One of the hallmarks of the email channel is a lack of standards and a lack of universal support for all but the most fundamental elements of email. For example, there are no standards around HTML and CSS code support; dark mode is implemented differently across email clients; spam filtering at different inboxes weights different factors differently; BIMI support is uneven and has different requirements at different inboxes; and on and on.
That’s why the recently announced collaboration between Gmail and Yahoo on spam-fighting protections is so unusual. The joint effort helps reinforce long-standing industry best practices for bulk senders and provides greater specificity on the benchmarks brands need to meet to stay in their good graces.
To avoid deliverability issues at Gmail and Yahoo mailboxes, brands need to meet the following four requirements by February 2024:
1. Fully Authenticate
For brands that send many thousands of emails every day, Gmail and Yahoo are requiring that they authenticate their sender IP addresses and domains using SPF and DKIM, as well as DMARC with at least a p=none policy, which tells inbox providers to deliver email even if they fail SPF and DKIM checks.
What Senders Need to Do
Most commercial senders are already using SPF and DKIM, as this level of authentication is done automatically by some email service providers, including Oracle Responsys. However, if you’re unsure if your email is authenticated, this is your cue to check.
For DMARC, brands will need to take responsibility for setting their p= policy level, and in some cases also setting up their DMARC records in the first place. Some ESPs, including Oracle Responsys, set up DMARC for their customers, but not all ESPs do that.
Gmail and Yahoo require the entry level p=none policy. While that doesn’t protect brands from being spoofed, it does give brands visibility into the IP addresses and domains that are sending email that’s from them or pretending to be from them. That’s incredibly useful intel.
That said, to fully protect your brand from spoofing, set your DMARC policy to p=reject, which tells inbox providers to block any mail that fails SPF and DKIM checks. That’s the policy that Responsys sets for its customers when it sets up DMARC for them, and that’s the policy that Oracle Eloqua recommends in its instructions on setting up DMARC.
We also recommend brands authenticate their non-sending domains, as this protects you from spammers spoofing those as well.
Once your brand has implemented all three authentication standards—SPF, DKIM, and DMARC—then you’re just a few steps away from being able to take advantage of Brand Indicators for Message Identification (BIMI). When set up, BIMI displays a brand’s logo next to their sender name in the inbox.
This enhanced branding opportunity has encouraged many brands in recent years to implement DMARC, the newest of the three standards. This announcement by Gmail and Yahoo will surely spur BIMI adoption as well. It also makes us wonder if BIMI users may soon enjoy easier passage through spam filters.
Learn about the 6 steps of implementing BIMI.
2. Use List-Unsubscribe Headers
Gmail and Yahoo want email recipients to be able to unsubscribe from a brand’s emails with a single click, so they’re requiring brands to use list-unsubscribe headers. This code, added to email headers by email service providers, enables a native unsubscribe link to be included in the inbox’s user interface next to the sender name of an email.
If an email recipient can’t find the unsubscribe link included in the email by the sender or doesn’t trust what will happen if they click that link, having a native unsubscribe link powered by list-unsubscribe headers keep some email recipients from using the other one-click unsubscribe method—hitting the Report spam button. That’s a good thing, since unsubscribes don’t negatively impact your sender reputation like spam complaints do.
What Senders Need to Do
List-unsubscribe headers are enabled by default at most email service providers, including Oracle Responsys and Eloqua. If you don’t see native unsubscribe links when you view your brands emails in Gmail and Yahoo, then talk with your ESP.
Some email marketing platforms allow senders to disable their list-unsubscribe headers. If your brand has done this, you’ll want to re-enable them. Hopefully, ESPs will remove the ability of senders to disable this functionality, but don’t rely on them to turn your list-unsubscribe headers back on if you’ve turned them off.
This mandate does not impact transactional emails, which do not need unsubscribe links, and therefore do not need list-unsubscribe headers either. Just make sure that you’re clear on what is and isn’t a transactional email.
This mandate also does not impact your unsubscribe process or preference center, which is still a great way to try to address some of the reasons someone might want to unsubscribe. That said, consider this announcement a call-to-action to review your unsubscribe process and preference center to make sure they’re clear and easy to use. Any subscriber who visits these pages should be able to opt out of all promotional email with a single click.
