FYI Blog

Google and Yahoo Security Updates: Are You Compliant?

Back in the fall, Google and Yahoo announced a new set of email security requirements for any group sending emails to more than 5,000 names at once, and now that the deadline for the new requirements is approaching, we’re focused on ensuring our clients are up to speed and in compliance. Combined, Google and Yahoo (and Yahoo-owned AOL) account for nearly 2 billion email addresses worldwide, so compliance with these new requirements is critical to ensuring your email program will continue generating great engagement and raising crucial revenue.

What’s going on?

The security requirements will verify your organization’s sender identity with Google and Yahoo so emails to these platforms are less likely to go to Spam folders.

These measures have been optional for a few years, so many organizations are already in compliance. However, these became requirements in February and Google and Yahoo have said that they will start penalizing senders not in compliance over the next few months. And we’re already seeing some organizations getting penalized for not complying, so there’s urgency for making these changes. Otherwise, Google and Yahoo will start rejecting a portion of your messages.

What do I need to do now?

If you are unsure whether you are in compliance, start by reaching out to your IT team and/or website manager. Most of the security requirements can be implemented by your IT/website team.

You should also reach out to your contacts at your email platform (Luminate, Engaging Networks, Salesforce Marketing Cloud, Pardot, etc.). Major email service providers are aware of these security requirements, and they have likely already started work on their end to get up to date. Your email platform contact should be able to point you in the right direction.

What are these requirements?

1. DNS Record
The bulk of the new email requirements will apply to your organization’s Email Domain DNS records, which are pieces of information in a database that link your URL to an IP address.

2. One-Click Unsubscribe
Google and Yahoo will require organizations to implement “One-Click Unsubscribe” headers (see example below), and process unsubscribe requests within 48 hours.
An example of a one-click unsubscribe button.

3. Spam Reporting
Google and Yahoo will require spam rates below 0.30%, and ideally below 0.10%. Avalon recommends organizations track spam rates for all email campaigns.

Bonus: Should we implement BIMI?

Brand Indicators for Messaging Identification (BIMI) is an optional authentication method that will show your organization’s logo in the Inbox preview, before recipients even open your email. BIMI is not one of the required authentication requirements set by Google and Yahoo, however it can be added at the same time as you’re tackling the other new requirements.

Avalon recommends implementing BIMI, as it is a great way to raise brand awareness, stand out in inboxes, generate trust with your email recipients, and ultimately drive more engagement with your emails. If your team is open to adding one more step in this process, BIMI verification is worth it. To learn more about implementing BIMI, please visit this help article from Google.

Two screenshots of an email inbox; two of four senders at left do not have BIMI, but all three at right have BIMI.At left, four senders — two with BIMI and two without. At right, all three senders have BIMI.

Bottom Line: These updates are good for nonprofits

Getting your nonprofit’s email messages to your recipients as intended is a key component of any successful digital fundraising and communication plan. Putting these updates in place will help your sender reputation and email metrics since they will allow your legitimate emails to get through.

Rolling with new requirements from the big players in the digital space (like Google and Yahoo) is an ongoing part of running a successful digital program. And Avalon will continue to monitor and keep you up to date with new requirements, tools, and opportunities as they emerge.