Deliverability is no longer just a technical concern — it’s now a strategic priority for every email marketing team. With Gmail and Yahoo introducing strict new requirements for bulk senders, understanding how to properly authenticate your emails, manage compliance, and maintain inbox placement has never been more critical.
In our latest expert panel discussion — now available on our YouTube channel — we brought together three experienced minds in the industry to break it all down:
Expert
Expert
Expert
Read on for the key takeaways — and don’t forget to watch the full discussion for even more insights.
Understanding the new bulk requirements and how to follow them
Stripo: It’s been a year since the new Gmail and Yahoo requirements took effect. Do you think they already have impacted the industry?
Laura: Absolutely. I think the biggest impact was that it finally brought everyone up to a certain standard. These requirements — things like proper authentication — have been best practices for years, but there were no real consequences for ignoring them. So, people would say, “Yeah, we’ll get to it eventually.”
Now, with Gmail and Yahoo making it mandatory, we can finally say, “If you don’t do this, your emails may not get delivered.” That word — “consequences” — has really helped us in deliverability consulting. It’s made it much easier to get clients to act on the things we’ve been recommending for the last decade.
Jennifer: I completely agree. It’s also elevated the overall understanding of email among marketers. A lot of clients used to have no idea what authentication even meant. Now they at least go through the process and learn why each piece matters.
And let’s be honest: This shift wouldn’t have happened if it weren’t Gmail and Yahoo leading the charge. They touch so much of the ecosystem. It started with bulk senders, but I don’t think it’ll end there. This push is just the beginning of something broader to reduce abuse and improve email quality across the board.
Desislava: Totally agree. I love that compliance is no longer negotiable. For years, ESPs like us spent time and resources trying to educate senders on best practices — and now it’s much easier to convince them. What’s great is that senders are now taking full ownership of their email traffic. They’re no longer hiding behind shared domains or relying solely on the ESP’s reputation. They’re building their own sender reputation — and that’s a huge win. It also helps ESPs more easily spot abuse and differentiate between responsible senders and those with either poor practices or malicious intent.
Stripo: Gmail and Yahoo aimed to protect users and encourage senders to take responsibility for their reputations. Do you think this strategy worked?
Laura: Yes, I think it worked — especially for legitimate senders. It pushed them to stand up for their own authentication and stop hiding behind their ESPs’ reputation.
But what’s interesting is what we’re seeing on the abuse side. The “bad guys” have adapted. We’re getting phishing emails that authenticate as PayPal, QuickBooks, and others. They’re hijacking reputable brands.
Laura Atkins,
So, in a way, yes — it worked, but it also shifted the battleground. We’re in an arms race, and this move just forced the bad actors to evolve again.
Desislava: Exactly. Spammers have money, they know how to authenticate, and they can buy domains. That’s not the issue.
What I appreciate about these requirements is that they go beyond authentication. Keeping spam rates low, maintaining an engaged audience, and sending valuable content are what really get you into the inbox. Authentication is just one piece of the puzzle. The rest is about behavior and responsibility.
Jennifer: I agree. Like Laura said, we’ve seen some unexpected shifts. Some senders still haven’t caught up, and those gaps are being exploited.
Bad actors look for domains that haven’t updated DNS records or offboarded old vendors. That’s where they jump in. So, I think the next phase is internal audits: Are we protecting our domains? Are we updating passwords and access controls? The strategy worked, but it also means we have new responsibilities now that the bad guys are adapting.
Stripo: Could we see similar authentication requirements from other mailbox providers like Outlook or Apple Mail?
Laura: You should assume these are already required. Many people who talked to Microsoft or Apple got informal confirmation that similar requirements are being implemented. These are best practices — Gmail and Yahoo just had the courage to enforce them. Others might not announce it publicly, but they still care about compliance. So, just do it.
Important note: In April 2025, Outlook confirmed that it was strengthening its commitment to protecting inboxes and maintaining trust in the digital ecosystem by introducing new requirements to strengthen email authentication for domains sending more than 5,000 emails per day. These new requirements provide stricter standards, including mandatory SPF, DKIM, and DMARC settings.
