• by Ray Schultz , Columnist, October 3, 2023

Google has announced new requirements for bulk email senders. And while they seem obvious, they will now be strictly enforced.  

Starting in February 2024, Gmail will require that firms sending more than 5,000 messages to Gmail per day take the following actions to reduce spam in inboxes.
They must:  

• Strongly authenticate their email using well-established best practices. Gmail argues that “this will close loopholes exploited by attackers that threaten everyone who uses email.” 
• Enable an easy unsubscribe process so recipients can stop receiving unwanted messages from a particular sender with one click.
• In addition, unsubscribe requests must be processed within two days. Gmail states: “We’ve built these requirements on open standards so that once senders implement them, everyone who uses email benefits.
• Ensure they are sending wanted email — To achieve this, Gmail will enforce a spam rate threshold that senders must stay under to protect Gmail users from being bombarded with an unwanted messages.  

Now as Gmail implies, these are practices that brands should already be following.

“We aren’t the only ones pushing for these changes,” it writes. “Our industry partners also see the pressing need to institute them: 'No matter who their email provider is, all users deserve the safest, most secure experience possible,' says Marcel Becker, Senior Director Product Management at Yahoo. 'In the interconnected world of email, that takes all of us working together. Yahoo looks forward to working with Google and the rest of the email community to make these common sense, high-impact changes the new industry standard.'"

Gmail says its AI-powered defenses stop more than 99.9% of spam, phishing and malware from reaching inboxes and that it blocks nearly 15 billion unwanted emails per day. 

“But now, nearly 20 years after Gmail launched, the threats we face are more complex and pressing than ever,” it adds. And many bulk senders fail to “appropriately secure and configure their systems, allowing attackers to easily hide in their midst.”

The solution is to focus on validation.  

“As basic as it sounds, it’s still sometimes impossible to verify who an email is from given the web of antiquated and inconsistent systems on the internet,” Gmail adds.