In October 2023, Google and Yahoo announced a new set of email security requirements for any group sending emails to more than 5,000 names at once. Combined, Google and Yahoo (and Yahoo-owned AOL) account for nearly 2 billion email addresses worldwide, so compliance with these requirements is critical to ensuring your email program will continue generating great engagement and raising crucial revenue.
Avalon is focused on ensuring our clients are up to speed and in compliance, so here’s what you need to know.
The security requirements will verify your organization’s sender identity with Google and Yahoo so emails to these platforms are less likely to go to Spam folders.
These measures have been optional for a few years, so many organizations are already in compliance. However, these became requirements in February 2024, and Google and Yahoo have said that they will start penalizing senders not in compliance over the next few months. Google and Yahoo will start rejecting a portion of your messages if senders are found out of compliance.
If you are unsure whether you are in compliance, start by reaching out to your IT team and/or website manager. Most of the security requirements can be implemented by your IT/website team.
You should also reach out to your contacts at your email platform (Luminate, Engaging Networks, Salesforce Marketing Cloud, Pardot, etc.). Major email service providers are aware of these security requirements, and they have likely already started work on their end to get up to date. Your email platform contact should be able to point you in the right direction.
1. DNS Record
The bulk of the new email requirements will apply to your organization’s Email Domain DNS records, which are pieces of information in a database that link your URL to an IP address.
2. One-Click Unsubscribe
Google and Yahoo will require organizations to implement “One-Click Unsubscribe” headers (see example below), and process unsubscribe requests within 48 hours.
3. Spam Reporting
Google and Yahoo will require spam rates below 0.30%, and ideally below 0.10%. Avalon recommends organizations track spam rates for all email campaigns.
Brand Indicators for Messaging Identification (BIMI) is an optional authentication method that will show your organization’s logo in the Inbox preview, before recipients even open your email. BIMI is not one of the required authentication requirements set by Google and Yahoo, however it can be added at the same time as you’re tackling the other new requirements.
Avalon recommends implementing BIMI, as it is a great way to raise brand awareness, stand out in inboxes, generate trust with your email recipients, and ultimately drive more engagement with your emails. If your team is open to adding one more step in this process, BIMI verification is worth it. To learn more about implementing BIMI, please visit this help article from Google.
At left, four senders — two with BIMI and two without. At right, all three senders have BIMI.
Getting your nonprofit’s email messages to your recipients as intended is a key component of any successful digital fundraising and communication plan. Putting these updates in place will help your sender reputation and email metrics since they will allow your legitimate emails to get through.
Rolling with new requirements from the big players in the digital space (like Google and Yahoo) is an ongoing part of running a successful digital program. And Avalon will continue to monitor and keep you up to date with new requirements, tools, and opportunities as they emerge.