What are the new email authentication and unsubscribe requirements from Gmail and Yahoo for 2024?

Email marketer from Email Geeks questions whether the "one click unsubscribe" mentioned a literal one click unsubscribe or are they more talking about list unsubcribe?

Email marketer from Email Geeks says its about adding list-unsubscribe headers to enable “one click” unsubscribe within the email app. The preferred method is RFC8058, mailto is acceptable. Although I am really, really liking the idea of enforcing RFC8058

Email marketer from Reddit suggests that to comply with the new requirements, senders must implement email authentication (SPF, DKIM, DMARC), provide an easy one-click unsubscribe option, and keep their spam rate under 0.3%.

Email marketer from Litmus explains that the new requirements focus on authenticated sending, easy unsubscription, and acceptable spam rates. These apply to senders of 5,000 or more emails per day.

Email marketer from ActiveCampaign explains that to meet the new standards, senders need to authenticate their email using SPF, DKIM, and DMARC. They also need to implement one-click unsubscription and maintain a spam rate below 0.3%.

Email marketer from Stack Overflow shares that the new requirements primarily target bulk senders, meaning those sending over 5,000 emails per day. These senders need to implement SPF, DKIM, and DMARC authentication, provide one-click unsubscribe options, and maintain low spam complaint rates.

Email marketer from Email Geeks disagrees with Brian and says its not true that Gmail is rejecting all mail which is not authenticated

Email marketer from Email Geeks mentions that Google is talking about both list-unsub headers AND a link in the body.

Email marketer from Email on Acid outlines the new requirements including authenticating your email with SPF, DKIM, and DMARC, implementing one-click unsubscription, and monitoring your spam rate to stay below 0.3%. They also recommend testing your setup.

Email marketer from GMass Blog mentions that the new requirements from Gmail and Yahoo for 2024 mandate authentication, a one-click unsubscribe, and keeping spam rates under 0.3% for bulk senders.

Email marketer from Email Geeks says to pretend you are over 5000. It’ll help no matter what. And DMARC isn’t the only thing senders have to consider as they near 5K, but one-click list-unsubscribe header as well. They are looking at everything no matter the volume so trying to stay “below” the threshold won’t necessarily help.

Email marketer from Email Geeks shares a link to Gmail's announcement of upcoming changes to email requirements in Q1 2024: <https://blog.google/products/gmail/gmail-security-authentication-spam-protection/>

Email marketer from Mailjet summarizes that to meet the new Gmail and Yahoo requirements for 2024, it's essential to authenticate your emails with SPF, DKIM, and DMARC, and provide a one-click unsubscribe option in your emails.

Email marketer from Email Geeks agrees that the documentation seems outdated but highlights the "Auth" section as a sign of stricter authentication requirements. Also mentions the potential for rejecting senders above the acceptable spam rate threshold.

Email marketer from Email Geeks says what I really appreciate is Gmail sharing a number to give me as a sender an idea of what level is dangerous (>0.1%) and what is critical (>0.3%). it really helps me a lot, as I now know how safe I am at least in terms of spam rate.

Email marketer from MailerQ Blog explains that Google and Yahoo are tightening requirements to require authentication (SPF, DKIM, DMARC), easy unsubscription (List-Unsubscribe header), and low spam rates (<0.3%).

Email marketer from Email Geeks states that Gmail started rejecting email that is not authenticated a few weeks ago.

Email marketer from Email Geeks says it feels like went from should probably be doing this to "you have to be doing this". That is what I take from it.

Email marketer from Email Geeks shares a link to Yahoo's announcement, emphasizing that this is not just Google making these changes. <https://blog.postmaster.yahooinc.com/post/730172167494483968/more-secure-less-spam|this>

Email marketer from Email Geeks states that they will require list-unsubscribe headers and that Google will likely do the same.

Email marketer from Email Geeks says that the announcement is really just reiteration of best practices, but moving from “we’ve recommended best practices for a while now. up next we’re requiring best practices”.

Email marketer from Email Geeks highlights the potential impact of Gmail's DMARC quarantine enforcement policy on small senders who impersonate Gmail From: headers.

Email marketer from Email Geeks says that means if you were already at this spam rate or higher you would probably not be getting inbox even before these changes and eventually blocked. Meaning basically they still care about spam rates even if you are authenticated. So keep watching it but they aren't going to throw you out with the bath water over some occasional spikey days.

