In this research article, you’ll learn how the new sender requirements that Google and Yahoo rolled out in early 2024 have affected the email marketing industry and how brands, ESPs, and other service providers are coping with their implementation.
Last year, Google and Yahoo introduced new email sender requirements, which caused an explosion in the email marketing industry, eliciting many articles offering recommendations on what actions to take — then everything seemed to die down.
Based on actual statistics and marketing experts' observations, we created a report investigating how these changes have impacted overall email marketing performance, along with valuable tips for those planning to implement them now.
It's been a year since the new requirements took effect, so how have they affected email marketing?
Who’s been affected by the changes, and what new requirements for senders are we talking about?
Back in late 2023, Google and Yahoo announced that starting in February 2024, they would apply sanctions in the form of reduced deliverability to senders who don’t meet their new requirements:
Restrictions for non-compliance impact only non-compliant traffic. For example, if 75% of a sender’s traffic meets our requirements, we’ll start rejecting a percentage of the remaining 25% of traffic that isn’t compliant. If senders don’t meet these requirements, messages might be rejected or delivered to recipients’ spam folders.
Google email sender guidelines FAQ
According to Google and Yahoo, this new policy only affects bulk senders to Gmail addresses with a volume of 5,000 emails per day. However, you should understand that absolutely all emails you send to subscribers are viewed as transactional and triggered emails, such as a welcome series and a series of emails about an abandoned basket. It turns out that 5,000 emails aren’t that much.
Furthermore, as some of our respondents noted, implementing the new requirements will improve your email marketing metrics regardless of your subscriber base’s size and the number of monthly emails sent. So, use 5,000 emails daily as a guide, but it’s better to understand these requirements now.
The requirements focused on three main areas:
- authentication protocols;
- reported spam rates for domains;
- the ability to unsubscribe easily from email lists.
If you've been in the industry for a while, you know that these have long been email marketing best practices that many good senders already have adopted. Google and Yahoo's goal was to increase adoption to better protect their users from receiving unauthenticated, potentially fraudulent messages while also encouraging senders to take responsibility for their reputations.
Thus, it's time for these requirements to become not just best practices, but mandatory protocols to make the inbox safer for legitimate senders and recipients, protect against phishing and spambots, and restore trust in email as a communication channel.
One of the main goals of the new sender requirements was for the senders to take responsibility for their traffic and to own their reputation.
Desislava Yancheva Zhivkova,
These requirements were mostly long-term best practice recommendations, which everyone should have followed. However, many senders didn't have delivery problems despite not implementing best practices. Senders saw mail getting delivered and marketing goals being met, so they felt no urgency to implement best practices. The new standards, however, promised delivery problems if they failed to adopt those best practices.
Laura Atkins,
Let's examine each aspect that the new requirements have affected in more detail to understand how they were implemented and what results they produced.
Authentication protocols (SPF, DKIM, DMARC)
Gmail and Yahoo now mandate that bulk senders adhere to strict authentication standards to ensure secure and effective bulk email delivery. These measures aim to close loopholes that attackers often exploit and protect email recipients from spam or phishing attempts.
New email authentication requirements for bulk senders
Here’s what you need to know about the required authentication mechanisms:
- The Sender Policy Framework (SPF) helps prevent domain spoofing by allowing domain owners to specify which email servers are authorized to send emails on their behalf. This ensures that unauthorized servers cannot impersonate your domain.
- The DomainKeys Identified Mail (DKIM) attaches a digital signature to outgoing emails to verify that an authorized server sent the email and that it hasn’t been tampered with during transit — a crucial step in maintaining email integrity.
- The Domain-based Message Authentication, Reporting, and Conformance (DMARC) allows domain owners to define actions for emails that fail SPF or DKIM authentication. It also provides reports on authentication results, enabling you to monitor and refine your email security.
Google and Yahoo require that bulk senders authenticate all messages using SPF or DKIM that align with the "From" domain and to use a domain with a DMARC policy set to at least p=none for visibility and control.
