top of page
  • Writer's pictureAlycia Yerves

❗Gmail & Yahoo's new requirements for email marketers

As you know, email is one of the most important communication channels for businesses. Some important industry-wide changes are about to roll out for email marketers and this may affect you.


Ok, my friend, there's a whole buncha techy mumbo jumbo ahead - but stay with me to the end because I'm here to help!

In October 2023, Google and Yahoo announced some new rules for email marketers, specifically requiring a new standard of email authentication, which now includes three records (DKIM, SPF, DMARC). Google and Yahoo are doing this to reduce spamming, and increase email security. These new rules affect users of any email service, and are supposed to go into effect in February 2024. Although you'll need to follow some new steps, doing so can boost your email delivery success by proving you're a trusted sender.

These new requirements primarily impact two groups of email senders:

  • Large senders, or anyone who sends to more than 5,000 Gmail or Yahoo email addresses on any single day.

  • Anyone who uses a Gmail email or Yahoo address as their “From” email address when sending emails through any email service provider, regardless of sending volume or the email domains of their recipients.


You can read Google’s and Yahoo’s announcements for the full details, but here is a quick summary of the new requirements for email senders:

  1. All senders will need to have the right authentication for the email domain they’re sending from. Specifically, senders will need to ensure that SPF, DMARC, and DKIM are configured accurately. Now, let’s define what are these acronyms mean: DKIM, or "DomainKeys Identified Mail," is like a digital signature for your emails. It's a way of proving that an email actually comes from who it says it's from, like a little stamp of authenticity. So, when your subscriber gets an email from you, they can be sure it's really you and not some imposter trying to trick or scam them. SPF, or "Sender Policy Framework," is like a bodyguard for your emails. It's like telling the internet, "Hey, only these specific servers are allowed to send emails on behalf of my crew." This way, it's harder for sneaky impostors to pretend they're part of your gang and send fake emails. SPF is like the bouncer at the email club, making sure only the trusted servers get inside and your emails don't end up in the spam zone. It's your email's personal security detail! DMARC, or "Domain-based Message Authentication, Reporting, and Conformance," is like a super-guard for your emails. It helps stop bad guys from pretending to send emails from your email address. With DMARC, you can set rules that tell email systems how to handle fake emails that claim to be from you. It uses other tools like SPF and DKIM to make sure your emails are legit. Plus, it gives you reports on any fishy activities, so you can keep your emails safe and sound. It is set up to make sure only the good emails get through. When all of these are correctly set up at your domain, you can send emails through an email service provider like Flodesk, Mailchimp, ConvertKit, etc. Gmail and Yahoo will recognize that your domain has approved your provider as a legitimate service to send emails on your behalf, ensuring your emails will still reach Gmail and Yahoo addresses.

  2. Senders must include a one-click unsubscribe link in your email. Every mass email now needs to include an easy, one-click unsubscribe option, both in the email body and header. Bulk email senders must respect unsubscribe requests within two days. The good news is that many email service providers now take care of this automatically for all emails sent through their platform. Check your email service provider for details on if they have set this up for you already.

  3. Senders’ spam rates will need to fall below a certain threshold. Google and Yahoo will begin enforcing a spam rate threshold that senders must stay under to ensure Gmail and Yahoo recipients aren’t being sent to spam. 



It is important to reiterate that these changes are industry-wide standards that impact all email service providers. This is not the first time that email compliance regulations have changed and it won't be the last in this rapidly evolving industry.


If you use an email service provider to send out newsletters and marketing automations, I strongly encourage you to obtain and use a custom domain email address (i.e., instead of and make sure it is properly verified and authenticated.




  • Acquire or Set Up a Custom Domain Starting in February of 2024, Gmail will begin using DMARC to protect their domain from unauthorized use. Gmail doesn’t allow for users to set up authentication for their individual address—this is because DMARC applies to the entire domain. When you send an email from any service other than Gmail itself using a domain, Gmail will tell recipient inboxes that Gmail didn’t send the email and therefore they should reject the email. It is likely that more services could adopt the same requirements as Google and Yahoo in the future and impact email senders who are using other freemail domain services. For this reason, I strongly encourage you to set up a custom domain through a registrar that provides email hosting, such as Godaddy or Namecheap. Once you have a custom domain, or if you already have a custom domain, you’ll need to verify it, and then set up DMARC and DKIM (see below). Use only that custom domain email address to send your newsletters and marketing automations going forward. Any provider or platform that needs to send an email on your behalf (such as your online store, course platform, CRM system, etc) needs to have this setup properly.

  • Set up DMARC You can set up DMARC authentication for your sending domain in your DNS provider yourself. Your DMARC enforcement policy can be set to "none", and Google has some specific guidelines to set your brand up for success.

  • Set up DKIM If you use an email service provider, it is likely that they have already emailed you details on DKIM next steps and what you need to do. Check with your provider to see if they've provided you with this guidance, so that you can follow their steps DIY style.

It may take several days for everything to fully connect, once set up. But once you complete all of the steps outlined above, you’ll then meet the new authentication requirements for Google and Yahoo. 




Already have a custom domain email address and want my help in getting the rest of this gobbledygook squared away? 🥴🥴🥴


I've got a few spots on my calendar to take care of this for you as things are due to start going into effect in February 2024. It's $399, and it would be a one-time service.*


If you are interested in booking a spot, please click here to answer a few initial questions and I will follow up with you on next steps.


Note: I'd need to partner with you on acquiring some logins, records, etc for your unique setup. I may need access to your custom domain registrar account and DNS records, your email marketing service provider account, the admin area or control panel for your webmail service, and possibly your website platform account or any other platform that needs to send an email on your behalf. If we run into any issues along the way, I may also need to partner with you to contact your provider's tech support team so they can assist with troubleshooting until everything is solved. It is also possible there may be additional fees from your providers if you need to upgrade any plans or add additional accounts, etc. 

*Disclaimer: I am not an accredited expert on every aspect of this fairly complicated DMARC procedure and this is not a standard service I provide, but being pretty tech-savvy and having set this up successfully for myself and several clients already, it occurred to me that I could help others with this technical process.

To be clear: you absolutely are able to do all of the steps in this email yourself (and you could always reach out to your IT person, or customer support at your various providers for assistance), but if you'd like me to virtually hold your hand and take care of the domain authentication / configuration process for you, I'm here for ya. 🙋🏼‍♀️

Got questions? Email me at and I'll get back to you!

⚠️ You can check this link to see if your custom email domain is protected against phishing, spoofing or fraud.

Happy emailing,


tl; dr? If you already have a custom domain email address and want my help with getting things properly set up so you meet the new authentication requirements for Google and Yahoo, please click here to answer a few initial questions and I will follow up with you on next steps. 

PS: Are your systems a mess with a million apps and tools? None of which truly help you the way you need them to? I've done the work for you! Grab my FREE Small Business Toolkit to see all my favorite tools I use to run my business. ⬇️


All the ways I can help






8 views0 comments

Recent Posts

See All


bottom of page