3. Process Unsubscribes within 2 Days
In addition to enabling a one-click unsubscribe using list-unsubscribe, Gmail and Yahoo also want senders to honor unsubscribe requests within 2 days. It’s unclear how they’ll enforce this if an unsubscribe request isn’t made via list-unsubscribe. However, when one is, they’ll know if a sender mails the user after that 2 day window has closed, and that would impact their sender reputation.
Legally speaking, the CAN-SPAM Act allows up to 10 business days to process unsubscribes, but there’s nothing keeping inbox providers from enforcing tighter standards. Moreover, the spirit of CAN-SPAM has always been that senders should process unsubscribes as soon as possible. Undeniably, this is what consumers expect. The 10-day window in CAN-SPAM was an acknowledgement that some decentralized businesses (think: insurance companies with lots of independent brokers) might need more time to propagate an unsubscribe request across their far-flung organization.
What Senders Need to Do
From a technology standpoint, the vast, vast majority of senders will not have any trouble complying with this. If you’re a decentralized organization, check to make sure that you’re sharing unsubscribe requisitions across your network within 2 days. If you’re not currently able to do that, then you have until February of 2024 to speed up that process.
From a process standpoint, this mandate will require changes from senders who have been complying with the letter of CAN-SPAM and not its spirit. Those senders who consciously chose to continue mailing recipients who unsubscribe up until the 10-day legal limit will now face even stronger deliverability penalties than before.
4. Keep Spam Complaint Rates Low
Gmail specifies in their Email Sender Guidelines that senders should “aim to keep your spam rate below 0.10%.” Moreover, they say senders should “avoid a spam rate of 0.30% or higher, especially for any sustained period of time.” Yahoo says it will follow this same standard. This is the first time that mailbox providers have spelled out exactly the complaint thresholds they don’t want to see exceeded.
Neither Gmail nor Yahoo specified whether they would calculate complaint rates on a weekly or monthly basis, but it’s clear that a one-day spike in rates wouldn’t trigger blocking or junking on its own. However, when that 0.3% threshold is exceeded, it will cause blocking, with Gmail and Yahoo returning a specific (yet-to-be-determined) bounce code.
What Senders Need to Do
Most senders shouldn’t struggle to keep their spam complaint rates under 0.1%. For instance, very few of our clients exceed that on a regular basis.
However, brands should keep an eye on three important factors. First, pay extra attention to your spam complaint rates during your peak sending seasons, such as the holiday season for retailers and many other B2C brands.
Second, watch your spam complaint rates across various audience segments to identify hotspots. For example, we recommend tracking your subscribers by acquisition source, as brands frequently find that one or two sources are responsible for a big portion of their spam complaints. (Our Audience Acquisition Source checklist has details and ideas about 18 different kinds of sources you can use to grow your cross-channel audiences.)
And third, if Apple’s Mail Privacy Protection is causing your subscriber inactivity to grow and your list to shrink, be mindful that your spam complaint rate may increase as a result.
Codifying Existing Best Practices
Overall, most commercial senders won’t need to make any changes to be in compliance with these new mandates from Gmail and Yahoo, perhaps with the exception of setting up DMARC. In our view, these mandates are largely about creating more transparent expectations of senders and trying to clean up the behavior of senders who haven’t been following industry best practices as closely as they should.
Even so, these announcements should serve as a reminder to all senders to audit their practices and make any needed adjustments. Otherwise, you may be in for a nasty surprise come February 2024 when Gmail and Yahoo start enforcing these new rules.
—————
Need help with your email deliverability? Oracle Digital Experience Agency has hundreds of marketing and communication experts ready to help Oracle customers create stronger connections with their customers and employees, even if they’re not using an Oracle platform as the foundation of that experience. Our award-winning specialists can handle everything from email deliverability and strategy to creative and content planning. For example, our full-service email marketing clients generate 24% higher open rates, 30% higher click rates, and 9% lower unsubscribe rates than Oracle Responsys customers who aren’t.
For help overcoming your challenges or seizing your opportunities, talk to your Oracle account manager, visit us online, or email us at OracleAgency_US@Oracle.com.