Q&A: What you need to know about Google and Yahoo’s new requirements [12/20/2023]

Chris-S
Administrator

Google and Yahoo are implementing new guidelines for bulk email senders in early 2024 to protect against spam, fraud and phishing, and improve deliverability.

 

We're taking the most popular questions from our latest webinar and expanding upon them to assist you in putting together your marketing strategy for next year.

 

Do you have a question left over from the webinar? Leave us a comment below.

 

 

 

What are Yahoo and Google Changing?

Both Yahoo and Google are strengthening their email security measures, particularly in the area of authentication.

Mail sent without proper authentication after February 1st may result in bounced messages or placement in the junk/spam folder.

 

 

Why are they making these changes?

There are a variety of reasons why these changes are being made but a few big ones are:

 

  1. Spam Reduction: Unauthenticated or improperly authenticated emails can contribute to the influx of spam in users' inboxes. Strengthening email authentication helps in filtering out illegitimate emails, reducing the chances of users receiving unwanted or harmful content.
  2. Enhanced User Trust: With the prevalence of online threats, maintaining user trust is crucial. By implementing stricter email authentication measures, Google and Yahoo seek to provide a more trustworthy and secure email experience for their users.
  3. Global Cybersecurity Standards: As part of the broader effort to align with global cybersecurity standards, these changes are intended to contribute to a safer and more standardized email ecosystem.

 

 

Is this only impacting Constant Contact?

This change is impacting all senders of bulk mail on the internet.  This is not limited to Constant Contact.  

 

 

How does this impact non-profits?

This impacts all types of senders the same. There is some indication in the Google announcement that smaller senders are not impacted but they haven't clearly defined how they would define a small sender so CTCT is going to take action to help make all customers compliant.



Does this only affect customers in the US? I'm located in Canada.

This affects all senders of mail regardless of origin or destination. Although these requirements are being publicized by Yahoo and Google, we have seen an increasing number of ISPs and mail filters start to impose stronger authentication requirements on inbound mail. 



Are other email clients besides Gmail/Yahoo being impacted by this? I want to make sure my emails are being sent to Outlook, for example.

Yes.  Although they are not publicly advertising it, Hotmail/Outlook.com and Office365 domains have been scanning inbound mail for authentication compliance for a while. Many other enterprise filters do so as well.  

 

What is email authentication?

Email authentication is a set of techniques and protocols used to verify the legitimacy of an email message and ensure that it hasn't been forged or altered. This is important for preventing spam, phishing, and other malicious activities.

 

 

What is a DMARC policy?

Domain-based Message Authentication, Reporting & Conformance (DMARC) is a policy that a domain (or website) publishes in its public Domain Name System (DNS) to let a receiving mailbox provider know how email sent from that domain should be authenticated and whether it should be delivered to the spam folder or rejected if it fails that authentication.

 

 

How do I set up a DMARC policy?

You can create a basic DMARC policy in your account settings. If you want to take more control over your DMARC policy, you can choose to create the record with additional optional tags. You should consult with an IT professional or your hosting provider for additional assistance as Constant Contact does not provide this service.

 

 

Is setting up DMARC and SPF pretty straightforward, or does it require IT proficiency? My business/organization doesn't have an IT department.

To perform the basics, the info you need to add is pretty straightforward and well laid out in the authentication settings.  The hard part for many folks without an IT group is determining where your DNS records are hosted, and logging into to there.  Once you get past that hurdle, entering the info should be pretty easy.  This linked article has pointers to the top hosting providers – Update your DNS records through your hosting provider to finish setting up self-authentication

 

 

I don't use Gmail or Yahoo for my addresses. I already use my domain for sending. How does this impact me?

This will depend on whether you have set up self-authentication or not. See our Knowledge Base article that outlines different scenarios based on what you have (or have not) already done in regards to self-authentication.

 

 

What if I don't take action on my end before the changes take effect?

Constant Contact will automatically rewrite your 'From' address to our own domain (@shared1.ccsend.com ( or shared2.ccsend.com if you have a trial account)) which includes a DMARC record, so it meets authentication requirements. With that said, sending from your own domain and using self-authentication is an industry best practice as it provides better branding and may result in better deliverability.

 

 

My domain is used across multiple accounts. Do I need to do self-authentication for each account? Can the same domain be used for each account or do they need to be unique?

