New Email Deliverability Rules (authenticating your domain)
Google and Yahoo have new rules for accounts that send more than 5,000 emails per day.
The new email deliverability rules set by Google and Yahoo, which are coming into effect in February 2024, have several implications for businesses of all sizes, including smaller businesses with email lists under 5,000.
These rules focus on improving email security and reducing spam, and they include requirements for email authentication and unsubscribe options.
Of the photographers we’ve worked with, only a handful of them are sending out newsletters or other mass email to that number of subscribers. The one area where this might apply to most photographers, is their CRM.
That said, IF YOU’RE USING A CUSTOM DOMAIN FOR YOUR EMAIL.. YOU SHOULD DO THIS EVEN THOUGH IT IS NOT A REQUIREMENT.
If you’re using your CRM’s email servers to send your clients messages, you will likely have to add this authentication.
Email Authentication
Both Google and Yahoo now require senders to authenticate their emails using standards like SPF, DKIM, and DMARC. SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) are email authentication methods that help prevent your emails from being flagged as spam. DMARC (Domain-based Message Authentication, Reporting & Conformance) is a policy that helps prevent email spoofing and phishing attacks. For businesses sending over 5,000 emails per day, DMARC is not just recommended but necessary. However, even for smaller businesses, implementing these authentication protocols can improve email deliverability and security.
Unsubscribe Options
The new rules require that all marketing emails include an easy one-click unsubscribe option. This can be beneficial for businesses as it helps maintain a more relevant and engaged subscriber list, and reduces the likelihood of emails being marked as spam. For small businesses, ensuring that their email service provider supports this feature and that it’s activated in their email campaigns is essential.
Spam Complaint Rates
Google and Yahoo have set maximum spam complaint rates at 0.3%. This means that if the rate of spam complaints for your emails exceeds this threshold, it could negatively impact your deliverability. Monitoring and maintaining low spam rates is crucial for all businesses, irrespective of the size of their email list.
You can sign up for Google Postmaster Tools here to monitor your domain’s spam complaints: https://postmaster.google.com/u/0/managedomains?pli=1
Separation of Sending Domains
For small businesses sharing a server or email service with other users, it’s important to ensure that your “From:” header aligns with your domain and not a shared domain. This compliance is necessary for DMARC alignment and helps in maintaining the reputation of your individual sending domain.
Don’t Impersonate Gmail with your “From:” Header
If you have your contact form setup to send emails (we use Elastic Email via Cloudways), don’t use a Gmail email address in your “From:” header. This will be blocked. Instead, it’s time to verify your own domain and use that!
Separation of Transactional Email from Newsletter/Communication
If your website/server sends a significant number of transactional emails (contact form submissions, store receipts, new user emails, password resets, etc), it would be best to separate those to a different server. Most photographers don’t need to worry about this, but it’s worth noting!
Differences between All Senders and Bulk (5k+) Senders
| Requirement | All Senders | Bulk Senders (5,000+ Emails / Day) |
|---|---|---|
| Email Authentication | Set up SPF or DKIM | Set up both SPF and DKIM |
| DNS Records | Valid forward and reverse DNS (PTR) records | Same as all senders |
| TLS Connection | Required | Required |
| Spam Rates | Keep below 0.10%; avoid reaching 0.30% or higher | Keep below 0.10%; avoid reaching 0.30% or higher |
| Impersonation of Gmail Headers | Not allowed | Not allowed |
| DMARC Email Authentication | Not specified | Required (can be set to ‘none’) |
| One-Click Unsubscribe for Marketing Messages | Not specified | Required |
Setting This All Up
You need to make a few DNS records, or possibly modify existing.
Google has a tool to check your DKIM / SPF inside the Google Workspace Admin Toolbox. It’s called “Check MX”, just click “run checks”.
These records won’t have any effect on your site or email service being interrupted, but you’ll want to use a testing tool to make sure they’re correct once you’ve finished.
https://www.mail-tester.com/spf-dkim-check
SPF Record
This is a TXT record that defines which mail servers can send mail for your domain. If your DNS record requires a Name, use @.
Google’s SPF record as an example:
v=spf1 include:_spf.google.com ~allTave’s SPF record:
v=spf1 a mx include:ca.spf.tave.com ?all
Merging Two SPF Records
If you also have a transactional email server, like Elastic email, they will give you their own SPF.
v=spf1 a mx include:_spf.elasticemail.com ~allDon’t make a separate record, just use the part that starts with include and then lists the servers you’re allowing.
The combined record for Google and Elastic Email would look like this:
TXT @ v=spf1 a mx include:_spf.google.com include:_spf.elasticemail.com ~allDKIM Record
If you’re using Google, you’ll need to generate a DKIM key by going to the “authenticate email” option in the Workspace menu. Other email providers will provide this as well.
This is a TXT record as well. This TXT record uses a specific name/host, other than @. I’ll use Elastic Email as an example:
Type: TXT
Name/Host: api._domainkey
Value: k=rsa;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbmGbQMzYeMvxwtNQoXN0waGYaciuKx8mtMh5czguT4EZlJXuCt6V+l56mmt3t68FEX5JJ0q4ijG71BGoFRkl87uJi7LrQt1ZZmZCvrEII0YO4mp8sDLXC8g1aUAoi8TJgxq2MJqCaMyj5kAm3Fdy2tzftPCV/lbdiJqmBnWKjtwIDAQAB
You can have a separate DKIM record for each email service you use, as long as the Name/Host is different.
DMARC
This is somewhat optional, but highly recommended. You only need this record once and it doesn’t change if you have multiple email servers verified. (This is the most simple setup, it won’t send you any reports)
TXT _dmarc v=DMARC1; p=none;
A Note on Google Domains (Squarespace Domains)
Do you remember that super easy one click integration with Google Workspace? Well, unfortunately, they don’t allow you to modify any of the existing records created by that integration.
If you need to add SPF records for additional mail servers, you’ll need to delete your entire set of DNS entries related to Google Workspace and recreate them all manually. Not fun!
I like to take a screenshot before making any changes, just in case.
More Reading:
Flodesk’s help article: https://help.flodesk.com/en/articles/8857846-new-2024-gmail-verification-requirements
Tave’s article on setting up SPF: https://help.tave.com/en/articles/345710-how-to-help-email-deliverability-by-setting-up-an-spf-record
How to set DNS via Cloudflare: https://developers.cloudflare.com/dns/manage-dns-records/how-to/create-dns-records
How to add SPF via Bluehost: https://www.bluehost.com/help/article/dns-spf#how-to-add
How to add SPF on GoDaddy: https://www.godaddy.com/help/add-an-spf-record-19218
Adding SPF on Wix: https://support.wix.com/en/article/adding-or-updating-spf-records-in-your-wix-account
