In this article:
Audiences targeted by the changes
Before we get started, here's who the new Gmail and Yahoo guidelines are for.
Email recipients targeted by these new guidelines
These new guidelines apply when you send emails to contacts who have:
- Personal accounts ending in @gmail.com or @googlemail.com
- Yahoo and AOL email accounts.
Email senders targeted by these new guidelines
Some of the new measures from Gmail and Yahoo particularly concern bulk senders. Gmail specifically defines them as senders who send more than 5,000 messages per day. However, others apply to any sender sending emails to these internet service providers.
In any case, Cyberimpact recommends that all its clients follow these new guidelines, regardless of their sending volume. These requirements adhere to the best email practices and reflect current standards for email delivery. They will help optimize your deliverability rate, strengthen user trust in your brand, avoid delivery issues, and could keep your emails out of the "spam" folder.
It's important to understand that these guidelines affect all email senders internationally. These requirements are not specific to the use of the Cyberimpact platform.
Key guidelines to follow before February 1st, 2024
Among Gmail and Yahoo's recommendations, four stand out:
- Configure email authentication with DKIM, SPF, and DMARC. Learn more >
- Do not impersonate Gmail "From:" headers. Learn more >
- Maintain a spam rate below 0.3% and send relevant emails. Learn more >
- Provide an easy one-click unsubscribe system and process unsubscribes within 2 days. Learn more >
View the complete list of guidelines for message senders:
How to prepare for February 2024
In this section:
How Cyberimpact helps you comply
Good news! The majority of the requirements requested by Gmail and Yahoo are already in place at Cyberimpact. For example:
- All emails sent via our application automatically include a "list-unsubscribe" header, displaying an unsubscribe link at the top of the message for supporting email clients. Our team is currently working to ensure that this link complies with Gmail's newest requirements. There's nothing for you to do.
- A mechanism to report abuse is prominently featured in the footer of all emails to quickly detect any misuse of Cyberimpact. Also, we do not tolerate spamming through our service.
- We subscribe to feedback loops from major email clients (e.g., Yahoo, Outlook.com...) and automatically process bounces.
- Our platform provides you with all the necessary tools to comply with various laws, such as the Canadian Anti-Spam Legislation (CASL) and Law 25 (Quebec).
- We also ensure that our clients adhere to the best possible email practices and that the structure of our emails complies with recommended standards.
While we are actively working on various solutions to assist and facilitate these changes, some requirements are unfortunately beyond our control. Here's what you need to do by February 2024.
Actions to take before February 2024
To ensure you have the proper authentication in your Cyberimpact emails and to be ready for the new requirements from Gmail and Yahoo, here's what you need to do:
- Use your own domain to send your emails
- Configure DMARC authentication for your sending domain
- Create a CNAME in your DNS records
- Contact our team to activate custom DKIM signature in your emails
- Maintain a low spam rate
- Use your own domain to send your emails
Gmail follows suit with Yahoo and now changes their policy regarding the use of @gmail.com and @googlemail.com addresses outside their service. To prevent email spoofing, they will change their DMARC policy action from "none" to "quarantine”. This means that starting from February 2024, all emails sent from a @gmail.com or @googlemail.com sender address that fail DMARC verification risk being automatically marked as spam or, worse, blocked entirely.What you need to know is that it's not possible to send emails from a Gmail or Yahoo address via our application, or a similar service, that passes DMARC verification. Using a professional domain that you own and control the DNS (Domain Name System) is the only way to meet the new requirements of these email providers.
Moreover, using a free email address (such as Hotmail, Gmail and Yahoo) as a sender address comes with several risks and disadvantages. It is also a practice that is poorly perceived, both by recipients and spam filters, and is frequently used by spammers.
In contrast, using a professional domain will give you several advantages, such as strengthening the trust of your recipients, giving you a more professional look and more control over the customization of your emails. It could also reduce the risk of your emails being marked as spam and help improve your deliverability rate.
- Configure DMARC authentication for your sending domain
Before February 2024, Gmail requests the implementation of SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) authentication on the domain you use for your mailings (the domain in the visible "From:" field of your emails) in order to protect their users against spoofing.
