New Email Deliverability Rules (authenticating your domain)

Google and Yahoo have new rules for accounts that send more than 5,000 emails per day.

The new email deliverability rules set by Google and Yahoo, which are coming into effect in February 2024, have several implications for businesses of all sizes, including smaller businesses with email lists under 5,000.

These rules focus on improving email security and reducing spam, and they include requirements for email authentication and unsubscribe options.

Of the photographers we’ve worked with, only a handful of them are sending out newsletters or other mass email to that number of subscribers. The one area where this might apply to most photographers, is their CRM.


If you’re using your CRM’s email servers to send your clients messages, you will likely have to add this authentication.

Email Authentication

Both Google and Yahoo now require senders to authenticate their emails using standards like SPF, DKIM, and DMARC. SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) are email authentication methods that help prevent your emails from being flagged as spam. DMARC (Domain-based Message Authentication, Reporting & Conformance) is a policy that helps prevent email spoofing and phishing attacks. For businesses sending over 5,000 emails per day, DMARC is not just recommended but necessary. However, even for smaller businesses, implementing these authentication protocols can improve email deliverability and security​.

Unsubscribe Options

The new rules require that all marketing emails include an easy one-click unsubscribe option. This can be beneficial for businesses as it helps maintain a more relevant and engaged subscriber list, and reduces the likelihood of emails being marked as spam. For small businesses, ensuring that their email service provider supports this feature and that it’s activated in their email campaigns is essential​.

Spam Complaint Rates

Google and Yahoo have set maximum spam complaint rates at 0.3%. This means that if the rate of spam complaints for your emails exceeds this threshold, it could negatively impact your deliverability. Monitoring and maintaining low spam rates is crucial for all businesses, irrespective of the size of their email list​.

You can sign up for Google Postmaster Tools here to monitor your domain’s spam complaints:

Separation of Sending Domains

For small businesses sharing a server or email service with other users, it’s important to ensure that your “From:” header aligns with your domain and not a shared domain. This compliance is necessary for DMARC alignment and helps in maintaining the reputation of your individual sending domain​.

Don’t Impersonate Gmail with your “From:” Header

If you have your contact form setup to send emails (we use Elastic Email via Cloudways), don’t use a Gmail email address in your “From:” header. This will be blocked. Instead, it’s time to verify your own domain and use that!

Separation of Transactional Email from Newsletter/Communication

If your website/server sends a significant number of transactional emails (contact form submissions, store receipts, new user emails, password resets, etc), it would be best to separate those to a different server. Most photographers don’t need to worry about this, but it’s worth noting!

Differences between All Senders and Bulk (5k+) Senders

RequirementAll SendersBulk Senders (5,000+ Emails / Day)
Email AuthenticationSet up SPF or DKIMSet up both SPF and DKIM
DNS RecordsValid forward and reverse DNS (PTR) recordsSame as all senders
TLS ConnectionRequiredRequired
Spam RatesKeep below 0.10%; avoid reaching 0.30% or higherKeep below 0.10%; avoid reaching 0.30% or higher
Impersonation of Gmail HeadersNot allowedNot allowed
DMARC Email AuthenticationNot specifiedRequired (can be set to ‘none’)
One-Click Unsubscribe for Marketing MessagesNot specifiedRequired

Setting This All Up

You need to make a few DNS records, or possibly modify existing.

Google has a tool to check your DKIM / SPF inside the Google Workspace Admin Toolbox. It’s called “Check MX”, just click “run checks”.

These records won’t have any effect on your site or email service being interrupted, but you’ll want to use a testing tool to make sure they’re correct once you’ve finished.

SPF Record

This is a TXT record that defines which mail servers can send mail for your domain. If your DNS record requires a Name, use @.

Google’s SPF record as an example:

v=spf1 ~all

Tave’s SPF record:

v=spf1 a mx ?all

Merging Two SPF Records

If you also have a transactional email server, like Elastic email, they will give you their own SPF.

v=spf1 a mx ~all

Don’t make a separate record, just use the part that starts with include and then lists the servers you’re allowing.

The combined record for Google and Elastic Email would look like this:

TXT @ v=spf1 a mx ~all

DKIM Record

If you’re using Google, you’ll need to generate a DKIM key by going to the “authenticate email” option in the Workspace menu. Other email providers will provide this as well.

This is a TXT record as well. This TXT record uses a specific name/host, other than @. I’ll use Elastic Email as an example:

Type: TXT

Name/Host: api._domainkey

Value: k=rsa;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbmGbQMzYeMvxwtNQoXN0waGYaciuKx8mtMh5czguT4EZlJXuCt6V+l56mmt3t68FEX5JJ0q4ijG71BGoFRkl87uJi7LrQt1ZZmZCvrEII0YO4mp8sDLXC8g1aUAoi8TJgxq2MJqCaMyj5kAm3Fdy2tzftPCV/lbdiJqmBnWKjtwIDAQAB

You can have a separate DKIM record for each email service you use, as long as the Name/Host is different.


This is somewhat optional, but highly recommended. You only need this record once and it doesn’t change if you have multiple email servers verified. (This is the most simple setup, it won’t send you any reports)

TXT _dmarc v=DMARC1; p=none;

A Note on Google Domains (Squarespace Domains)

Do you remember that super easy one click integration with Google Workspace? Well, unfortunately, they don’t allow you to modify any of the existing records created by that integration.

If you need to add SPF records for additional mail servers, you’ll need to delete your entire set of DNS entries related to Google Workspace and recreate them all manually. Not fun!

I like to take a screenshot before making any changes, just in case.

More Reading:

Flodesk’s help article:

Tave’s article on setting up SPF:

How to set DNS via Cloudflare:

How to add SPF via Bluehost:

How to add SPF on GoDaddy:

Adding SPF on Wix:

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *