Q&A: What you need to know about Google and Yahoo’s new requirements [12/20/2023]

Chris-S
Administrator

Google and Yahoo are implementing new guidelines for bulk email senders in early 2024 to protect against spam, fraud and phishing, and improve deliverability.

 

We're taking the most popular questions from our latest webinar and expanding upon them to assist you in putting together your marketing strategy for next year.

 

Do you have a question left over from the webinar? Leave us a comment below.

 

 

 

What are Yahoo and Google Changing?

Both Yahoo and Google are strengthening their email security measures, particularly in the area of authentication.

Mail sent without proper authentication after February 1st may result in bounced messages or placement in the junk/spam folder.

 

 

Why are they making these changes?

There are a variety of reasons why these changes are being made but a few big ones are:

 

  1. Spam Reduction: Unauthenticated or improperly authenticated emails can contribute to the influx of spam in users' inboxes. Strengthening email authentication helps in filtering out illegitimate emails, reducing the chances of users receiving unwanted or harmful content.
  2. Enhanced User Trust: With the prevalence of online threats, maintaining user trust is crucial. By implementing stricter email authentication measures, Google and Yahoo seek to provide a more trustworthy and secure email experience for their users.
  3. Global Cybersecurity Standards: As part of the broader effort to align with global cybersecurity standards, these changes are intended to contribute to a safer and more standardized email ecosystem.

 

 

Is this only impacting Constant Contact?

This change is impacting all senders of bulk mail on the internet.  This is not limited to Constant Contact.  

 

 

How does this impact non-profits?

This impacts all types of senders the same. There is some indication in the Google announcement that smaller senders are not impacted but they haven't clearly defined how they would define a small sender so CTCT is going to take action to help make all customers compliant.



Does this only affect customers in the US? I'm located in Canada.

This affects all senders of mail regardless of origin or destination. Although these requirements are being publicized by Yahoo and Google, we have seen an increasing number of ISPs and mail filters start to impose stronger authentication requirements on inbound mail. 



Are other email clients besides Gmail/Yahoo being impacted by this? I want to make sure my emails are being sent to Outlook, for example.

Yes.  Although they are not publicly advertising it, Hotmail/Outlook.com and Office365 domains have been scanning inbound mail for authentication compliance for a while. Many other enterprise filters do so as well.  

 

What is email authentication?

Email authentication is a set of techniques and protocols used to verify the legitimacy of an email message and ensure that it hasn't been forged or altered. This is important for preventing spam, phishing, and other malicious activities.

 

 

What is a DMARC policy?

Domain-based Message Authentication, Reporting & Conformance (DMARC) is a policy that a domain (or website) publishes in its public Domain Name System (DNS) to let a receiving mailbox provider know how email sent from that domain should be authenticated and whether it should be delivered to the spam folder or rejected if it fails that authentication.

 

 

How do I set up a DMARC policy?

You can create a basic DMARC policy in your account settings. If you want to take more control over your DMARC policy, you can choose to create the record with additional optional tags. You should consult with an IT professional or your hosting provider for additional assistance as Constant Contact does not provide this service.

 

 

Is setting up DMARC and SPF pretty straightforward, or does it require IT proficiency? My business/organization doesn't have an IT department.

To perform the basics, the info you need to add is pretty straightforward and well laid out in the authentication settings.  The hard part for many folks without an IT group is determining where your DNS records are hosted, and logging into to there.  Once you get past that hurdle, entering the info should be pretty easy.  This linked article has pointers to the top hosting providers – Update your DNS records through your hosting provider to finish setting up self-authentication

 

 

I don't use Gmail or Yahoo for my addresses. I already use my domain for sending. How does this impact me?

This will depend on whether you have set up self-authentication or not. See our Knowledge Base article that outlines different scenarios based on what you have (or have not) already done in regards to self-authentication.

 

 

What if I don't take action on my end before the changes take effect?

Constant Contact will automatically rewrite your 'From' address to our own domain (@shared1.ccsend.com ( or shared2.ccsend.com if you have a trial account)) which includes a DMARC record, so it meets authentication requirements. With that said, sending from your own domain and using self-authentication is an industry best practice as it provides better branding and may result in better deliverability.

 

 

My domain is used across multiple accounts. Do I need to do self-authentication for each account? Can the same domain be used for each account or do they need to be unique?

If the same domain is used in only a few accounts (less than 20) then you will need to set up self-authentication and enter a record for each account.  You can only do this with DKIM TXT.  Do not use CNAME authentication because that can only be set up for a single domain in 1 account.

