Google and Yahoo Email Requirements. 7 min read

In October 2023, Google and Yahoo jointly announced new requirements for bulk email senders, effective February 2024. These aren't suggestions — they're requirements. Senders who don't comply see their emails sent to spam or rejected outright.

The changes affect anyone sending more than 5,000 messages per day to Gmail or Yahoo Mail addresses. Given Gmail's 1.8 billion users and Yahoo Mail's 225 million, this effectively means every B2C email sender needs to comply.

First, SPF or DKIM authentication is now mandatory. Every message must pass either SPF (which verifies the sending IP is authorized for your domain) or DKIM (which cryptographically signs the message). Best practice is to implement both.

Second, DMARC is required. Your domain must have a DMARC policy published in DNS. The minimum requirement is p=none, but Google explicitly recommends moving toward p=quarantine or p=reject as you gain confidence in your authentication coverage.

Third, alignment is enforced. The domain in your From header must align with either your SPF domain or your DKIM signing domain. This prevents the common practice of sending from one domain while authenticating with another.

Beyond authentication, Google and Yahoo require operational best practices that many senders were ignoring.

One-click unsubscribe is mandatory. Every marketing email must include a List-Unsubscribe header that supports one-click unsubscription via the RFC 8058 standard. The mailto-only approach is no longer sufficient — you need the HTTPS POST method.

Spam complaint rate must stay below 0.3%, with Google's recommendation being below 0.1%. Google Postmaster Tools provides this data for Gmail. If your complaint rate exceeds the threshold, your messages start going to spam.

Valid forward and reverse DNS is required for your sending IPs. This is basic infrastructure hygiene but is frequently misconfigured, especially after IP changes or infrastructure migrations.

TLS encryption for SMTP connections is required. Most modern email infrastructure supports this by default, but legacy systems may need updating.

Check your current authentication status using Google Postmaster Tools (for Gmail) and Yahoo's Sender Hub. These dashboards show your domain reputation, spam rate, authentication pass rates, and any compliance issues.

Verify your DNS records: run SPF, DKIM, and DMARC lookups for your sending domains. Ensure DMARC alignment passes — tools like MXToolbox and dmarcian can help verify.

Test one-click unsubscribe by sending a test message and checking for the List-Unsubscribe-Post header in the raw email headers. If it's missing, your ESP or sending infrastructure needs to be updated.

Monitor your spam complaint rate weekly. If it's approaching 0.1%, investigate which campaigns or segments are driving complaints and take corrective action before you hit the 0.3% hard limit.