• by Ray Schultz , Columnist, January 31, 2024

Maybe they’re not as extreme as Apple’s new rules seemed to be a few years ago, but Gmail and Yahoo are set to launch new requirements for bulk email senders on Thursday, Feb. 1.

“Just like we adapted to HTTPS as the standard for the World Wide Web, and like MFA is becoming the standard for our online accounts, every business will need to become familiar with standards like SPF, DKIM, and DMARC,” says Gerasim Hovhannisyan, co-founder and CEO of EasyDMARC, an email authentication provider. 

Hovhannisyan adds: “While today’s changes might pose initial challenges for bulk email senders, they represent a necessary collective effort to create a safer and more reliable email ecosystem. It is also indicative of things to come; cybercriminals will not stop becoming more sophisticated, so security measures must grow to meet them." 

“Email authentication isn’t new, but now it’s a must for inbox success,” adds Liviu Tanase, founder and CEO of ZeroBounce. “With the right tools, email authentication gets much easier.”

Tanase adds: “Postponing or ignoring email authentication will cause emails to go to spam or not get delivered at all.”

What do the new rules require? Gmail will now require that bulk senders — those that send more than 5,000 messages to Gmail per day — take these actions to reduce spam in inboxes:  

- Strongly authenticate their email using well-established best practices. Gmail says “this will close loopholes exploited by attackers that threaten everyone who uses email.” 

- Enable easy unsubscription so that recipients can stop receiving unwanted messages from a particular sender with one click. In addition, unsubscribe requests must be processed within two days. Gmail states: “We’ve built these requirements on open standards so that once senders implement them, everyone who uses email benefits."

- Ensure they’re sending wanted email. To achieve this, Gmail will enforce a spam-rate threshold that senders must remain under to protect Gmail users from being bombarded with unwanted messages.  

Now, as Gmail implies, these are practices that brands should already be following, saying: “We aren’t the only ones pushing for these changes." Marcel Becker, senior director of product management at Yahoo, says: “Our industry partners also see the pressing need to institute them: No matter who their email provider is, all users deserve the safest, most secure experience possible."

Gmail claims its AI-powered defenses stop more than 99.9% of spam, phishing and malware from reaching inboxes and that it blocks nearly 15 billion unwanted emails per day.  “But now, nearly 20 years after Gmail launched, the threats we face are more complex and pressing than ever,” it says. And many bulk senders fail to “appropriately secure and configure their systems, allowing attackers to easily hide in their midst.”

The solution is to focus on validation. “As basic as it sounds, it’s still sometimes impossible to verify who an email is from given the web of antiquated and inconsistent systems on the internet,” Gmail states.

“As we navigate the evolving cyber landscape, staying proactive in adopting and adapting to these security trends will be paramount for businesses to maintain effective communication channels and uphold their digital reputation,” Hovhannisyan concludes.