Stripo: Some bulk senders may still ignore these requirements. What do they need to do first?
Laura: Some senders haven’t acted yet because they’re already compliant and didn’t realize it. Others, especially smaller senders, simply aren’t aware.
And honestly, I don’t think Gmail and Yahoo have fully enforced the consequences yet. They’re still monitoring things and gathering data. I’m convinced they’ve got dashboards showing exactly how much mail is compliant or not, and when they reach a certain threshold, the hammer will come down. But they don’t want to block good mail that just hasn’t caught up yet.
There’s a long trail of senders — millions, maybe hundreds of millions — who just don’t understand deliverability. In consulting, I still hear things like, “The mail left our ESP, so it must have landed in the inbox.” That’s not how it works. Just because it was sent doesn’t mean it was seen. So, yes, we’ll probably see another panic wave once enforcement tightens.
Desislava: Many of the eCommerce brands I work with have minimal teams. Sometimes it’s one person doing email, social, everything — so, they don’t know the technical side. They think sending an email means it landed in the inbox.
My number one tip: If you’re still using a shared domain, get a custom one. Use a domain that reflects your brand and authenticate it properly — SPF, DKIM, DMARC. Your ESP or hosting provider can help, and there are tons of tutorials, webinars, and resources out there.
Desislava Yancheva Zhivkova,
Next comes list hygiene and consent. Just because someone purchased from you doesn’t mean they want your emails. Collect emails organically, keep your list clean, and monitor your domain reputation in Google Postmaster Tools. Watch your spam rate and delivery issues — ideally on a daily basis or after every campaign.
Jennifer: I’ve been thinking — there are so many first steps, we could sit here all day listing them. But I agree with Laura: Most large senders are covered. The challenge now is smaller senders who don’t know what they don’t know. For them, the first step is simply awareness, and sometimes, that won’t happen until they start seeing bounces.
I had one client with 11 different vendors, each sending mail — reminders, surveys, receipts — and most of them couldn’t do DKIM or use the client’s domain. So, that’s another big step: Audit your vendors. If they can’t support compliance, it might be time to switch or consolidate.
Stripo: ESPs have taken on many technical challenges to help senders comply with the new Gmail and Yahoo requirements. What was the hardest part for ESPs and service providers in this process?
Desislava: Yeah, it’s been a very interesting and challenging year for us, but I think we did very well. All these requirements are there with good intentions, and they’ve definitely pushed the industry in the right direction.
For me, the hardest part was spreading awareness on all levels. Internally, across different departments, and, of course, externally, for all our clients. I really appreciated the cross-team cooperation that happened. Our support team and other customer-facing teams experienced a huge load. They handled hundreds of support tickets, provided detailed guidance, and hosted probably three live workshops where we walked clients through the authentication process step by step. We also sent out communications, ran in-app banners, and launched informational campaigns. There was a big push to make sure everyone was informed and supported.
From the product and engineering side, the challenge was agreeing on the approach — how exactly we’d help our senders keep sending. Our main goal was to move most clients from shared domains to custom domains, but we couldn’t just stop the others from sending, so we had to make sure shared domain users were fully authenticated and aligned, too.
That meant figuring out how to make it work, implementing additional safeguards, and monitoring systems to track the entire traffic and catch issues in time. Really, the cross-team cooperation is what made it all work for us.
Laura: Everything Desislava mentioned is absolutely what a lot of ESPs went through. But I’d add that a big challenge was dealing with legacy systems. Many ESPs had previously acquired other ESPs over the years and continued to maintain those older platforms without actively developing them.
One ESP I spoke to had bought three or four smaller ESPs and had to bring two different codebases out of retirement just to support the new requirements. These were systems that predated even list-unsubscribe, so they had to find someone who could understand the old code and update it.
