If you haven't already heard, Gmail and Yahoo! both announced that, starting in 2024, they're going to require commercial bulk senders (that's you!) to implement email authentication standards.

Now, these standard have been around for quite some while. They've only been considered "best practices" to increasing the chances your emails will be delivered to your prospects' and customers' inboxes.

Not any more -- as least as far as Gmail and Yahoo! are concerned. In 2024, they are taking "best practices" and elevating them to "requirements."

You'd be well advised to implement these email authentication standards even if you know absolutely, positively that none of your contacts use Gmail or Yahoo! (which is highly unlikely).

By February 2024, all bulk senders must:

There are 3 email authentication standards that you're now required to implement. Hopefully, by now you've already been implementing 2 of the 3. (If you haven't, then shame on you!)

All three of these email authentication standards are used to prove that you are the legitimate owner of the domain that's included in the "from" address of an email (allegedly) sent by you.

Obviously, Square One is to have your own domain. If you don't even have your own domain for your "from" address, then go no further. You're wasting your time and money trying to send bulk emails that will never make your recipients' email inboxes.

There's oodles of domain registrars for you to choose from. GoDaddy, Bluehost, Namecheap. and Domain.com are just a few of them.

At the end of the day, all 3 email authentication standards are created to prevent fraudsters from sending emails to people, claiming they're from you.

Whichever email service provider's software you're using to send your emails, there will always be a set of records that you'll need to create in your domain registrar account. Every email service provider will give you step-by-step instructions how to create these specific records.

Sender Policy Framework (SPF)

This email authentication standard is the earliest attempt to provide some degree of protection to both email recipients and legitimate email senders. The internet runs on IP addresses. So whenever a mailbox provider receives an email (allegedly) from you, the first thing it checks is whether the IP address that the email is originating from has your permission to do so.

DomainKeys Identified Mail (DKIM)

This is an email authentication method that uses a public-key digital signature to verify that your Email Service Provider (ESP) is sending emails on your behalf. Your ESP will generate a cryptographic hash and embed it in your email's header. When the mailbox provider receives your email, it attempts to decrypt the hash using the public key that you've included in a particular record that you create in your domain's DNS. If successful, it accepts your email.

Domain-based Message Authentication, Reporting, and Conformance (DMARC)

DMARC requires that you be already implementing either SPF or DKIM email authentication standards. To be honest, if you're going to implement one, then there's absolutely no good reason why you wouldn't be implementing both. This authentication standard instructs mailbox providers what to do with an email (allegedly) from you if it fails SPF and/or DKIM validation.

Commercial emails without a link to unsubscribe is so 90's. By now, if you don't have one, you shouldn't be sending in the first place. You're also a law-breaker too!

Gmail is now taking "ease of unsubscribe" to the next level. If you're sending more than 5000 emails per day, then they're requiring a 1-Click Unsubscribe. And they're giving you only 2 days to honor the opt-out request. This timeline goes above and beyond the US government's standard of 10 days.

I always say that you should put your opt-out link at the top of your emails, not buried at the bottom in 2 point font. If people don't want you emails, then don't send it to them. You're wasting your time, your money, and your reputation sending unwanted emails.

All mailbox providers have low tolerance for spam complaints. Gmail says that for every 1000 email you send, you should have zero or at the most 1 spam complaint.

Spam complaints come from two reasons -- both of which are in your control: (1) You didn't define any up-front expectations about your emails, or (2) Your emails didn't match the expectation you set.

Again -- this is why I always recommend you put your opt-out link at the top of your emails. Let people unsubscribe as easily as possible. Make it easier to unsubscribe than to click the "This is Spam" button that's now built into every email app.

Gmail and Yahoo! are actually doing you a YUUUGE favor. By cleaning out the riff-raff senders, they're making it better for you, a legitimate email sender, to get your emails delivered to your intended recipients.

If your ESP doesn't support SPF, DKIM, and DMARC, then ditch them asap. You don't need to waste any more time and money on them. There's already so many reputable ESPs that you can use at a great price. I recommend Klaviyo if you're getting started out, and Maropost when you've matured to high volume sending.

If you're unsure how to set this all up, no worries. Just send me an email manny@e.sellwithemail.online and I'll walk you through.