Back to main menu


Gmail and Yahoo’s 2024 inbox protections and what they mean for your email program

Gmail and Yahoo continue to crack down on unwanted email with new sender requirements that will provide a better inbox experience for users and have a major impact on senders. The coming changes focus on better authentication and email relevance, and pave the way for new mailbox standards that require senders everywhere to step up their game.



As senders, we should be the first to care about sending valuable, relevant emails to our contacts. Ultimately, email’s efficiency as a communications channel depends on our recipients’ overall inbox experience. More unwanted emails mean more competition and less likelihood of having our messages read.

But that doesn’t stop us from worrying when mailbox providers make the decision to enforce requirements impacting the way they handle unsolicited messages, like the ones announced earlier this month by Gmail and Yahoo.

What do these announcements really mean? How are they going to impact your email program? And most importantly, what do you need to do to stay on the right side of the email law? We’ve got all the answers and some recommendations in this post.

What are the new sender requirements?

In an ongoing effort to secure inboxes, both Gmail and Yahoo have said that they will be enforcing new protection standards for bulk email senders.

Gmail, who had already announced a cleanup of inactive accounts in May 2023, explained in a statement that enforcement will begin in February 2024, and they’ll be carefully monitoring bulk senders (those transmitting more than 5000 messages a day). In a very similar announcement, Yahoo explained that they’ll also be targeting the first quarter of 2024.

“Many bulk senders don’t appropriately secure and configure their systems, allowing attackers to easily hide in their midst.”

Neil Kumaran, Group Product Manager, Gmail Security & Trust

These upcoming requirements are certainly the most substantial we’ve seen mailbox providers enforce in recent years, but they’re not new. In fact, authentication, one-click unsubscribe, and spam monitoring have been high on the list of email deliverability best practices for quite some time now.

And while it’s no surprise it has caused some concern among senders, at Sinch Mailgun we suspect requirements like these will soon spread across the industry.

What do these changes mean for senders?

The most straight forward answer to this question is that, if you haven’t already, you’ll need to get serious about certain email deliverability best practices.

Both Gmail and Yahoo have highlighted three key changes that senders will need to prioritize if they want to be seen as legitimate senders come 2024:

  1. Authenticate their email: Senders will be required to verify their sender identities with standard protocols like SPF, DKIM, and DMARC.

  2. Enable one-click unsubscribe: Senders will need to implement a single-click unsubscribe link within emails if they haven’t already, to allow recipients to easily opt out.

  3. Only send emails users want: Gmail and Yahoo are getting serious about spam monitoring and senders will need to ensure they’re keeping below a set spam rate threshold.

These mandates will only affect bulk senders, defined by Google as senders with volumes of 5000 or more messages to Gmail addresses in one day. The announcements don’t specify that a sender must send 5000 messages each day, or within a certain time frame, though. So, it’s important to consider your peak holiday sending habits, and large campaigns when checking if these rules will apply to you. You may not think of yourself as a bulk sender, but mailbox providers might disagree.

As we mentioned before, these requirements are not unexpected or revolutionary changes in the way we should be sending emails, but they’re still not followed by many senders. For example, email authentication has been strongly encouraged for a number of years now. Still, our State of email deliverability report found that around 40% of senders are either unsure or not implementing both SPF and DKIM, and among those using DMARC, 40% are not sure what their policy is.

“These changes are like a tune-up for the email world, and by fixing a few things under the hood, we can keep email running smoothly. But just like a tune-up, this is not a one-time exercise. Keeping email more secure, user friendly and spam-free requires constant collaboration and vigilance from the entire email community.”

Neil Kumaran Group Product Manager, Gmail Security & Trust

The good news is that both providers have highlighted similar updates in their statements, primarily focused on maintaining higher standards of authentication, simplifying unsubscription from promotional emails, and holding senders to a lower spam rate threshold. Here’s a snapshot of what to expect.

Image outlining Gmail inbox update for Feburary 2024 that include authentication expectations, single click unsubscribe, and maintaining a low spam rate.
Image outlining the Yahoo inbox update for Q1 2024 that include authentication expectations, single click unsubscribe, and maintaining a low spam rate.

What do you need to do to prepare?

So, the ball is now on the email sender’s court to get ready before 2024. What changes do you need to make to ensure your emails keep landing in the inbox? And how do you implement them?

Here’s a detailed list:

Get serious about email authentication

Email authentication is the process of securing and confirming your sender identity through certificates and encryption. The purpose is to protect your identity against spoofing and protect your recipients from phishing attacks. This is why the Gmail and Yahoo updates focus on validating your sender identity. In 2022, Gmail began to require that senders adopt some form of authentication, which resulted in a 75% drop in unauthenticated messages received by Gmail users. But complex problems like spammers, phishers, and malware require equally complex solutions.

