Q&A: What you need to know about Google and Yahoo’s new requirements [12/20/2023]

Chris-S
Administrator

Google and Yahoo are implementing new guidelines for bulk email senders in early 2024 to protect against spam, fraud and phishing, and improve deliverability.

 

We're taking the most popular questions from our latest webinar and expanding upon them to assist you in putting together your marketing strategy for next year.

 

Do you have a question left over from the webinar? Leave us a comment below.

 

 

 

What are Yahoo and Google Changing?

Both Yahoo and Google are strengthening their email security measures, particularly in the area of authentication.

Mail sent without proper authentication after February 1st may result in bounced messages or placement in the junk/spam folder.

 

 

Why are they making these changes?

There are a variety of reasons why these changes are being made but a few big ones are:

 

  1. Spam Reduction: Unauthenticated or improperly authenticated emails can contribute to the influx of spam in users' inboxes. Strengthening email authentication helps in filtering out illegitimate emails, reducing the chances of users receiving unwanted or harmful content.
  2. Enhanced User Trust: With the prevalence of online threats, maintaining user trust is crucial. By implementing stricter email authentication measures, Google and Yahoo seek to provide a more trustworthy and secure email experience for their users.
  3. Global Cybersecurity Standards: As part of the broader effort to align with global cybersecurity standards, these changes are intended to contribute to a safer and more standardized email ecosystem.

 

 

Is this only impacting Constant Contact?

This change is impacting all senders of bulk mail on the internet.  This is not limited to Constant Contact.  

 

 

How does this impact non-profits?

This impacts all types of senders the same. There is some indication in the Google announcement that smaller senders are not impacted but they haven't clearly defined how they would define a small sender so CTCT is going to take action to help make all customers compliant.



Does this only affect customers in the US? I'm located in Canada.

This affects all senders of mail regardless of origin or destination. Although these requirements are being publicized by Yahoo and Google, we have seen an increasing number of ISPs and mail filters start to impose stronger authentication requirements on inbound mail. 



Are other email clients besides Gmail/Yahoo being impacted by this? I want to make sure my emails are being sent to Outlook, for example.

Yes.  Although they are not publicly advertising it, Hotmail/Outlook.com and Office365 domains have been scanning inbound mail for authentication compliance for a while. Many other enterprise filters do so as well.  

 

What is email authentication?

Email authentication is a set of techniques and protocols used to verify the legitimacy of an email message and ensure that it hasn't been forged or altered. This is important for preventing spam, phishing, and other malicious activities.

 

 

What is a DMARC policy?

Domain-based Message Authentication, Reporting & Conformance (DMARC) is a policy that a domain (or website) publishes in its public Domain Name System (DNS) to let a receiving mailbox provider know how email sent from that domain should be authenticated and whether it should be delivered to the spam folder or rejected if it fails that authentication.

 

 

How do I set up a DMARC policy?

You can create a basic DMARC policy in your account settings. If you want to take more control over your DMARC policy, you can choose to create the record with additional optional tags. You should consult with an IT professional or your hosting provider for additional assistance as Constant Contact does not provide this service.

 

 

Is setting up DMARC and SPF pretty straightforward, or does it require IT proficiency? My business/organization doesn't have an IT department.

To perform the basics, the info you need to add is pretty straightforward and well laid out in the authentication settings.  The hard part for many folks without an IT group is determining where your DNS records are hosted, and logging into to there.  Once you get past that hurdle, entering the info should be pretty easy.  This linked article has pointers to the top hosting providers – Update your DNS records through your hosting provider to finish setting up self-authentication

 

 

I don't use Gmail or Yahoo for my addresses. I already use my domain for sending. How does this impact me?

This will depend on whether you have set up self-authentication or not. See our Knowledge Base article that outlines different scenarios based on what you have (or have not) already done in regards to self-authentication.

 

 

What if I don't take action on my end before the changes take effect?

Constant Contact will automatically rewrite your 'From' address to our own domain (@shared1.ccsend.com ( or shared2.ccsend.com if you have a trial account)) which includes a DMARC record, so it meets authentication requirements. With that said, sending from your own domain and using self-authentication is an industry best practice as it provides better branding and may result in better deliverability.

 

 

My domain is used across multiple accounts. Do I need to do self-authentication for each account? Can the same domain be used for each account or do they need to be unique?

If the same domain is used in only a few accounts (less than 20) then you will need to set up self-authentication and enter a record for each account.  You can only do this with DKIM TXT.  Do not use CNAME authentication because that can only be set up for a single domain in 1 account.

 

 

I want to set up my domain. Does Constant Contact offer this service or do I need to go elsewhere?

Constant Contact does not offer hosting services. If you don't have a domain, you can get one from web hosting sites like bluehost.com or hostgator.com, or domain hosting sites like domain.com or bigrock.com. If you have your own website, check with your web hosting provider, webmaster, or IT department to enable the email option or add it to your hosting package, if one is available.