- Your domain's DNS configuration should have valid forward and reverse records that match each other. This alignment helps reinforce your emails’ authenticity.
What challenges have companies faced in implementing authentication protocols?
Many companies that hadn’t implemented these practices yet cited implementing all the authentication requirements as the biggest technical challenge. Both senders and providers faced difficulties.
Difficulties that senders have faced
Senders were eager to meet all new requirements, but had the following technical difficulties:
- they struggled to understand the technical side of authentication and how to implement it in the DNS;
- they had to research their email streams extensively to identify what didn’t meet the requirements and request support from their vendors to ensure that the new requirements were even available in their tools;
One vendor does not support DKIM authentication with external domains, forcing the client to use the shared domain. Another vendor wouldn’t support list-unsubscribe and charged a premium price to use branded authentication.
To be honest, the authentication aspect of the requirements is still outstanding. For those who were able to move forward, it was patience, communication, and seeking help from deliverability consultants. ESPs also used their connections with the mailbox providers to share updates and concerns. This is why the “hard” dates for compliance shifted over time and likely why senders are still not seeing flat-out blocks or immediate spam folder placement.
Jennifer Nespola Lantz,
- the process was hampered by a lack of technical knowledge and the need to negotiate multiple authentication protocols, including SPF and DKIM;
The main challenge was the widespread lack of DMARC implementation among brands. Most had to start from scratch and only managed to set it up in its basic, non-enforcement state. The process was hindered by a lack of technical knowledge and the need to align multiple authentication protocols, including SPF and DKIM. Overcoming these challenges required close collaboration with IT teams and external consultants and using step-by-step guides from Google and Yahoo. Many brands saw this as a necessary first step, planning to move toward enforcement as their systems matured.
Kath Pay,
- they had to update DNS records and ensure all their sends were compliant.
What challenges are ESPs, CDPs, and service providers facing?
All in all, Yahoo and Google forced ESPs to do a lot of work to bring all their customers up to the standards. Much of this work was hidden from sight. But we should not forget the significant effort they expended in a short 6-month period, much of which happened during the holiday season in 2023.
Laura Atkins,
ESPs had some responsibility for ensuring that clients adopted these practices, with those supporting self-serve clients needing to take the following steps:
- come up with policies on whether they were going to send email for their clients that didn’t meet the authentication requirements (Jennifer Nespola Lantz, Kickbox);
- decide whether they were going to change the model for how email would be branded when it was sent (Jennifer Nespola Lantz, Kickbox);
- ensure that their authentication aligns with the “From:” address (Laura Atkins);
- ensure that all their customers had the correct authentication;
Over the years, ESPs have encouraged customers to authenticate with their domain, but not every customer does. If the customers didn't set up their authentication, the ESP would use their own domains for both DKIM and SPF. After the announcement, ESPs had to ensure all their customers had the correct authentication. They had to review their whole customer base, contact any out of compliance, and ensure they updated their authentication. This was a massive customer support undertaking for many ESPs.
Laura Atkins,
- they had to decide what to do with small businesses and organizations that don't have their domains.
They had to decide what to do with customers who might be using @gmail.com in the From address. Do they rewrite the address and use a domain for customers? Do they force customers to buy their own domain? Do they provide their own email service for customers? All of these questions took a lot of time to answer. After the decision, there was development work to implement the solution. Then customers needed to be informed of the changes.
Laura Atkins,
ESPs and service providers actively helped their clients understand technical difficulties and implement all authentication practices.
Since the beginning of 2024, many clients have switched from a shared Omnisend domain to their own custom one. Expectedly, there was a change in their engagement metrics (especially the open rate): the ones who follow email best practices, care about their audience, always provide value with their content, and are mindful of the message frequency got better results with their domain. At the same time, senders with questionable practices started experiencing a drop in the open rates. This allowed us, as ESP, to step in proactively and help these senders build the best reputation possible by educating and supporting them.
Desislava Yancheva Zhivkova,
As you can see, this part was technically difficult for those who previously had postponed implementation of authentication protocols. Still, after analyzing open rates and deliverability, which we discuss below, more and more companies are taking these steps. And this process is still ongoing and certainly positively impacts the industry.