Also, when the announcement came out in October 2023, many ESPs were already in a holiday code freeze. One provider told me, “We’re code-locked through December — we don’t make changes during the holiday season.” They’d already planned their entire 2024 development calendar and had to throw it out and start over to prioritize compliance. So, yeah, it was very disruptive, especially for those with legacy systems or smaller user bases still on old infrastructure. Even telling users, “We’re not updating this; please move to our modern platform,” creates support overhead and logistical nightmares.
Jennifer: Yeah, they covered it really well. For me, the hardest part was just time and resources. This all happened during the peak season, when nobody wants to make big changes. Then, once the holidays were over, you had a very small window to get everything done.
I think mailbox providers were aware of how hard this would be, which is why deadlines kept shifting — first April, then June for list-unsubscribe, and so on. They knew there were hurdles. But even with that flexibility, there was still a ticking clock. And in my experience, nothing in development is ever fast. It was a real crunch.
Jennifer Nespola Lantz,
How the new sender requirements have influenced email deliverability and performance metrics
Stripo: Have you observed significant changes in deliverability rates among senders who struggled with compliance?
Laura: There were a lot of senders — what I’d call “gray mail” senders — who knew what they should be doing, but chose not to fully comply. They were sending through major ESPs; using shared infrastructure, like the ESP’s domain and click-tracking systems; and they weren’t aligning authentication.
Some of these senders actually experienced better deliverability while using those shared resources, but when they had to switch to their own domains, many found themselves suddenly facing issues — spam folder placement, blocks, and so on. I’m sympathetic, but at the same time, that’s exactly the type of mail Google and Yahoo were targeting. These were often senders who deliberately avoided alignment because they knew their mail was borderline in terms of quality and consent.
Beyond that, I think the filters are getting tougher. Even among compliant senders, deliverability seems slightly harder now. Email clients now have more resources available to scrutinize the mail that does make it through compliance, and I think they’re using those resources to better detect problematic content or engagement.
Laura Atkins,
Jennifer: For senders who were already in compliance, there hasn’t been a dramatic change — maybe just some fluctuations as filters tighten and expectations rise. But what I’ve noticed is that now email clients are pushing harder on spam rates. So, even technically compliant senders are being asked to take a closer look at their list hygiene and messaging.
On the other hand, I’ve seen improvements too. For some senders, moving to their own domain actually helped. Shared domains can lift everyone, but they can also drag some down. For those who were being held back by lower-quality senders sharing the same infrastructure, getting their own domain gave them a boost.
Desislava: It was very interesting to observe things from the platform level after the changes rolled out. What we saw was a kind of balance. Senders who followed best practices — who were already good senders — actually saw great results when they switched to their own authenticated domains. They were surprised by how much better their performance became.
On the flip side, senders who didn’t follow best practices did experience a drop in performance, as expected. That gave us, as an ESP, a chance to step in and support them, helping those who didn’t understand what was required and guiding them through improvements. From a compliance perspective, it also helped us more easily identify bad actors. Overall, I see it as a very positive change and a great motivator for those who haven’t made the shift yet.
Stripo: Should businesses continue monitoring compliance metrics long-term, or is a one-time setup enough?
Laura: Monitoring should absolutely be ongoing. Deliverability and filters are incredibly dynamic. We’re already seeing new types of abuse, likely in response to what Google and Yahoo have implemented. That means senders need to always monitor their delivery metrics.
You need to know what “normal” looks like for your email program, such as whether your open rates usually fall between 30–40% or 45–50%. While your results won’t be identical every time, they should indicate a consistent pattern. When you understand what’s typical for you, you’re in a much better position to notice when something changes — and respond quickly.
Jennifer: I completely agree. There’s not much to add except to reinforce that this isn’t a “set-it-and-forget-it” process. Requirements will continue to evolve, and so will your customers. Everything in your business changes over time.
Think of it as checking in on how things are going in your life — you don’t just assess once and never again. It’s the same with your email program. If you stop paying attention, eventually, it will start to decline. So, yes, it needs to be a continuous process.
