Effective February 1, 2024, Google and Yahoo will roll out new email sender requirements. This change may prevent your emails from reaching customers, so compliance with the new requirements should be considered mandatory — and all types of emails, whether transactional, marketing, or something else, must comply.
These changes are meant to protect recipients from spam by making it easier for Google and Yahoo to identify fraudulent emails.
Who needs to comply?
↑ Volver al principioEven if you send only transactional emails, it’s important to authenticate your domain to ensure that your email campaigns still reach your audience. As the email industry trends toward requiring authentication for all senders, it’s likely that providers other than Google and Yahoo will follow in their wake.
Those who send 5,000 or more messages a day to Gmail accounts will have additional requirements, which are detailed in the next section.
What are the new email sender requirements?
↑ Volver al principioFrom Google’s support pages, all senders who send email to Gmail accounts and all domains and consumer email brands hosted by Yahoo Mail must meet the following requirements:
- Remove Gmail from your store’s “From:” address.
- Set up SPF or DKIM email authentication for your domain.
- Maintain spam rates below 0.10% and avoid reaching a spam rate of 0.30% or higher.
- Make sure that sending domains or IP addresses have valid forward and reverse DNS records (also known as PTR records).
- Use a Transport Layer Security (TLS) connection for transmitting email.
- Format messages according to the Internet Message Format standard.
Senders of 5,000 or more messages per day to Gmail accounts will also have the following requirements:
- While smaller senders should have SPF or DKIM set up, both are required for larger senders. DMARC email authentication confirms both protocols for your sending domain.
- Marketing messages and subscribed messages must support one-click unsubscribe and include a clearly visible unsubscribe link in the message body.
Email authentication
Senders will need to implement stronger email authentication by using industry standards such as SPF, DKIM, and DMARC. What does that mean?
Sender Policy Framework (SPF)
SPF records allow a sender to specify the IP addresses (or authorized mail servers) that are allowed to send mail for a specific domain. Service providers can then reject emails sent from an IP address that doesn’t match the SPF records for the email’s domain — like scamming and phishing emails.
DomainKeys Identified Mail (DKIM)
A DKIM record adds a digital signature to emails that your organization sends. Recipient email servers then perform a check to see if the signature from the email matches the DKIM record in your domain name system (DNS) settings. A matching signature indicates that the email content hasn’t been modified and is from a legitimate sender.
Domain-based Message Authentication, Reporting, and Conformance (DMARC)
DMARC is a policy that allows a sender to indicate that their messages are protected by DKIM and/or SPF, and tells a receiver what to do if neither of those authentication methods pass.
Email domains should match your website domain
Emails from public domain providers, like @gmail.com or @yahoo.com will (very) likely be marked as spam. This includes both marketing and order notification emails.
One-click unsubscribe links
Senders of 5,000 or more messages a day to Gmail accounts must implement one-click unsubscribe for marketing emails. If you have been or are planning to send email to residents of the European Union, this builds on the GDPR’s unsubscribe requirement, which states that unsubscribe options must be provided in every marketing communication.
The one-click mechanism is intended for machines, rather than humans, to trigger. For instance, Gmail allows users to unsubscribe from marketing emails directly from their inboxes. This functionality is what will become a requirement on February 1st.
What should you do to ensure compliance?
↑ Volver al principioMerchants should transition to using email addresses associated with their own domain rather than public domain addresses like @gmail.com or @yahoo.com. Additionally, you must ensure your email setups are configured with proper authentication protocols (the SPF, DKIM, DMARC protocols described above) to improve email deliverability and comply with the new requirements. This move will help prevent your store emails from being marked as spam and ensure vital communication with customers remains uninterrupted.
Every email marketing platform will have a slightly different process. We recommend starting with the following actions:
- Review WooCommerce email settings (WooCommerce > Settings > Email) and settings of any plugins that you use to ensure that they send as your branded domain (e.g. me@mybrand.com), and not as your @gmail.com or @yahoo.com address.
- If your host delivers your store’s emails (most common), review your host’s documentation about authentication or confirm with customer support that your store’s emails are authenticated with SPF, DKIM, and DMARC. Each host will have a specific process, and they will help you ensure compliance.
- If you use plugins like WP Mail SMTP or MailPoet to deliver your store’s emails, you will need to follow their recommendations on how to authenticate your branded domain.
- You can check authentication yourself by sending a test email from your store to a service like mail-tester.com and ensuring that the authentication is valid. Placing a test order on your store is a good way to do this. Your test results should look like the image below.
How to change your sender email domain in your WooCommerce settings
↑ Volver al principioInstallations of self-hosted WooCommerce use WordPress’ default email sending capabilities for transactional messages, which are likely not configured in compliance with these new requirements. It is possible that your store’s sender email is set to your user email.
To check your settings and update your sender email address, navigate from your WordPress dashboard to WooCommerce > Settings > Emails.
Using your @gmail.com, @yahoo.com or similar public domain email address will likely cause emails to land in spam folders due to mismatch between the declared sender (servers of Gmail or Yahoo) and the actual sender (your website server).
If your personal email is used, update this field with a registered email address that uses your website’s domain name.
We recommend testing your different email campaigns to make sure that all are compliant and able to be delivered. You can also install plugins (like WP Mail Logging) that will check to see whether your transactional emails are sending. Check out the Woo email FAQ documentation for further guidance.