The discussion around DKIM and spam complaints helps us enforce our criteria. When Yahoogle exerts pressure, it is more accepted that we are also looking at DKIM missing, for example.
Julia Janssen-Holldiek,
Domain spam rate minimization
To comply with Gmail and Yahoo’s new standards, bulk email senders must maintain a reported spam rate below 0.10% in Google Postmaster Tools and avoid exceeding 0.30%, as higher rates can harm email deliverability significantly. While keeping spam reports low is influenced partly by recipient perception, senders can take proactive steps to minimize risks.
Key strategies include optimizing send times to avoid common bulk email delivery windows, such as the top or bottom of the hour, when recipients may mark messages as spam more readily. Furthermore, implementing preference centers allows subscribers to customize the frequency and content of emails they receive. By empowering users with more control, these centers can lower email volume while boosting engagement, thereby helping to reduce spam reports and improve overall campaign success.
Important insights about domain spam rate minimization
Here are some important insights we received from the experts' responses regarding changes in sender behavior related to this factor:
1. The spam rate thresholds haven’t changed; the requirements simply have become more transparent.
The required spam rate thresholds really didn't change, they just became more transparent about the thresholds. Keeping your spam rate below 0.1% or ideally 0% has always been the goal, but now that they have been transparent, they are cracking down harder. Any senders who regularly cross their spam rate thresholds often run into issues with deliverability. More on observing your spam rate in Google Postmaster Tools.
Conner Vickery,
2. Higher spam complaint rates cause problems with deliverability, even for brands using previously successful strategies.
Most deliverability issues stem from spam complaint rates higher than the new accepted threshold. Interestingly, the affected brands weren’t doing anything new — just sticking to strategies that worked for them in the past. But post-April, those same tactics started causing issues, forcing some brands to review their strategies and even make tough business decisions.
The good news is that Gmail is quite responsive to positive changes. Adjusting strategies and addressing the root causes of complaints has shown quick improvements. The key is staying vigilant — monitoring deliverability closely and acting fast when problems arise can make all the difference.
Kath Pay,
3. Consistently high spam rates erode the sender's reputation over time, leading to deliverability issues and more emails landing in spam folders. The experts noted that a single campaign with a slightly elevated spam rate may not harm your email deliverability immediately. However, repeatedly breaching acceptable spam thresholds can exert a compounding effect on the sender's reputation.
Let’s take the example of a campaign with high spam rates. Well, it will depend on how “high” the spam rate is. Typically, a small spike of spam shouldn’t be very impactful. Still, if your spam rates regularly become too high, reputation indicators may decrease (such as domain and IP reputation on Google Postmaster).
So, it's not a one-time thing. It’s usually that if you aren’t compliant for long enough and your degree of non-compliance is high enough, this will start eroding your reputation and lead your emails into spam.
Pierre Pignault,
4. It’s important to promote proper email list hygiene and get companies to use email verification tools.
Another related challenge was to promote proper email list hygiene and get companies to use email verification tools. I think this is one of the most important parts of keeping the spam-compliant rate below 0.3%.
Mor Mester,
5. Domain reputation has been increasingly important in recent years.
Domain reputation is built on consistency — volumes, frequency, certain content attributes, etc. Building a reputation is a long-term task. Losing reputation, on the other hand, is very easy. Any non-compliance will result in an immediate impact on the non-compliant message but will impact the domain's reputation negatively. This could easily result in domain reputation dropping to a point where all the sender's campaigns will be affected. Every marketer needs to remember this, especially when planning their high-season campaigns.
Jakub Olexa,
For senders who are sending compliant emails and take proper steps (i.e. reducing spam reports or curate a more engaged audience) the reputation hiccups can be recovered quickly. It can get exacerbated the longer the sender takes to correct or ignore the spam rate, but so long as you're not actively trying to send phishing emails, it's always recoverable in some way. At the end of the day, an algorithm determines your reputation and deliverability based on how recipients engage with your mail and the consistency at which you send emails.
