Google and Yahoo are implementing new guidelines for bulk email senders in early 2024 to protect against spam, fraud and phishing, and improve deliverability.
We're taking the most popular questions from our latest webinar and expanding upon them to assist you in putting together your marketing strategy for next year.
Do you have a question left over from the webinar? Leave us a comment below.
What are Yahoo and Google Changing?
Both Yahoo and Google are strengthening their email security measures, particularly in the area of authentication.
Mail sent without proper authentication after February 1st may result in bounced messages or placement in the junk/spam folder.
Why are they making these changes?
There are a variety of reasons why these changes are being made but a few big ones are:
Spam Reduction: Unauthenticated or improperly authenticated emails can contribute to the influx of spam in users' inboxes. Strengthening email authentication helps in filtering out illegitimate emails, reducing the chances of users receiving unwanted or harmful content.
Enhanced User Trust: With the prevalence of online threats, maintaining user trust is crucial. By implementing stricter email authentication measures, Google and Yahoo seek to provide a more trustworthy and secure email experience for their users.
Global Cybersecurity Standards: As part of the broader effort to align with global cybersecurity standards, these changes are intended to contribute to a safer and more standardized email ecosystem.
Is this only impacting Constant Contact?
This change is impacting all senders of bulk mail on the internet. This is not limited to Constant Contact.
How does this impact non-profits?
This impacts all types of senders the same. There is some indication in the Google announcement that smaller senders are not impacted but they haven't clearly defined how they would define a small sender so CTCT is going to take action to help make all customers compliant.
Does this only affect customers in the US? I'm located in Canada.
This affects all senders of mail regardless of origin or destination. Although these requirements are being publicized by Yahoo and Google, we have seen an increasing number of ISPs and mail filters start to impose stronger authentication requirements on inbound mail.
Are other email clients besides Gmail/Yahoo being impacted by this? I want to make sure my emails are being sent to Outlook, for example.
Yes. Although they are not publicly advertising it, Hotmail/Outlook.com and Office365 domains have been scanning inbound mail for authentication compliance for a while. Many other enterprise filters do so as well.
What is email authentication?
Email authentication is a set of techniques and protocols used to verify the legitimacy of an email message and ensure that it hasn't been forged or altered. This is important for preventing spam, phishing, and other malicious activities.
What is a DMARC policy?
Domain-based Message Authentication, Reporting & Conformance (DMARC) is a policy that a domain (or website) publishes in its public Domain Name System (DNS) to let a receiving mailbox provider know how email sent from that domain should be authenticated and whether it should be delivered to the spam folder or rejected if it fails that authentication.
How do I set up a DMARC policy?
You can create a basic DMARC policy in your account settings. If you want to take more control over your DMARC policy, you can choose to create the record with additional optional tags. You should consult with an IT professional or your hosting provider for additional assistance as Constant Contact does not provide this service.
Is setting up DMARC and SPF pretty straightforward, or does it require IT proficiency? My business/organization doesn't have an IT department.
To perform the basics, the info you need to add is pretty straightforward and well laid out in the authentication settings. The hard part for many folks without an IT group is determining where your DNS records are hosted, and logging into to there. Once you get past that hurdle, entering the info should be pretty easy. This linked article has pointers to the top hosting providers – Update your DNS records through your hosting provider to finish setting up self-authentication
I don't use Gmail or Yahoo for my addresses. I already use my domain for sending. How does this impact me?
This will depend on whether you have set up self-authentication or not. See our Knowledge Base article that outlines different scenarios based on what you have (or have not) already done in regards to self-authentication.
What if I don't take action on my end before the changes take effect?
Constant Contact will automatically rewrite your 'From' address to our own domain (@shared1.ccsend.com ( or shared2.ccsend.com if you have a trial account)) which includes a DMARC record, so it meets authentication requirements. With that said, sending from your own domain and using self-authentication is an industry best practice as it provides better branding and may result in better deliverability.
My domain is used across multiple accounts. Do I need to do self-authentication for each account? Can the same domain be used for each account or do they need to be unique?
If the same domain is used in only a few accounts (less than 20) then you will need to set up self-authentication and enter a record for each account. You can only do this with DKIM TXT. Do not use CNAME authentication because that can only be set up for a single domain in 1 account.
I want to set up my domain. Does Constant Contact offer this service or do I need to go elsewhere?
Constant Contact does not offer hosting services. If you don't have a domain, you can get one from web hosting sites like bluehost.com or hostgator.com, or domain hosting sites like domain.com or bigrock.com. If you have your own website, check with your web hosting provider, webmaster, or IT department to enable the email option or add it to your hosting package, if one is available.
Is self-authentication beneficial for sending to all email clients? Only Gmail and Yahoo are being mentioned.
For sure. Authenticating your outbound email verifies to a receiving mailbox provider that a message came from your organization, or was sent on your behalf from an authorized third-party, like Constant Contact.
How does this affect my contacts? Is there anything they should be doing on their end that I need to let them know about? I know some of them use Gmail.
This should not have much impact on your contacts. If your sending "From" address will be changed, you could give your contacts a heads up ahead of time but this is not a requirement and we are not able to say if it would have a benefit.
Will this change affect my reporting? I'm worried about my bounces increasing or my open rates decreasing.
Our research on our customer base has shown that properly authenticated mail tends to get better open/click rates. We know that some ISPs were already doing some form of this type of enforcement.
Will these changes impact deliverability or the likelihood of emails going to junk/spam?
Both. There are several different requirements and degrees of compliance. We anticipate that Google and Yahoo will bounce some mail while sending other mail to the spam/junk folder depending on their internal "secret sauce". There is some indication this could change over time as they adjust their filtering.
... View more