Email marketer from Campaign Monitor notes that the changes mean bulk senders (over 5,000 emails a day) must authenticate their email, provide easy unsubscription, and keep spam rates low.

Email marketer from Email Geeks questions whether senders will understand that "one click" unsubscribe may refer to List-Unsubscribe, potentially causing confusion.

Expert from Spamresource responds that The exact impact of not complying with Google and Yahoo's new requirements varies, but the main issues are authentication (SPF, DKIM, DMARC), one-click unsubscribe, and staying below spam complaint thresholds. Senders who do not meet these requirements risk having their messages sent to spam folders or blocked entirely.

Expert from Word to the Wise explains that bulk senders must authenticate, implement one-click unsubscribe, and keep spam rates low. For authentication this involves setting up SPF or DKIM, ensuring valid forward and reverse DNS records, setting up DMARC, and aligning the From: header with SPF or DKIM.

Expert from Email Geeks points out the vagueness and inaccuracies in Google's documentation regarding the new requirements, particularly concerning one-click unsubscribe and SPF.

Expert from Email Geeks says that requiring DMARC and List-Unsubscribe-Post are the only things even slightly outside that, and List-Unsubscribe-Post is the only thing that might require some development effort on older platforms.

Expert from Email Geeks mentions that Google is explicitly talking about a visible unsubscribe link in the body, then linking to a (broken) description of List-Unsubscribe headers, which is confusing.

Expert from Email Geeks lists the bullet points for email authentication requirements for all senders except the smallest, including SPF/DKIM setup, valid forward/reverse DNS records, keeping spam rates below 0.3%, following the Internet Message Format standard, avoiding impersonation of Gmail From: headers, adding ARC headers for forwarding, DMARC setup, DMARC alignment for direct mail, and enabling one-click unsubscribe.

Expert from Email Geeks agrees that most of the requirements seem like things that should already be happening, and the rest is uncontroversial.

Expert from Email Geeks says that PTR records are not an issue for shared pools. Just give each IP a hostname in an ESP-controlled domain.

Expert from Email Geeks suggests that most small businesses using platforms like Klaviyo, CC, or Mailchimp can comply with the new requirements easily enough.

Expert from Email Geeks provides a link to a blog post about the new requirements for bulk senders: <https://wordtothewise.com/2023/10/new-requirements-for-bulk-senders/>.

Expert from Email Geeks believes that the really big SaaS providers will continue to evade the new rules by using their own domains and authentication.

Expert from Email Geeks says to not think of the 5k emails a day as a magic threshold, instead think of it as “Am I a big, grown up girl ESP that sends lots of email, or am I a little startup or hobbyist running on a dodgy legacy platform?”.

Expert from Email Geeks says if you’re following basic best practices already, not at all. The bullet point list of requirements is something you can use as a checklist to make sure you are.

Expert from Email Geeks clarifies that Gmail will likely publish a quarantine policy for gmail.com.

Expert from Email Geeks says “Do we need to offer an unsubscribe option on our transactional emails?” is probably a good question, though.

Expert from Email Geeks explains that small businesses might face challenges because they often lack their own domain or don't use it for email, and many use @gmail.com addresses, which will be problematic with the new policies.

Expert from Email Geeks says 0.3% is not a new number and it's not even a new number coming from the ISPs! That was the old AOL threshold, too and also mentions that the 0.3% is based on complaints / mail going to the inbox and is receiver specific. It is not total complaints / total mail sent.

Documentation from RFC Editor describes how List-Unsubscribe header with a mailto: or https: URL for one-click unsubscription.

Documentation from AuthSMTP specifies the core requirements as implementing SPF, DKIM, and DMARC for authentication, providing a simple one-click unsubscribe process, and keeping spam rates reported in Google Postmaster Tools under 0.3%.

Documentation from Google Workspace Updates explains that senders who send 5,000 or more messages in a single day must authenticate their email, ensure they have a one-click unsubscribe option, and keep spam rates below 0.3%.

Documentation from Yahoo Inc. shares that they are requiring senders to authenticate their email using SPF, DKIM, and DMARC. Senders should also ensure that they're allowing users to easily unsubscribe from unwanted mail.

Documentation from GlockApps summarizes the new rules, focusing on authentication (SPF, DKIM, DMARC), one-click unsubscribe, and maintaining a low spam rate below 0.3%. Also indicates the penalties will vary and can include spam foldering or rejection.