Conner Vickery,
6. Gmail and Yahoo are fair in their judgment and assign proper reputations based on the sender’s practices.
An interesting observation from Desislava Yancheva Zhivkova, Team Lead of CustOps Deliverability Team at Omnisend:
“My observations are that Gmail and Yahoo are fair in their judgment and assign proper reputations based on the sender’s practices. I’ve seen good senders take the wrong turn once or twice with no huge consequences for their domain reputation due to the domain's overall good history. However, if the bad trend continues over time, there is always a drop in reputation and performance.
Here is one example of a domain belonging to a sender following best practices and having a history of overall good user engagement. We can see that they generated two big spikes of Gmail spam complaints in October (for relatively low-volume campaigns). At the same time, they were putting a lot of effort into engaging their audience with valuable content, which increased their domain reputation from Medium to High.”
What does this mean for the senders? It means that good historical data for your domain matters and that focusing on how your users interact with your content is key. At the same time, it’s still crucial to ensure that the spam rate always stays below 0.1%, as per Gmail and Yahoo's recommendation, to ensure the best sender reputation possible.
Desislava Yancheva Zhivkova,
7. To protect their reputation, senders will create multiple email streams from different subdomains.
Most senders will have their various mail streams on different subdomains. Generally, the reputation of either subdomain will be isolated. If a marketer accidentally sends non-compliant mail (high spam rate), it may temporarily affect the deliverability of the emails coming from that marketing subdomain and generally shouldn't affect that of the transactional domain. If you have 4 subdomains and 3 of 4 are sending non-compliant mail, that could land the 4th domain in hot water. This is often called "snowshoeing.
Conner Vickery,
8. More brands have started actively tracking their statistics using the Google Postmaster tool.
Our average spam complaints rate has stayed the same since last year, but I observe that senders are much more educated now about spam reports. I see a lot more brands actively monitoring their statistics in the Google Postmaster tool. They are asking more and more questions about segmentation and personalization and constantly looking for ways to keep their audience active and engaged.
Desislava Yancheva Zhivkova,
As you can see, when it comes to spam ratings, brands have proven to be prepared for its impact, understand the importance of domain reputation, and constantly monitor changes in their metrics.
Easy unsubscribe requirement
Google now mandates that marketing emails and other subscription-based messages include a one-click unsubscribe option. This already should be standard practice for seasoned email marketers, as it prioritizes quality over quantity in email strategy.
Representatives of CDPs and ESPs with whom we spoke said that they have long implemented the one-click unsubscribe option for all their users:
Even before the updates, we mostly used simple unsubscribe methods (one-click) on our projects. For cases where two-step unsubscribes were previously used (Yespo), the metrics didn’t change significantly.
Kseniia Petrina,
An easy unsubscribe option not only reduces complaints, but also improves engagement metrics by helping you maintain a more targeted and engaged audience. Focusing on segmentation and delivering relevant content are far more effective than prioritizing sheer list size, which ultimately can harm your reputation and deliverability.
Some more insights about easy unsubscribing from our experts
1. The requirement to have a list-unsubscribe header presented a challenge for ESPs. The main reason was that ESPs had to ensure that their software and infrastructure could support the new standards — adding headers to fulfill the requirement for one-click list-unsubscribe for commercial emails.
For current and modern marketing platforms, this wasn't a problem, but some ESPs have legacy systems that are not under development. In many of these cases, the code was part of an acquisition, but customers of the acquired companies were supported by the old platform. A number of ESPs had to pull the legacy code bases back into development to add compliant features, like list-unsubscribe headers. I know of one ESP that had 2 different legacy code bases they had to patch to meet the new standards.
Laura Atkins,
2. According to Omnisend data, the unsubscribe rate in 2024 didn’t change significantly compared with 2023.
The solid line represents the average unsubscribe count for 2024, and the dashed line represents the data from 2023. The only significant difference occurred in November 2024, on Black Friday, the busiest time for all eCommerce marketers. With the volume increase, we also observed an increase in the unsubscribe rate, which is much higher than what we saw around the same time last year.