Gmail’s first task for bulk senders is that they authenticate their email by following these best practices. The requirement from both Gmail and Yahoo is to set up strong authentication with “ SPF, DKIM, and DMARC for your domain.” Previously not a requirement, this move towards implementing Domain-based Message Authentication, Reporting, and Conformance, (DMARC) is something Sinch Mailgun’s Jonathan Torres had already predicted in our guide on email security and compliance.

“At some point, mailbox providers may decide to prioritize messages from senders that have DMARC policies set to reject or quarantine, because those are the ones they can verify and trust. We haven’t seen anyone take that step yet, but the groundwork is there to require senders to have a DMARC policy set to something besides p=none. That might be what it takes for adoption.”

Jonathan Torres, TAM Team Manager, Mailgun

Our recommendation is to set up all three authentications if you are a bulk sender to protect your sender identity and your deliverability. Here’s how to go about it.

New email authentication requirements

What­ you’­ll need­

How to get ther­e

What­ you’­ll need­

Gm­ail: Both­ SPF and DKIM­ are requ­ired by Gmai­l. Mess­ages that­ don’­t carr­y thes­e prot­ocols will­ be reje­cted from­ the inbo­x or mark­ed as spam­. DMAR­C is also­ requ­ired to prev­ent Gmai­l impe­rsonation in FROM­ head­ers.

If you’­re a Mail­gun user­, we’v­e alre­ady got you cove­red on SPF and DKIM­. But if you’­re not we’v­e outl­ined the proc­esses for obta­ining thes­e auth­entications in thes­e post­s: SPF­ basi­cs and Und­erstanding DKIM­. For­ DMAR­C you will­ need­ to set at mini­mum a p=no­ne poli­cy.

How to get ther­e

Ya­hoo: Will­ requ­ire stro­ng auth­entication and for user­s to “lev­erage indu­stry stan­dards such­ as SPF,­ DKIM­, and DMAR­C”.

Impl­ementing DMAR­C take­s a bit more­ time­, as DMAR­C allo­ws you to make­ choi­ces rega­rding your­ poli­cy base­d on your­ emai­l prog­ram. Get star­ted now by chec­king out our Imp­lementing DMAR­C arti­cle.

Make it easy for your recipients to unsubscribe

There were already good reasons to provide a clearly visible unsubscribe for contacts, and an unsubscribe link in the footer text of email messages is already a standard practice across the board, that’s not what this requirement is about.

Sending messages to users who don’t want them has a major negative impact on your engagement metrics and spam rates and is ultimately bad for your overall reputation. In our podcast, Email’s Not Dead, we sat down with Marcel Becker, Sr. Product Manager for Yahoo, and asked him lots of questions about Yahoo’s new requirements.

You can check out more in our key takeaways post but here's a preview: It’s a lot more likely that a user will unsubscribe to a message if the option to unsubscribe is visible from within the mailbox UI. Many users find it faster and easier to move a message to the spam folder than they do to scroll to the bottom of the email and complete a multi-step process.

Now, one-unsubscribe links will be even more important. From 2024, both Gmail and Yahoo will require that senders provide a single-click process for users to unsubscribe, as opposed to confirming your email or updating your subscription preferences and providing feedback. Senders will have two days to implement unsubscribe requests.

New unsubscribe requirements

What­ you’­ll need­

How to get ther­e

What­ you’­ll need­

Sa­me for Gmai­l and Yaho­o: A sing­le-click path­way for user­s to easi­ly unsu­bscribe from­ your­ mess­ages from­ with­in the mail­box prov­ider’s UI usin­g list­-unsubscribe head­ers, and inte­rnal supp­ort to hono­r unsu­bscribe requ­ests and remo­ve addr­esses from­ rele­vant emai­l list­s with­in 2 days­.

Send­ers will­ need­ to put list­-unsubscribe post­ head­ers into­ the head­er of thei­r emai­l as spec­ified by RFC­ 8058­.

Carefully monitor spam rates

What’s the best way to eliminate spam from user’s inboxes? Set a low spam rate threshold and tell senders they can’t exceed it.

The strategy for both Yahoo and Gmail is the same, as is the spam complaint rate threshold of 0.3%. This may sound like a ridiculously low percentage but it’s not when you consider that many Email Service Providers (ESPs) and independent companies have existing internal practice of maintaining spam rates below 0.1%, or one message marked as spam out of every 1,000 sent.

“We chose 0.3% because there are other companies and programs out there and 0.3% or below is the requirement for them already. If your traffic sustains a spam rate above 0.3%, you’re probably already in a world of hurt. Generally, we look for much smaller numbers, but 0.3% resonates with the industry so we chose to make it public.”

Marcel Becker, Sr Director Product Management at Yahoo

Your spam rate, or spam complaint rate, is the number of recipients that report your message as spam compared to the total number of emails that were delivered. The best way to keep this number low is to monitor, sunset disengaged subscribers before they are tempted to press the spam button, and promptly respond to any spike in your spam complaint rate by cleaning your list and reviewing your sending practices.

