Talk to us

Learn how you can Unlock Limitless Customer Lifetime Value with CleverTap’s All-in-One Customer Engagement Platform.

  • See a tailored demo of CleverTap's key capabilities.
  • Get a walk-through of industry specific use cases.
  • Obtain answers to any questions about integration, go-live, and support.

Your product demo

Get to know CleverTap from the scratch. To book your personal product demo, fill out the form and start at your preferred date. Afterwards we will get in touch with you.

Please enter a valid work email

Please enter a valid phone number

  • Talk to us
    • Get relevant information on mobile marketing delivered to your inbox.
    Blog
    Categories
    Back to blog

    Acing Email Deliverability in 2024: Guide to Yahoo and Gmail’s Latest Email Security Updates

    Raghav Gujarati
    Raghav Gujarati
    • Published on February 1, 2024
    • Reading time 6 min read
    • Views 5.14k
    Acing Email Deliverability in 2024: Guide to Yahoo and Gmail’s Latest Email Security Updates

    Overview

    Gmail and Yahoo are ushering in a new era of inbox security and spam reduction, with their latest email policies taking effect from February 1, 2024. As email senders, compliance is key to maintaining your email delivery game and steering clear of potential hurdles like bounces or the dreaded spam folder. These guidelines apply to all bulk senders with a daily volume of over 5000 marketing emails.

    Here’s a quick summary of these updates:

    • DMARC Record: From February 1, 2024, all email-sending domains must have an enabled DMARC record if your daily marketing email-sending volume exceeds 5,000, along with  DKIM and SPF records in place. It’s crucial to implement a DMARC policy for each of your sending domains to confirm the success of your DMARC checks, ensuring that your “from” addresses align with domains where DKIM and SPF setup is correctly executed. Additionally, valid forward and reverse DNS/PTR records for your email-sending domains and IPs are mandatory. 
    • Unsubscribe Link: From June 1, 2024, ensure that the unsubscribe link in your emails captures the user request with just a single click. The updated guidelines for unsubscribing aim to streamline the opt-out process, improving open rates, click-through rates, and overall sending efficiency. For those sending over 5,000 messages daily, marketing and subscribed messages must support one-click unsubscribe. Google recommends including both List-Unsubscribe-Post and List-Unsubscribe headers in outgoing messages, supporting both one-click unsubscribe (RFC 8058) and “mailto” unsubscribe (RFC 2369). Recipients should be allowed to review and unsubscribe from individual mailing lists, with an additional recommendation to automatically unsubscribe recipients with multiple bounced messages.
    • Spam Complaints: Google mandates that bulk senders keep the spam rate (as per Postmaster Tools) less than 0.1% to be part of the email good senders list. While the threshold set by ISPs is 0.3%, it’s safe to maintain the spam rate not more than 0.1%. Consider 0.2% as a red alert and 0.3% as a calamity. Google won’t be addressing any tickets for senders hitting a 0.3% spam rate, and your email practices will be constantly under watch.

    Complying with Google & Yahoo Bulk Sender Updates

    1. Establish proper email authentication and infrastructure configuration

    Below is a brief overview of the nitty-gritty of email authentication and the three interlinked mechanisms involved:

      • Sender Policy Framework (SPF): Prevents domain spoofing by enabling senders to specify authorized email servers for dispatching emails from their domain.
      • DomainKeys Identified Mail (DKIM): Adds a digital signature to outgoing emails, verifying the message’s origin from an authorized sender and confirming it hasn’t been altered during transmission.
      • Domain-based Message Authentication, Reporting, and Conformance (DMARC): Empowers domain owners to define actions for emails failing authentication and facilitates reporting on email authentication outcomes.

      Customers relying on CleverTap’s Email Delivery system will have SPF and DKIM authentication implemented by default, however in order to comply with these newly announced requirements, senders will be responsible for setting up DMARC by February 1st 2024.

      You can follow the steps below to complete your email authentication setup: 

      1.SPF  : Have a valid SPF record on the RETURNPATH/ENVELOPE DOMAIN, adding all your SMTP outgoing IP addresses.

      Validate your SPF record using any of the links below : https://www.kitterman.com/spf/validate.html
      https://easydmarc.com/tools/spf-lookup      		Sample valid SPF record :

      2. DKIM : Authenticate ALL (Yahoo, Gmail, Outlook, including corporate domains) your emails with 2048-bit (recommended) length DKIM keys.

