports to them and they will process the raw xml report into something that is much easier to understand. If you wish to set up reporting we strongly urge you to work with a vendor to process those reports.

Can I get help in a live session?

Yes, Klaviyo is offering office hours to help get you up to speed on the new requirements. These sessions will explain the new requirements and how they’ll impact brands. We’ll also have deliverability experts on hand to help answer your questions. Sign up for a session here.