I’ve seen a bunch of folks panic about some phrasing in Google’s Email sender guidelines. Buried deep in the Message formatting section Google say: Don’t use HTML and CSS to hide content in your messages. Hiding content might cause messages to be marked as spam. Read literally that might cause you to wonder about your use of CSS display:none to switch between different content on desktop and mobile. But that’s not what Google are concerned about – they’re targeting spammers who load up their mail with hidden text (“hashbusters“) in an attempt to make the content of the mail look like one thing to spam filters and a completely different thing to the human recipient. And a variety of similar deceptive behaviour intended to avoid spam filters, or avoid the spam folder or the promotions tab. (This is common behaviour amongst bottom of the barrel spammers. If you see someone
In February 2024, Google and Yahoo started implementing a series of gradual enforcements for organisations that send over 5000 emails daily, also defined as bulk email senders. These enforcements are especially relevant to Domain-based Message Authentication, Reporting & Conformance (DMARC). With this initiative, Google and Yahoo intend to reduce the overall amount of spam and spoofed content sent across the internet, especially focusing on the authentication of an organisation’s email infrastructure. This move, aimed at combating spam and improving email security, involves using Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and DMARC standards. This article covers the Google and Yahoo requirement specifications and focuses on the potential impacts on European businesses. In particular, it addresses the complications of implementing DMARC across the European email ecosystem and the necessary steps to comply with the enforcement. Impact on European Email Senders: A Closer Look Popular Email Providers in Europe Challenges of
If you didn’t already know, that screenshot that’s been all over social media, suggesting that Google is telling users that Gmail is to be sunsetted in August 2024, is a hoax. Don’t believe the hype. You can read more on this from the BBC here. An interesting side note: Apparently Elon Musk used this as an opportunity to suggest that a Musk-provided alternative, called X Mail, is coming. There isn’t much more to say about that until/unless something actually happens. Stay tuned.
Just recently discovered in my own inbox: a notice from Google indicating that they’re going to require OAuth access for third party applications connecting to “Gmail, Google Calendar, Contacts via protocols such as CalDAV, CardDAV, IMAP, SMTP, and POP.” Most modern apps support OAuth already, but there are a number of legacy tools out there that do not — anything where you might have configured an app password to link that third party functionality to your Google (Workspace) account. Starting June 15, 2024, Google will remove the allow “less secure access” app password settings from Google Workspace admin. Currently configured apps and passwords should continue to work until September 30, 2024, at which time support for that functionality will be disabled for Google Workspace users. Read more details here. Does this affect you? Impact here likely isn’t broad, and certainly I’m a fan of better security. But I also do
Google’s Gmail might be the preeminent mailbox provider. Launched in 2004, Gmail has grown from the “new kid on the block” into one of the biggest hosts of individual email mailboxes in the world. Depending on what data you look at, you might even see Gmail as the #1 mailbox provider, at least here in the US. Gmail’s spam filtering systems incorporate user feedback and engagement. And they know what they’re doing. If you are not sending wanted mail to people who requested that mail and who read that mail at high enough percentages, you’re going to struggle. You won’t reliably get your mail to the inbox. Their systems are too good — their magic spam fighting robots look at metrics very closely — and their view of certain metrics can even change over time! What got you to the inbox in 2019 might not be good enough to get
With over nine years experience at Google, Neil Kumaran has worked across multiple teams, but always focused on things close to my heart – risk mitigation, security, safety and anti-abuse. It is thus timely that he was willing to sit down and chat with me about the upcoming new Gmail sender requirements, the initial phase of which is set to begin in February. I think it’s easy for most (good) email senders to comply. I do grant, though, that there are some number of email senders who may not be technically savvy enough to know how to implement technologies like DKIM and DMARC on their own, and that work remains to be done to help educate the world about these new requirements. Hopefully discussions like this will help. And keep an eye on Spam Resource for more help and guidance. And with no further ado, on to the interview. Hey
Google and Yahoo’s DMARC requirements will be enforced in February 2024 for higher volume senders. We have resources to help you prepare for DMARC and other sender requirements to ensure your email delivery won’t be disrupted. Why DMARC now? There are few mechanisms that prohibit bad actors from sending an email pretending to be you. DMARC is the main control for fighting domain abuse. It’s a free and open technical specification that authenticates emails with SPF and DKIM. By publishing a DMARC record in your domain’s DNS, you can fight business email compromise, phishing and spoofing. DMARC, SPF and DKIM aren’t newcomers to the email authentication scene—they’ve been around for over a decade and have grown to become a best practice. Email is involved in more than 90% of all network attacks; without DMARC, it can be hard to tell if an email is real or fake. Because of the
Here is everything you need to know (I think? I hope?) about how to comply with the new sender requirements announced by Google and Yahoo, applying to Gmail and Yahoo mail, coming into force in early 2024. You can read more about it all here (and over at Yahoo or Google), but it boils down to a handful of things that were previously best practice recommendations for deliverability excellence, which are now requirements that these two mailbox providers are saying that senders must implement. Those that don’t implement these requirements risk being blocked and unable to send mail to Yahoo Mail and Gmail subscribers. Here are the ten steps you need to take, that if you follow these all the way through, you’ll be fully compliant with the new requirements. Stop sending newsletter/marketing/bulk mail as Gmail or Yahoo. For your 1:1 email messaging where you respond to emails from your
Here’s a directory of many different email service provider (ESP) links to their various guides explaining what their clients have to do to be fully compliant with the new 2024 Yahoo / Google sender requirements. Wondering how different platforms are guiding their customers? Or are you a customer of a given platform and you’re looking to find their guidance? Here you go. AWeber Beehiiv BenchmarkEmail Braze Brevo Constant Contact ConvertKit GetResponse HubSpot Klaviyo Mailchimp MailerLite MessageBird Sender Sendgrid Socketlabs There are lots more ESP/CRM platforms out there. Did I miss yours? Drop me a line via the usual means or leave a comment below with details, and I’ll update this list as I’m able.
As the fight against spam emails rages on, Google has recently introduced its latest defense mechanism in the form of RETVec. The Resilient and Efficient Text Vectorizer for Gmail is an advanced multilingual anti-spam tool that blocks unwanted or predatory emails in an upgrade to the conventional mechanisms. In this blog, we shall take a closer look at this tool and its implications for you as a marketer. Let’s dive in. RETVec: Revolutionizing your inbox game Gmail uses text classification models to detect and prevent phishing, spam content, or scam. As soon as the models identify these texts, they block and filter out the malicious email content to your spam folder. However, these machine learning models can struggle with this identification if cyberattackers use typos, invisible characters, and non-Latin characters to bypass the classifiers (e.g. they spell “coupon” as ©oμpΟn or “Offer” as O 𝑓 𝑓 er). If, let’s say