Zoho ZeptoMail has always emphasized the importance of authenticating your emails properly. As a sender, authentications allow you to protect your domain and sending reputation by reducing fraud, phishing attacks, and more. It also helps with your deliverability because email service providers look to these authentications when deciding if an email they've received is legitimate.
Google and Yahoo are turning email authentication into a mandatory requirement. To protect their user inboxes from spam, phishing, fraudulent emails, and other unwanted emails, they have introduced certain email sender guidelines that will be enforced as of February 1, 2024.
In this post, we’ll talk about all of the requirements that will apply to sending transactional emails. Zoho ZeptoMail already has you covered on some of these requirements while others require your action.
Requirements that we've got covered
TLS encryption
Google and Yahoo require email to be transmitted over a TLS connection. Zoho ZeptoMail has always protected our email sending by using TLS connections.
PTR records and rDNS
Both of these methods are used to identify the domain names associated with a particular IP address. ZeptoMail has these in place.
RFC 5322 compliance
RFC 5322 is an Internet standard that defines the correct format for email messages, including message body, headers, and attachments. Emails sent using ZeptoMail are RFC 5322 compliant.
Requirements that require action from the domain owner
1. SPF and DKIM authentication
Sender Policy Framework (SPF) denotes the mail servers that are allowed to send emails from the domain. DomainKeys Identified Mail (DKIM) is a protocol that adds digital signatures to the email to ensure that there is no tampering.
These authentication protocols are advised by all providers, but not all senders use them. Now, Google and Yahoo have mandated SPF and DKIM authentication for all incoming emails. Having these records in place will help with the deliverability of your emails.
Here's the help documentation that can guide you in verifying SPF and DKIM records for your domain in ZeptoMail.
These authentications have always been compulsory for all sending domains added to ZeptoMail. For certain cases like initial testing, we have allowed sender address additions through OTP verification. With more and more recipient servers mandating or placing more weight on these authentication protocols, we will not be allowing sender address additions by OTP verification starting April 1, 2024. You will be required to verify your domain in ZeptoMaill to send emails.
2. Spam rates
Google has mandated that a sender’s spam rates should be below 0.3%. Staying within these limits will prevent your emails from being marked as unsolicited or fraudulent. While Yahoo hasn't mentioned a specific percentage, maintaining a spam rate below 0.1% is advisable.
At ZeptoMail, we monitor spam complaints and require the percentage to be below 0.1%. Failure to do so could lead to the suspension of email-sending capabilities. These will adhere to Google and Yahoo's new guidelines.
Additional requirements for bulk senders (>5,000 emails per day)
Senders who send more than 5,000 emails per day are considered bulk senders. Your email count is cumulative of all emails sent from the email addresses belonging to the primary domain.
For example, email1@zylker.com sends 2,500 messages per day and email2@zylker.com sends 2,700 emails per day. Your total email count for zylker.com is 5,200 emails per day, making the domain a bulk email sender.
Along with these requirements, Google and Yahoo have additional guidelines for bulk senders.
1. Publish DMARC policy
DMARC policy allows senders to monitor emails being sent from unauthenticated sources. It works in combination with SPF and DKIM. A published DMARC policy advises recipient servers on what action to take while receiving an unauthenticated email.
While DMARC policy has been a best practice until now, Google and Yahoo have mandated DMARC policy publishing for bulk senders moving forward.
2. DMARC alignments
DMARC alignment is key for DMARC enforcement. It is the relation between SPF, DKIM records, and the DMARC policy. The domain in the from header and the domain in the passing SPF and DKIM records should match. This is called DMARC alignment.
Once the new guidelines are in place, DMARC alignment is mandatory for all emails sent to Google and Yahoo users.
Why should you comply with the new guidelines?
The new requirements have to be fulfilled by February 1, 2024. Per Google's announcement, emails that fail to meet these requirements could be rejected or marked as spam by their servers.
Apart from helping with delivery to Google and Yahoo, enforcing these practices will help with the deliverability of your emails to any recipient server.
Comments