      Validate your DKIM records using any of the links below:

      https://easydmarc.com/tools/dkim-lookup
      https://dmarcly.com/tools/dkim-record-checker      		Sample valid DKIM record :

      3.DMARC : Implement the DMARC record on the FROM domain and ensure that SPF and DKIM domains are aligned.

      For example, if you are using the domain clevertap.com to send out emails, the return path/envelope and DKIM domain should be clevertap.com or a sub-domain of clevertap.com. This way, we can ensure that all the authentication settings are 100% aligned. This is a mandatory step to follow.      		Sample valid SPF, DKIM and DMARC in email headers:

      Sample DNS records:

      Sample DMARC record :


      NOTE : Few of the parameters in the DMARC record are optional. Please contact your IT team for appropriate parameters as per your company policies.

      Here are the prerequisites to be followed before enabling DMARC :

        • Review all outgoing SMTP emails, including internal corporate traffic, to identify any misalignments in authentication settings. If any are found, fix the alignment. Enforcing DMARC before fixing such anomalies will lead to DMARC failure, preventing emails from reaching the user’s mailbox.
        • After verifying and aligning authentication settings, you are good to go ahead and enable the DMARC record with NONE as a policy.
        • DMARC aggregate reports are sent to the email address mentioned in the “rua:” section of the DMARC record. Make sure to monitor the reports to identify any SPF/DKIM failures. The DMARC and DMARC alignment success rate should be >99%. The 1% failures should be more likely due to intermittent DNS fluctuations than misalignment.
      • You are good to change the policy (p=) to QUARANTINE or REJECT if the DMARC and DMARC alignment is >99% for at least 2 weeks, as a good practice.

      2. Enable recipients with simple and accessible options to unsubscribe

      It is essential to provide a clearly visible option for unsubscribing, utilizing a straightforward one-click process, and promptly addressing such requests within a 48-hour window.

      Regardless of whether you are using CleverTap Email Delivery or your own ESP (SG/SES/Custom SMTP connector, etc.), assess your configuration through the following steps:

        • The List-Unsubscribe header in an email added by the sender shouldn’t have an additional hop or action required from the user. It should be a one-click unsubscribe process.
        • While ISPs mention that users should be removed from the mailing list within 48 hours, we recommend removing the user in real-time or within a few hours of the user raising an unsubscribe request as a best practice to avoid follow-up unsubscribe requests or REPORT SPAM.
        • Make sure to enable SSL on List-Unsubscribe URL (https://) as per the RFC document linked here

        CleverTap is in the process of incorporating built-in support for the One Click Unsubscribe feature, offering an alternative for brands that prefer not to utilize the one provided by their email partner. This functionality will initially be introduced for our Email Add-On Customers, followed by SMTP and Amazon SES in the near future.

        3. Regulate spam levels

        Google mandates that bulk senders maintain a reported spam rate below 0.1% in Google Postmaster Tools (equivalent to 1 spam report for every 1000 mails sent) and you can follow the steps below to keep you spam levels in check: 

          • Review your historical spam rate and work on an action plan if you see spam rates higher than 0.1%. Consult your ESP to build an email strategy to reduce spam complaints.
          • Ensure you have a valid forward (A record) and reverse (PTR record) aligned with the from domain for all outgoing email IP addresses.

          Note : Please contact your domain administrator for assistance to add/modify any DNS records.

          For email marketers, staying agile is paramount. While adjustments in mailbox provider requirements can be unnerving, they signify positive changes. Emphasizing email authentication and DNS, along with facilitating easy unsubscribes, ensures emails reach genuinely interested subscribers. It’s crucial to view these changes positively, recognizing their role in advancing the email industry.

          Last updated on April 11, 2024
          Popular Tags
          Related Posts
          Navigating WhatsApp’s New Marketing Message Limits: A Comprehensive Guide
          General
          Navigating WhatsApp’s New Marketing Message Limits: A Comprehensive Guide
          Deepak Yadav
          April 1, 2024
          Mastering the Art of Web Messaging: Engage, Convert, Delight
          General
          Mastering the Art of Web Messaging: Engage, Convert, Delight
          Apoorv Bhatnagar
          March 30, 2024
          What Are Push Notifications? The Ultimate Guide[2024]
          Blog
          What Are Push Notifications? The Ultimate Guide[2024]
          Subharun Mukherjee
          March 26, 2024