Remember, Gmail doesn’t provide traditional feedback loops like Yahoo does, so you’ll need to ensure you’re signed up with Google Postmasters Tools to monitor your spam rates.

What­ you’­ll need­

How to get ther­e

What­ you’­ll need­

Sa­me for Gmai­l and Yaho­o: The spam­ comp­laint thre­shold is 0.3%­.

Clos­ely moni­tor your­ spam­ rate­, as well­ as othe­r enga­gement metr­ics, usin­g reso­urces like­ Goo­gle Post­masters Tool­s. Empl­oy deli­verability best­ prac­tices like­ lis­t mana­gement and sun­set poli­cies to opti­mize your­ emai­l list­s, ensu­ring you’­re only­ send­ing mess­ages to enga­ged reci­pients. Use del­iverability tool­s like­ Emai­l Veri­fication and Inbo­x Plac­ement Test­ing to stay­ on top of your­ over­all deli­verability and impr­ove your­ inbo­x plac­ement.

How can Sinch Mailgun help?

At Sinch Mailgun, email deliverability excellence is always at the core of our product offering. We’re constantly striving to set up our users for deliverability success and making sure you get the help you need to achieve it. Part of those efforts are getting the right people in the room so we can provide the most accurate information. In this spirit, Kate Nowrouzi, VP of Deliverability at Sinch Mailgun sat down with Marcel Becker, Sr. Product Manager at Yahoo, and Anu Yamunan, Director of Product for Anti-Abuse and Safety at Google, for a fireside chat to answer some of the most common questions around these sender requirements, and find out the reasons behind them.

On-demand webinar

Are you prepared for Google and Yahoo's new sender requirements?

View our fireside chat with Marcel Becker, Senior Director of Product at Yahoo, Anu Yamunan, Director of Product for Anti-Abuse & Safety at Google, and Kate Nowrouzi, Vice President of Deliverability at Sinch Mailgun, as we explore the new requirements for bulk email senders.

Mailgun users can rest assured that their email authentication protocols are already compliant with Gmail and Yahoos requirements, since our platform automatically enforces both SPF and DKIM by default. For more resources, we’ve put together a library and checklist with everything you need.

We also offer a full suite of innovative deliverability tools and services designed to make these protections easy to achieve. Our Mailgun Optimize deliverability toolkit includes great tools to test, monitor, and analyze various essential email deliverability elements.

  • Email validations helps remove high-risk and invalid addresses from your lists before you send to help reduce bounce rates and protect your reputation.

  • Inbox Placement Testing shows you which folder or tab your email is most likely to land in across top providers (like Gmail and Yahoo) and helps proactively test your authentication status.

  • Google Postmaster integration shows you user-reported spam rate and other essential stats like authentication status monitoring for DMARC for those sending emails to Gmail users.

  • Bounce Classification helps you identify critical bounces that might be occurring due to your sender reputation.

Together, these tools ultimately make it easy to stay on top of your email performance.

Think your business might need some additional support as you navigate these changes? Check out our Deliverability Services! We have a dedicated team of experts with over 320 years of combined email experience ready to help your company navigate these evolving industry standards and implement the tailored strategy that best fits your email needs.

Learn about our Deliverability Services

Deliverability Services

Looking to send a high volume of emails? Our email experts can supercharge your email performance. See how we've helped companies like Lyft, Shopify, Github increase their email delivery rates to an average of 97%.

Related readings

Why is Gmail blocking my emails? How to prevent it

It's frustrating as an email sender when your messages don’t get through. Especially if you don't know why it's happening. In this article, we’ll dig into why Gmail may be blocking...

Read more

Email validation – Why is it vital for your inbox?

We all have those moments when we get nervous and need to double-check ourselves. Did we fill in the right answer bubbles on a test? Did we type in the right password when...

Read more

What is DKIM: Learn how it works and why it’s necessary

Are you who you say you are, or are you a spoofer in disguise? Answering this question is what DKIM is all about. As email usage and capabilities continue to grow, it’s important to...

Read more

Popular posts

Email inbox.

Build Laravel 10 email authentication with Mailgun and Digital Ocean

When it was first released, Laravel version 5.7 added a new capability to verify user’s emails. If you’ve ever run php artisan make:auth within a Laravel app you’ll know the...

Read more

Mailgun statistics.

Sending email using the Mailgun PHP API

It’s been a while since the Mailgun PHP SDK came around, and we’ve seen lots of changes: new functionalities, new integrations built on top, new API endpoints…yet the core of PHP...

Read more

Statistics on deliverability.

Here’s everything you need to know about DNS blocklists

The word “blocklist” can almost seem like something out of a movie – a little dramatic, silly, and a little unreal. Unfortunately, in the real world, blocklists are definitely something you...

Read more

See what you can accomplish with the world's best email delivery platform. It's easy to get started.Let's get sending
CTA icon