DMARC is a protective mechanism that helps enhance security, protect against fraud, phishing attempts, and ensure the legitimacy of electronic messages. It also tells email providers how to handle messages that fail SPF or DKIM checks on the sending domain, i.e. what action to take. There are three possible options: "none" (meaning take no specific action if validation fails), "quarantine" (e.g. the email could be marked as spam), "reject" (e.g., to block the message). In its guidelines, Gmail specifies that the rule for applying your DMARC policy can be set to "none", so it doesn't have to be "quarantine" or "reject" to meet its requirements. Learn more about Gmail's recommendations >
Another advantage of DMARC authentication is that it allows you, if you wish, to sign up for reports to monitor emails that have been or appear to have been sent from your domain. You'll be able to see which messages you've sent pass or fail the SPF, DKIM and DMARC authentication tests, which could help you detect and take action to protect your sending domain from unauthorized use (e.g. email spoofing).
When an email is sent, the mail servers receiving it will check whether the sending domain (the domain name of the email address visible in the "From:" field) has a DMARC record. For DMARC authentication of this domain to pass, the email must be correctly authenticated with SPF or a valid DKIM signature, and the sending domain (again, the domain of the address visible in the "From:" field) must be the same as the one of the SPF authentication or DKIM signature, also known as SPF or DKIM alignment. If the DMARC check fails, the mail server should then perform the action specified in the domain's DMARC record. If it passes, the email can then continue on its way.
In order for your mailings sent from our platform to pass DMARC verification, we'll need to authenticate your emails with a DKIM signature customized to your domain, thus enabling DKIM alignment. We'll explain how to do this in steps 3 and 4.
Read our blog article "Why should you have DMARC, SPF and DKIM authentication?" >
- Create a CNAME in your DNS records
All emails sent through our services already have Cyberimpact's SPF and DKIM authentication to ensure you get the best possible deliverability rate. Our authentication also allows you to benefit from the good sending reputation of our clientele.However, from February 2024 onwards, to continue sending emails from your own sender address, you will now need to use a custom DKIM signature for your domain to align the sender address domain (visible "From:" header) with your DKIM signature domain. (e.g., if your sender address is "hello@pizza.com", the domain of your signature will be "pizza.com").
Signing your emails with your own domain offers several advantages, such as reinforcing the trust of your recipients, customizing your sending domain to your brand (for example, removing the "via Cyberimpact" mention in Gmail), and is necessary to comply with the alignment of your DMARC policy when sending emails via our platform.
To add a valid DKIM signature linked to your domain in your emails, you need to create a CNAME in your DNS records.
To do this, create your CNAME using the following format:
cyberimpact._domainkey.xxxxxxx | CNAME | clients._domainkey.email.cyberimpact.com
Notes:
- the "x" should be replaced with your domain name, e.g., cyberimpact._domainkey.pizza.com
- if you don't know how to create your CNAME, simply copy and paste the instruction above and send it to your email domain administrator
- Contact our team to activate custom DKIM signature in your emails
Once the CNAME is in place, contact our team so we can activate the custom DKIM signature for your domain in your account. - Maintain a low spam rate
It is important to adhere to good email sending practices and laws in your region (such as CASL and Law 25) to minimize abuse reported from your mailings. If you are currently using Cyberimpact, you probably have very little to change in your habits.As a reminder, here is a list of some measures you can take:
- To monitor your domain's reputation with your recipients at Gmail, you can sign up for Gmail's Postmaster Tools. Learn more >
- Communicate only with contacts for whom you have consent and use our various tools to help you comply with CASL. Learn more >
- Send relevant, quality, and personalized emails at an appropriate frequency. Learn more >
- Use our profile update forms to allow your contacts to update their preferences. Learn more >
- Segment your contacts to send better targeted communications. Learn more >
- Build quality lists with our subscription forms. Learn more >
- Monitor your statistics, bounce rate (incorrect addresses), and unsubscribe rate. Learn more >
If you have questions about the reported abuse rate for your mailings, feel free to contact our technical support.
Conclusion
We hope this article has helped you prepare for the upcoming changes in February 2024. We understand that this can raise some questions or concerns on your end. Feel free to reach out to our team. We are here to help you in this transition.