 

 

I want to set up my domain. Does Constant Contact offer this service or do I need to go elsewhere?

Constant Contact does not offer hosting services. If you don't have a domain, you can get one from web hosting sites like bluehost.com or hostgator.com, or domain hosting sites like domain.com or bigrock.com. If you have your own website, check with your web hosting provider, webmaster, or IT department to enable the email option or add it to your hosting package, if one is available.

 

 

Is self-authentication beneficial for sending to all email clients? Only Gmail and Yahoo are being mentioned.

For sure. Authenticating your outbound email verifies to a receiving mailbox provider that a message came from your organization, or was sent on your behalf from an authorized third-party, like Constant Contact.



How does this affect my contacts? Is there anything they should be doing on their end that I need to let them know about? I know some of them use Gmail.

This should not have much impact on your contacts. If your sending "From" address will be changed, you could give your contacts a heads up ahead of time but this is not a requirement and we are not able to say if it would have a benefit. 



Will this change affect my reporting? I'm worried about my bounces increasing or my open rates decreasing.

Our research on our customer base has shown that properly authenticated mail tends to get better open/click rates. We know that some ISPs were already doing some form of this type of enforcement.  

 

 

Will these changes impact deliverability or the likelihood of emails going to junk/spam?

Both. There are several different requirements and degrees of compliance.  We anticipate that Google and Yahoo will bounce some mail while sending other mail to the spam/junk folder depending on their internal "secret sauce".  There is some indication this could change over time as they adjust their filtering. 

 
33 Comments
Caitlin_M
Administrator

Hi @linr. I certainly understand that there is a lot of information to take in. All of these changes are being done in response to changes being made by Google and Yahoo that are affecting all email marketing providers.

 

I suggest visiting our Email Delivery Hub which outlines four categories our customers are falling into and what steps you should be taking. If you have further questions, please contact our Delivery team

CeceliaR67
Rookie

I work for a non-profit organization (American Association for University Women) that has no IT department. We have a Google account that we use for responses to emails that we send to our membership, which numbers 150. Because we are small, I am baffled as to why Google or Yahoo ISPs would mark emails as spam from our distributor, which we recently changed to Constant Contact since Outlook won't let a sender distribute more than 50 emails at a time, meaning we had to send 3 emails for any distribution to our membership base). 

I have sent 2 emails to our membership and am learning that about 60% make it to their Inboxes. The other 40% are automatically marked as "spam" and end up in Junk folders. I have no way of accessing the DNS file on the server (somewhere out there!) and trying to insert code to authenticate our organization as the sender, so I used Constant Contact's self-authentication method, meaning I just use the default settings for Constant Contact.

We were told by Constant Contact support that those whose emails ended up in Junk folders need to move the email from their Junk folder to their Inbox and future emails from Constant Contact will not be recognized as Junk and will make it to their Inboxes. This amounts to a lot of personal messages from me (UGH!), and I am wondering if we'll be able to continue using Constant Contact if every time we have a new member join, I am faced with this uncertainty of whether or not they'll be one of those to whom I'm going to have to go with this very clunky fix. Anyone else have this problem????

William_A
Administrator

Hello @CeceliaR67 ,

 

If you're using a free email domain (e.g. gmail, yahoo, aol, live, icloud, etc.) to send your emails, your only option would be to use the ccsend rewrite for general authentication, since you have no control over that domain and it's a widely available one.

 

If you have your own domain for your organization, then whomever you purchased the domain from or setup your website and email system through should have further insight on plugging in the self-authentication information we provide. I would advise referring to our Community's Self-Authentication FAQ for additional info, and links to the relevant guides and articles.

Resources

Community Blog

Check out marketing advice, tips, and tricks. All from our Constant Contact experts

Visit the blog

  • Avatar

    Featured Article

    The Power of Direct Subscriber Feedback: Measuring Customer Satisfaction

    Today, understanding customer satisfaction is crucial. How can you know if customers are happy with your products or services?

    See Article
  • Avatar

    Featured Thread

    The Unintentional Humor of Spam Emails

    Have you ever wondered who or what is on the other side of a spam email? Take 10 minutes out of your day and watch this lighthearted video!

    View thread
  • Avatar

    Featured Thread

    How to Create Images of Multi-Page PDFs

    Discover the process of transforming PDFs with multiple pages into image files directly on Constant Contact.

    See Article