Email Best Practices and Policies – February 2024

The email landscape is expected to undergo major transformation in 2024. Gmail has released new policies that apply to emails sent to personal Gmail accounts. The best practices are now becoming mandatory requirements.

The consequences for senders who don't follow the new guidelines will soon begin to show. If you don’t comply with email authentication policies, the emails may not reach the recipients as intended. Gmail may filter or flag bad emails as spam, which could have a negative impact on the performance of your business as a whole as well as the reputation of your domain.

You must emphasize deliverability, adopt key records, and improve the quality of your email copy if you want to be seen as a reliable sender.

Who will be affected?

Regardless of the email service provider, anyone sending emails to @gmail.com and @googlemail.com addresses will be affected starting from February 2024. It's important to follow these rules, for instance, if you work in recruitment and send most of your communications to private Gmail accounts.

Gmail provides two sender groups that it differentiates:

• Group A: using the sending domain to send fewer than 5,000 emails each day

• Group B: bulk senders, defined by Gmail as those that send 5,000 or more emails each day from the sending domain.

What are the Rules announced for February 2024?

1. Set up SPF or DKIM email authentication for each of your sending domains at your provider.

Email authentication is a security measure implemented to prevent spammers and spoofers from sending fake emails to users and to prevent third parties from pretending to be individuals or brands.

Email authentication is meant to protect recipients of emails (from unscrupulous people or organizations posing as other companies or individuals) and give them trust in the messages that are reaching their inboxes.

Email authentication is a brand's first line of defense against unintentionally becoming known as spammers.

Sender policy framework (SPF), domain keys identified mail (DKIM), and domain-based message authentication, reporting, and conformance (DMARC) are a few forms of email authentication.

In order to prevent spoofing and have their emails flagged as spam, bulk senders are required under Google's authentication standards for 2024 to "strongly authenticate" their emails using SPF or DKIM and DMARC.

According to Yahoo, senders must "implement stronger email authentication" by utilizing DMARC and SPF, two industry-standard authentication techniques, by the year 2024.

• SPF: A security feature called SPF (Sender Policy Framework) was developed to stop spammers from sending emails on your behalf. It specifies which IP addresses are allowed to send emails from your domain, including those of services you use, like mailgun.com. If you don't set it up, someone else might send messages from your domain while posing as you, which could be bad for your reputation.

• DKIM: By adding a digital signature to your emails, the security standard DKIM (DomainKeys Identified Mail) identifies email spoofing. Consider it the email equivalent of a seal. If the seal is changed in any way, it means that your emails were changed in transit between the sending and receiving email servers.

• DMARC: DMARC facilitates the establishment of policies on the handling of emails that are not verified by DKIM or SPF. Additionally, it offers reports that show the IP addresses sending emails on your behalf, the quantity of emails sent overall, and if DKIM or SPF passes. When you first start using DMARC, you can initially set your enforcement policy to "none".

2. Allow recipients to easily unsubscribe from commercial emails in one click

Yahoo and Gmail want to make sure that users of email don't have to do any more work in order to choose not to receive emails from marketers in the future. In the future, bulk senders will need to include a list-unsub header in their email campaigns so that subscribers may easily unsubscribe with a single click.

It is necessary for businesses to not only facilitate unsubscribing easily, but also respond promptly to users' requests, completing them within a two-day period.

3. Use a TLS (Transport Layer Security) connection for transmitting email.

Your email is protected from unwanted access while it's traveling across internet connections thanks to TLS. Large email carriers like Gmail already use TLS, but if you use a custom SMTP, you might want to see if they offer this protocol. This is because an email connection is secure only if TLS is used by both the sender and the recipient.

4. Keep spam rates below 0.3% by monitoring them in Postmaster Tools**.**

The hardest measure to maintain is that one. For example, only three of the one thousand emails you send each day can be flagged as spam. To guarantee that your communications reach the primary inboxes, it is ideal for the suggested spam rate to be less than 0.1%. The daily determined spam rate is displayed by Postmaster Tools.

For users who send 5,000 or more messages every day, there are further specifications:

Why are these email deliverability changes happening?

These new deliverability guidelines for emails are being implemented by Yahoo and Google in an effort to enhance the email user experience. The objective is to make sure that people receive emails that they genuinely want to read and interact with, rather than having their inboxes overflow with unsolicited ones.

In its October 2023 announcement regarding these modifications, Google stated that its AI-powered Gmail filtering features are supporting their objectives and preventing over 99.9% of spam, phishing, and malware attempts from reaching users' inboxes—blocking nearly 15 billion unsolicited emails daily. However, the mailbox provider also realized that more has to be done to safeguard users' inboxes from spam.

What are the consequences of breaking the rules?

User safety has always been a priority for Gmail. According to Google, its AI defenses thwart over 99.9% of spam, phishing, and malware, preventing about 15 billion unsolicited emails per day. Google Mail also discloses the repercussions of the new guidelines:

Emails that do not comply with the basic authentication criteria (SPF and DKIM) will probably be denied with a 550 5.7.26 error, blocked by Gmail, or tagged as spam.

Every email you send has a higher chance of being labeled as spam if messages from your domain are routinely reported as such. Continued spam reports harm the reputation of your domain, have an adverse effect on inbox delivery, and keep you from reporting delivery problems to Gmail in the future.