In February 2024, Gmail began enforcing strict guidelines for anyone sending email to Google email addresses – which includes both personal addresses and Google Workspace emails (like our addresses). Yahoo has also implemented the same standards which you can take a look at here. 

The requirements are especially strict for emailers sending more than 5000 messages per day, which includes all (or most) of our clients.

Some of the rules are very technical, some have to do with sending practices and message content that (hopefully) you’re already doing, and some have to do with the technical infrastructure of your email service provider, or ESP (e.g. EveryAction or Salesforce Marketing Cloud). In this post we are looking to provide guidance on these rules, but the specifics of the more technical requirements will need a conversation between you and your ESP, since the DNS records required for email authentication, for example, must be implemented specifically for the ESP’s servers and the IPs assigned to the your account. 

In this post, we’ll explain what the rules mean and how we can help you check whether you are compliant.

First, the easy stuff: sending practices

Spam complaint rates

The most important thing to monitor is the spam complaint rate. Google advises that the rate be kept below 0.1%, but will start to impose penalties if the rate exceeds 0.3%, “especially for any sustained period of time.” They’re not committing to a period of time or treating this like a hard threshold, but they say that exceeding that rate will lead to increased spam filtering (i.e. emails will be delivered to the spam folder). Once that penalty is imposed, it will take time to recover, even if the rate is brought back under 0.1%, so these violations can have long-lasting effects.

The spam complaint rate used by Google can be monitored in Postmaster Tools. An estimate of the rate may also be available via reports provided by the ESP, but that’s not completely accurate. It’s best to check Postmaster Tools regularly, as it is the authoritative source for Google data.

Note that setting up Postmaster Tools also requires some technical setup, including adding a DNS record to confirm domain ownership, so it is best to do that ASAP.

Prominent unsubscribe links

Google and Yahoo require that there is a clearly visible unsubscribe link in the message body. It’s not clear that they will penalize anyone directly for having a hard-to-find link, or that they’ll be reviewing message contents for usability of the unsub link. But they list this among their requirements.

The more important requirement for unsubscribes is to support one-click unsubscribe via a List-unsubscribe header, as described below.

Technical requirements

The examples below suggest looking at the email headers that are included with each email. The headers can be found in Gmail by clicking on the “Show original” link in the … menu at the top of each message:

“Show original” will open up a new tab with the raw email message, including all the headers – which will look like a big block of gibberish text – and a summary table at the top. Don’t worry, even when you have to dig into the gibberish, there are specific bits of text to search for.

Email authentication

Email authentication is the process by which Google, Yahoo, and other email providers can verify that the sender of an email is who they say they are in the “From:” address or sending domain. There are three acronyms to know: SPF, DKIM, and DMARC.

  • SPF specifies which servers (IPs) are allowed to send email for a domain
  • DKIM allows a sender to add a signature to a message that can be validated to confirm that the sender actually owns the sending domain
  • DMARC is an overarching policy that specifies what should happen if either DKIM or SPF checks fail

This is where things get very specific to your ESP, so you’ll need to work with your provider to add or correct authentication methods. 

Gmail makes it easy to check whether a message passes each of the above checks. Open “Show original” of a recent message and take a look at the table at the top of the screen:

It’s clear that SPF, DKIM, and DMARC are all in place and passing.

However, if any of those checks fail or are not present (DMARC in particular will not show a status if there is no DMARC policy in place), you will need to add records or fix the failing ones. Your ESP can give guidance on the correct SPF and DKIM records to be added, and you’ll need to work with whoever manages your DNS to add or correct them.

One-click unsubscribe

In Gmail or Google Workspace, you may have seen small unsubscribe links next to the sender’s name, like the example below:

These links appear when a sender has included email headers indicating how to unsubscribe the recipient without visiting the organization’s website or preference center, usually (but not always) with one click. These headers are currently optional, as long as there is a link to unsubscribe somewhere in the message body. But once the new guidelines take effect, one-click unsubscribe headers will be mandatory.

Even if your emails show an unsubscribe link like the one above, it may not meet these updated requirements. Some versions of these headers instruct Gmail to send an email back to the organization asking for the recipient to be unsubscribed; in that case, the unsubscribe is not one-click and Gmail receives no confirmation that the unsubscribe has been processed.

To check whether your unsubscribe headers meet the new requirements, open the message and click “Show original” as described above. Search (Control-F or Command-F) for “List-Unsubscribe=One-Click” as in the example below:

If a header like that one appears, the organization is most likely in compliance with the new guidelines. If, however, the header is missing or looks like this one:

The unsubscribe is not one-click. The header above sends an email to the long email address after the mailto: – which Action Network uses to unsubscribe the recipient, but not with one click, and not in a way that Gmail can verify.

If one-click unsubscribe headers are not present in an email, you will need to reach out to your ESP to find out how to enable them. It is usually not possible to add them without involvement from the ESP.

ESP technical requirements to be aware of

There are some requirements that are mostly out of your immediate control but which any reputable ESP should adhere to. If there’s any doubt, you can reach out to your account reps to confirm that all of these requirements are met. 

The two requirements that apply specifically to ESPs are:

  • Forward and reverse DNS records for all sending IPs and domains. This means that if an email provider wants to find out who owns the IP sending email for an organization, it can look up its reverse DNS record and get a response.
  • Proper email message formatting according to internet standards (RFC 5322). This doesn’t refer to visual formatting; it refers to how the ESP assembles the set of headers and message contents for delivery to Google or Yahoo. All ESPs should be in compliance with this already.

    But the fact that Google has listed it explicitly suggests that they do see a number of non-compliant messages from bulk senders. Sometimes we see organizations with multiple ESPs in use, or cases where “rogue” teams have taken a nonstandard approach to managing their portion of the email list within the org. You may want to check that those teams are also in compliance, or that anyone sending very large numbers of messages via, say, Outlook, also meet the requirements.

    Remember that anyone sending email from a given domain can affect the reputation and level of compliance of that domain. It’s important that everyone adhere to these guidelines and standards.