To change your sender email for your marketing communications, check in with your email marketing platform to find out where these settings are.
What’s next?
↑ Volver al principioWhile the new requirements will be rolled out on February 1, 2024, enforcement will increase to full capacity by mid-2024. Non-compliant emails will land in users’ spam boxes or be rejected altogether. Lack of order confirmation emails could cause confusion for your customers, and a lack of marketing emails could negatively impact your revenue, so it’s important to achieve compliance as soon as possible.
For further guidance, check for documentation and updates from your email marketing provider and your hosting provider. Settings may vary from service to service, so it’s important to review all settings to help ensure your emails are securely delivered to your customers.
About
Thank you so much for this information,
Some questions have arisen that I would appreciate if someone could kindly answer,
We are about to implement an email subscription for users who want to receive 1 email per day when a publication is made on our site https://trenmayaa.com/ since the plugin we use for notifications does not record any user data, we believe it is sending blind notifications,
The questions are:
1. Does this apply to everyone including those who send less than 5000 messages a day?
2. Is it advisable to generate a no-reply email for the store?
3. Keep spam rates below 0.10%. Where can I research this percentage?
4. If I have a spam rate of 0.30% or higher, does it affect my website traffic?
Sorry for so many questions, thank you very much
Hi Beto!
> 1. Does this apply to everyone including those who send less than 5000 messages a day?
If you send fewer than 5000 messages a day, Google indicates it would not require you to publish a DMARC policy and add a «1-click Unsubscribe header».
All other requirements, like not sending your store’s emails from an «@gmail.com» address, authenticating your store’s sender domain with SPF or DKIM, maintaining a low spam report rate would still apply.
Chances are that the email service you use will help you become compliant, and you will just need to focus on these key aspects:
1) Send emails from your website’s domain and not @gmail.com addresses
2) Follow your email service provider’s (or if you send emails with your host – host’s) guidance to authenticate your website’s domain
3) If you don’t have a DMARC policy, you may as well add a neutral policy by adding a simple DNS record as you’re tackling point 2.
4) Only send emails to contacts who explicitly requested it to maintain low spam report rates.
> 2. Is it advisable to generate a no-reply email for the store?
You can do it, but to offer the best experience to your customers we’ve seen industry experts advise to send emails from an address staff monitors and responds to.
If a customer has issues or questions about their order, enabling them to just hit «Reply» results in a better experience for them, and it’s a great opportunity for store owners to hear user feedback.
Some users may also respond to marketing campaigns indicating they don’t want to receive them anymore. A «no-reply» address may mean no one will act, and the user might report the next unwanted email as spam.
> 3. Keep spam rates below 0.10%. Where can I research this percentage?
The email service provider you use is best positioned to provide you with this information.
Nearly every single email service will require a similarly low spam report rate. Some services may show it in the Statistics section of the tool, others like MailPoet might not show it but would reach out to you if the spam rate exceeded 0.1%.
> 4. If I have a spam rate of 0.30% or higher, does it affect my website traffic?
The requirements above only focus on whether the emails you send would be placed in recipients’ email inboxes or spamboxes. Directly, it should not impact the website traffic you get from search engines, social media, ads, or other channels.
If your website relies on email marketing to drive traffic – exceeding a 0.3% spam report rate would mean emails being placed in the «Spam» folder and fewer contacts seeing them, and thus visiting the site less.
A higher spam report rate may also indicate unwanted marketing practices, which may change your customers’ perception of your business, resulting in some of them taking their business elsewhere.
I hope this helps!
Thank you for sharing but I’ve Questions:
Would it be prudent to create a no-reply email for the store?
Research methods to maintain spam rates below 0.10%. Where can I find information on this specific percentage?
Does a spam rate of 0.30% or higher have an impact on my website traffic?
Hi Michael!
> Would it be prudent to create a no-reply email for the store?
You can do it, but to offer the best experience to your customers we’ve seen industry experts advise to send emails from an address staff monitors and responds to.
If a customer has issues or questions about their order, enabling them to just hit “Reply” results in a better experience for them, and it’s a great opportunity for store owners to hear user feedback.
Some users may also respond to marketing campaigns indicating they don’t want to receive them anymore. A “no-reply” address may mean no one will act, and the user might report the next unwanted email as spam.
Research methods to maintain spam rates below 0.10%. Where can I find information on this specific percentage?
> Research methods to maintain spam rates below 0.10%. Where can I find information on this specific percentage?
The email service provider you use is best positioned to provide you with this information.
Nearly every single email service will require a similarly low spam report rate. Some services may show it in the Statistics section of the tool, others like MailPoet might not show it but would reach out to you if the spam rate exceeded 0.1%.
We’ve seen unsecured forms attacked by bots and marketing campaigns mismatching contacts’ expectations as the biggest contributors to spam reports.
Your email marketing service provider likely has documentation on strategies you can use, but as an example here’s MailPoet’s advice:
https://kb.mailpoet.com/article/371-spam-complaints-and-how-to-prevent-them
Some aspects are a bit MailPoet-specific, but high level ideas like getting consent, setting expectations to contacts upfront and following them, making it easy to unsubscribe from further communications will be true for any tool you might use.