In my opinion, the easy one-click unsubscribe method definitely contributed to this trend, and this is a positive outcome for the senders. Having someone unsubscribe from your newsletter is a much better option than getting a spam complaint from them because they cannot easily find the unsubscribe link in the body of your email.
Desislava Yancheva Zhivkova,
3. Easy unsubscribes are directly related to your spam score: The better your unsubscribe rate is, the fewer people will treat your emails like spam.
Many companies I have talked to fear that the one-click unsubscribe option would increase their unsubscribe rates and decrease their list size. We had to explain that making it easier to unsubscribe doesn’t hurt their business, but spam complaints do. And what happens when subscribers can’t find the unsubscribe link? They’ll mark your email as spam, hurting your sender's reputation.
Mor Mester,
As you can see, the requirement for easy unsubscribing turned out to be logical and understandable, even though some ESPs had to make efforts to implement it in their systems.
How have new sender requirements impacted deliverability and open rates?
Why and how did these factors affect open rates and deliverability? The experts' opinions were divided, with some not seeing any impact from the new requirements on the main metrics, while others did. Let me emphasize once again: Companies that already had implemented all three points logically didn’t see anything new in the metrics. But those who did this only in 2024 noticed the difference:
In most cases, it stayed at a very similar level. One company didn’t set up DMARC, SPF, and DKIM in time, and their open rates decreased to 1-4% at the end of March. About two weeks after we set everything up, they bounced back to around 30%, which they had before the decrease.
Mor Mester,
Here are some important opinions and cases on this matter:
1. Those whose authentication standards and operating principles were already high and aligned with best practices didn’t experience any changes.
We can't see whether the sender requirements have led to improvements because our standards have always been higher. Therefore we won’t see any markable improvement for our certified senders.
The data we receive from our Mailbox provider partners relates to the certified IPs, most of which comply with the criteria. So there is no before/after effect. Only the MBPs themselves could compare based on non-certified IPs and make a statement.
Julia Janssen-Holldiek,
We usually comply with the requirements :). However, there have been cases where making an unusual pause in email campaigns and then sending to the usual number of contacts resulted in delivery errors for Gmail addresses (marked as "unusual activity"). For example, promotional emails were sent on one project every 1-1.5 months, but after a pause of over 2 months, Google flagged this as suspicious. We had to gradually resend the campaign over the following days.
Additionally, domain reputation could drop due to bot attacks or spam complaints from them. In such cases, measures had to be taken to improve the reputation and clean the database.
Kseniia Petrina,
2. The new rules don’t directly impact open rates, but influence deliverability, while recent open rate increases are largely due to factors like Apple Mail Privacy Protection.
The new rules don't really affect open rates directly. Still, they do affect deliverability, which results in open rates dropping because the emails are not being seen by as many recipients. That being said, open rate inflation by things like Apple Mail Privacy Protection has increased open rates in the past few years. I'd say open rates are largely unaffected by Yahoo/Google changes but have increased in recent years due to other factors.
Conner Vickery,
3. Open rates have dropped due to stricter Gmail policies, emphasizing the importance of strong authentication and maintaining a good sender reputation to avoid emails landing in spam folders.
We’ve generally seen Open Rates drop since the new rules came into play. It’s a lot harder to get into the inbox now, especially with Gmail tightening the reins and showing far less tolerance than before. If you’re not hitting all the authentication marks or have a shaky sender reputation, chances are your emails are heading straight to spam, which naturally pulls your ORs down. This highlights how crucial it is to stay on top of these new requirements and keep your email hygiene in check.
Kath Pay,
4. The new rules haven't impacted open rates for compliant senders significantly, but Gmail’s September 2024 update, blocking images in “suspicious” emails, caused temporary dips even for reputable senders.