Desislava: Absolutely agree — it’s not a one-and-done task. Even fully authenticated senders can run into reputation issues. Your infrastructure might change, or you might update a domain and accidentally break authentication. These things happen, which is why regular monitoring is essential.
This is a common mistake I see: People think they can do it once, check the box, and move on, but it doesn’t work that way. Deliverability health needs to be maintained over time. So, yes, long-term oversight is critical.
Desislava Yancheva Zhivkova,
Future: How these new standards are reshaping best practices
Stripo: How will authentication and domain reputation requirements evolve in the next few years?
Laura: We’re at a bit of a plateau with current email authentication technologies like SPF, DKIM, and DMARC. However, the IETF (Internet Engineering Task Force) is already exploring what’s next — something they’re calling “DKIM2” or “DMARC 2.0” for now. These updates aim to build on lessons from current protocols, improving how mail is authenticated and filtered.
That said, standards development takes time — DMARC itself took over a decade — so, any major changes are likely 5–10 years away. For marketers, this probably won’t mean drastic new steps, but it will give mailbox providers better tools to assess and filter email.
Desislava: Gmail and Yahoo’s recent changes are just the beginning. We expect the next wave of requirements to include stricter DMARC policies — moving away from “none” to “quarantine” or “reject.” This will push senders to adopt stronger policies if they want their emails delivered.
Another major shift will be the increasing reliance on engagement-based filters: It’ll be much harder to reach the inbox unless your emails genuinely resonate with recipients. Simply being authenticated will no longer be enough.
Jennifer: Domain reputation will become even more central to deliverability. We’re already seeing Gmail scrutinize the “from” address, meaning you can’t hide behind a good sending domain if subdomains or aliases are misused. Expect more granularity in how mailbox providers measure reputation and evaluate emails. Meanwhile, new authentication frameworks like DKIM2 may mainly impact ESPs behind the scenes, but marketers should still prepare for a landscape that values responsible and transparent sending practices.
Stripo: What strategies can businesses adopt now to ensure they stay ahead of future deliverability challenges?
Laura: The biggest deliverability risk right now is overwhelming your recipients. Many marketers run dozens of nurture campaigns at once, but forget how many emails a single user might be receiving. This overload can lead to unsubscribes, spam complaints, or disengagement — signals that Gmail and Yahoo use to downgrade sender reputation. The most future-proof strategy? Respect attention spans, monitor real engagement closely, and only send content your users truly want.
Jennifer: Start with consent and data hygiene — protect your email list. Make sure the people on your list actually opted in and that you’re handling their data responsibly. Data privacy and list integrity are directly tied to deliverability. Collect clean data, honor local regulations, and securely store personal information. If you’re mailing people who didn’t ask to hear from you, or if your data’s outdated, you’re setting yourself up for failure.
Protect the data because your customers trust you when they give you their information. They trust that you will store it and take care of it. And while that may not seem like it has anything to do with deliverability, I think it has a lot to do with it. If you’re not collecting clean data and doing your best to manage it, then you may also be sending emails to people who don’t want them, and you may be storing data that you’re not even supposed to have. So, I think it’s really important to work on that as a strategy.
Jennifer Nespola Lantz,
Desislava: Trust your deliverability experts. With metrics increasingly influenced by nonhuman interactions (like bot clicks), it’s harder to interpret engagement on your own. Think of deliverability monitoring like medical checkups: You need someone to help interpret the data and spot red flags. Work closely with your ESP or a deliverability consultant to gain meaningful, actionable insights.
Wrapping up
Navigating Gmail and Yahoo’s new requirements may feel overwhelming, but the good news is that if you’re already following best practices, you’re on the right track. The experts on our panel agreed that while technical details like SPF records and infrastructure changes can be tricky, a recipient-first mindset and consistent compliance will pay off in the long run. Staying informed, asking questions, and leveraging available tools can make a big difference.
Create emails that will be sent directly to inboxes with Stripo