If the same domain is used in only a few accounts (less than 20) then you will need to set up self-authentication and enter a record for each account.  You can only do this with DKIM TXT.  Do not use CNAME authentication because that can only be set up for a single domain in 1 account.

 

 

I want to set up my domain. Does Constant Contact offer this service or do I need to go elsewhere?

Constant Contact does not offer hosting services. If you don't have a domain, you can get one from web hosting sites like bluehost.com or hostgator.com, or domain hosting sites like domain.com or bigrock.com. If you have your own website, check with your web hosting provider, webmaster, or IT department to enable the email option or add it to your hosting package, if one is available.

 

 

Is self-authentication beneficial for sending to all email clients? Only Gmail and Yahoo are being mentioned.

For sure. Authenticating your outbound email verifies to a receiving mailbox provider that a message came from your organization, or was sent on your behalf from an authorized third-party, like Constant Contact.



How does this affect my contacts? Is there anything they should be doing on their end that I need to let them know about? I know some of them use Gmail.

This should not have much impact on your contacts. If your sending "From" address will be changed, you could give your contacts a heads up ahead of time but this is not a requirement and we are not able to say if it would have a benefit. 



Will this change affect my reporting? I'm worried about my bounces increasing or my open rates decreasing.

Our research on our customer base has shown that properly authenticated mail tends to get better open/click rates. We know that some ISPs were already doing some form of this type of enforcement.  

 

 

Will these changes impact deliverability or the likelihood of emails going to junk/spam?

Both. There are several different requirements and degrees of compliance.  We anticipate that Google and Yahoo will bounce some mail while sending other mail to the spam/junk folder depending on their internal "secret sauce".  There is some indication this could change over time as they adjust their filtering. 

 
33 Comments
ToniN481
Rookie

Hi, I'm having to pass this on to our web person (lives in a different state).  I was thinking it would be a 3 step process for us:  1)set up a new email from the domain (which appears to be a godaddy one) as the email we use for CC currently is not a domain one  2)set up the DKIM and 3)put in a DMARC.  Is that correct?   DMARC is not mentioned above, but was talked about in the webinar.   And if I ask them to establish a DMARC I should tell them what I want done with failed messages?  Or does CC still tell me that info.    I'm just trying to be as clear as possible with the information I'm forwarding to them.  Thank you.

JoshF081
Campaign Expert

Thanks for all the helpful information, this webinar was very informative. Is there a way to distinguish between people who unsubscribe using the newer header method compared with those who unsubscribed via the footer button?

William_A
Administrator

Hello @ToniN481 ,

 

For the best resource on setting up self-authentication within your account, I'd advise following along with our main article on the topic (linked above).

 

For more specific info regarding how DMARC works, I'd recommend these articles:

What is a DMARC policy and why do I need one?

DMARC reporting errors with self-authentication

 

The main article for your IT / domain host to be concerned with would be the first one. Once they've done everything they need to for the keys and records, you can easily plug that info into your account, following the instructions in the first article.

William_A
Administrator

Hello @JoshF081 ,

 

Our devs are working to get the header unsubscribe function to have full parity with the footer unsubscribe's reporting and engagements tracking. At this time there may be discrepancies in the reporting between the two functions. However the most important part - the contact becoming unsubscribed when explicitly prompting to be - will function as intended.

 

rcppubs23
Marketing Legend

For the one click unsubscribe in the header, do we need to do something to activate that in our account or is it done automatically by Constant Contact? I couldn't find any documentation about how to set it up, but in th webinar they kept saying there were simple tools to do it, so it seemed like there was something to be done on your customer's end.

 

Also, can this be done in all templates? Or only the cross-device ones?

Resources

Community Blog

Check out marketing advice, tips, and tricks. All from our Constant Contact experts

Visit the blog

  • Avatar

    Featured Article

    Use Sections to Build Email Campaigns Faster and Improve Engagement Rates

    Using Sections while designing your marketing email not only increases your own efficiency but helps you to deliver a more friendly, organized message. Check out some of the key benefits of using sections in email.

    See Article
  • Avatar

    Featured Thread

    Casual Conversations: What's your go-to playlist?

    If you listen to music while you work, share your playlist below so we can be inspired and maybe find some new music!

    View thread
  • Avatar

    Featured Thread

    Ready, Set, Send Reflections

    The Ready, Set, Send Challenge has finished! Let's reflect on the wins and accomplishments over the last six weeks.

    Join challenge