 

 

Is self-authentication beneficial for sending to all email clients? Only Gmail and Yahoo are being mentioned.

For sure. Authenticating your outbound email verifies to a receiving mailbox provider that a message came from your organization, or was sent on your behalf from an authorized third-party, like Constant Contact.



How does this affect my contacts? Is there anything they should be doing on their end that I need to let them know about? I know some of them use Gmail.

This should not have much impact on your contacts. If your sending "From" address will be changed, you could give your contacts a heads up ahead of time but this is not a requirement and we are not able to say if it would have a benefit. 



Will this change affect my reporting? I'm worried about my bounces increasing or my open rates decreasing.

Our research on our customer base has shown that properly authenticated mail tends to get better open/click rates. We know that some ISPs were already doing some form of this type of enforcement.  

 

 

Will these changes impact deliverability or the likelihood of emails going to junk/spam?

Both. There are several different requirements and degrees of compliance.  We anticipate that Google and Yahoo will bounce some mail while sending other mail to the spam/junk folder depending on their internal "secret sauce".  There is some indication this could change over time as they adjust their filtering. 

 
33 Comments
William_A
Administrator

Hello @DavidG1917 ,

 

If you're using a free domain, such as Gmail, then we'd be handling the authentication elements internally. There's no further action you'd need to take at this time, regarding the upcoming Google and Yahoo changes.

Caitlin_M
Administrator
Hi @Dharmakaya. If a contact clicks on the Unsubscribe link in a Google header, they will be unsubscribed from your emails. However, since they did not follow the flow of clicking the link in the footer of your campaign, you will not receive a notification. 
 
rcppubs23
Marketing Legend

Hi @Caitlin_M,

I don't quite understand what this means, "no notification." Obviously the person will be unsubscribed, so will they show up as being an unsubscribe in the campaign report? Or if we run a segment of unsubscribers in a particular time period? Will they be included in the total number of unsubscribes in the month? Or do they not show up anywhere in the Constant Contact reporting? It seems like they would be in the list of unsubscribes, right? Or do they just totally disappear out of our list?

William_A
Administrator

Hello @rcppubs23 ,

 

It means at this time that the unsubscribed contact will not reflect in the unsubscribe metrics and drilldown for the email campaign. The contact would still be unsubscribed, and still show under unsubscribed contacts when sorting unless you explicitly delete the contact from your account.

CRSchumacher
Rookie

I'm getting this message from Go Daddy when I add the CNAME changes in, and it seems like it will make blanket changes that we don't want by adding a (period) at the top of our domain. Can you please advise?

Let's double check…

Looks like you're putting the domain in the Name field for some of your records. This means the records will resolve on .pepgc.org instead of pepgc.org.

Do you want to change how these records resolve?

Yes, change it and put the records on ctct1._domainkey.pepgc.org. (Most common)
No, keep it and put the records on ctct1._domainkey.pepgc.org.pepgc.org.
William_A
Administrator

Have you reached out to GoDaddy support regarding this warning message, @CRSchumacher ? Or is this error message showing when you add it your Constant Contact account's self-authentication section?

CRSchumacher
Rookie

I figure dealing with Go Daddy is next, but it is all automated so far and this is a very specific question. I think I'll try calling next...had been using the Chat function because it is always quicker! (And it did quickly get me to the right place re DNS changes.) Had hoped someone on here might have already had this pop up...

 

CircularMaterials
Constant Contact Partner

Hi there - Tried to reply to the communityevents email that was in the event invite. I'm curious if there's any follow up process in place for questions that were not addressed during the Q&A today.

William_A
Administrator

Hello @CircularMaterials ,

 

We will be going through all questions asked for the Q&As, including those that might not have been directly answered during the webinar, and providing answers. You may also find the answers you're looking for in our Email Authentication FAQ, or in the Email Delivery in 2024: Success Hub.

AndreaY169
Rookie

Our account has two domains we use, as we have two separate websites for our business. How can I authenticate both domains on my account? Can I only authenticate one? 

Resources

Community Blog

Check out marketing advice, tips, and tricks. All from our Constant Contact experts

Visit the blog

  • Avatar

    Featured Article

    Use Sections to Build Email Campaigns Faster and Improve Engagement Rates

    Using Sections while designing your marketing email not only increases your own efficiency but helps you to deliver a more friendly, organized message. Check out some of the key benefits of using sections in email.

    See Article
  • Avatar

    Featured Thread

    Casual Conversations: What's your go-to playlist?

    If you listen to music while you work, share your playlist below so we can be inspired and maybe find some new music!

    View thread
  • Avatar

    Featured Thread

    Share Your Success Sweepstakes

    Share a success story from the last year and be entered for a chance to win great prizes!

    Enter now!