Open rates have usually remained stable. The new rules do not impact open rates, as if you are compliant, you won’t necessarily be doing better than before. Of course, lack of compliance would be detrimental to your open rates, but this was also happening prior to Jan. 24 (a lack of DKIM key, for example, would always lead to deliverability issues). So no, overall, we haven’t seen any difference prior to/after the Yahoogle guidelines.
Some more impactful events were, for example, Gmail starting to block images of emails they considered suspicious and still sent to the main inbox. This change seems to have been rolled out starting September 2024, leading to dips in open rates for senders affected by the “suspicious” rating. We’ve also noticed that many of what we would qualify as “compliant” senders have been impacted — we have seen emails from very reputable senders being marked as suspicious at times. It seems to have been improved since then.
Pierre Pignault,
5. Proper authentication doesn’t, in itself, guarantee better performance — it simply ensures that email is accurately identified, benefiting legitimate senders and highlighting unwanted messages.
I have seen data from a couple of ESPs that overall open rates have improved as more and more senders authenticated. Unfortunately, I cannot share official data. And I must clarify that just because you authenticate doesn’t mean you will get better performance. Authentication helps to better identify your mail. If your mail generates unfavorable actions, it’s much clearer that your mail is unwanted. If, however, there was uncertainty before because there was no authentication, good mailers are more likely to see an improvement after they properly authenticate.
One example was that I worked with a client that was not authenticated. They couldn’t get their bulk email or their 1:1 mail into the inbox. Shortly after they implemented authentication, we saw inbox placement for their 1:1 mail. As we continued, any other issues identified were tied to their mailing strategy and data maintenance.
Jennifer Nespola Lantz,
Interesting observations and statistics from ESPs on changing performance metrics
To understand how much the new requirements have affected performance metrics, we asked ESPs and CDPs to share their data with us and compare the results from 2023 and 2024.
Yespo Omnichannel CDP
It’s hard to say definitively that the new rules directly impacted open rates. Other changes that affected database quality during this time led to a decline in OR in some cases, while in others, it improved. For all client projects, Yespo immediately implements all authentication and easy-unsubscribe practices at the beginning of cooperation.
Here's an example: Let’s say there’s a project providing services to help musicians and creators promote themselves on streaming platforms, social media, etc. Before the new regulations, the open rates for promotional emails were 45–54%. In 2024, the project added new services to its website, which attracted significant organic traffic, but drew in customers with short life cycles. Most of these new contacts in the database didn’t even convert to paying customers — they subscribed simply to learn the terms. The database is regularly and automatically sanitized to remove such inactive contacts, but overall, open rates dropped to 25-40%.
Here's how the open rate changed for promotional emails:
(Data for 2023)
(Data for 2024)
Omnisend
The overall open rate for the entire platform was pretty stable and very similar to what we observed in 2023. However, we detected a very interesting trend that we didn’t expect to observe to that extent. The graph below presents the average open rate for senders without a DMARC record in 2023 and 2024.
According to our data, since July 2024 when Gmail and Yahoo fully enforced the new rules, brands that failed to implement DMARC experienced a significant drop in open rates. This demonstrates that DMARC protects brands against spoofing, phishing, and unauthorized use of their domain and strengthens trust between senders and mailbox providers.
Desislava Yancheva Zhivkova,
SendPulse
We recommend that our users adhere to all the new rules because long-term noncompliance by even a few users can disrupt email campaign statistics, cause deliverability issues, and damage domain reputations.
For example, according to our observations, exceeding the spam rate threshold can decrease deliverability rates instantly (emails from the next campaign will end up in spam folders). A sharp increase in emails sent also can cause Gmail to limit the sender’s email volume for some time.
All in all, senders can now see and follow all the requirements to get the best results from their email campaigns, which helps reduce spam and improve campaign quality.
Iryna Pilevych,
Wrapping up
The new requirements from Google and Yahoo emphasize email security and fairness in evaluations, ensuring a safer environment for both senders and recipients. At Stripo, we fully support these changes, as they align with our commitment to data security. While some requirements may be technically complex, the extended timelines provided indicate a balanced approach, making it essential for marketers to implement these standards promptly to maintain deliverability and build trust.
