Unlock your business potential.
Get in touch now! ›
Our latest posts on digital marketing.
Access to guides, case studies, webinars & more.
Develop your knowledge at your own pace with Mapp learning tools!


Gmail and Yahoo Updates: What’s Changing & Inbox Security Enhancements Explained

Eric Stelle, Senior Deliverability Consultant @ Mapp
Gmail and Yahoo Updates: What’s Changing & Inbox Security Enhancements Explained

As frontrunners in the email space, Gmail and Yahoo often set the pace for providers in the digital marketing space.  Together, these two providers account for 31.52% of email clients*.  In early October, both Gmail and Yahoo issued statements about making changes in authentication requirements in ongoing efforts to reduce the occurrence of unwanted commercial emails in their subscribers’ inboxes.  Their updates, predominantly focused on authentication and sender practices, are intended to improve the subscriber experience and are poised to have a definite impact on senders who are unprepared.

Marketers operating in the digital space have many concerns when crafting campaigns.  Ultimately the objective is to inform, incentivize, or incite the recipient to heed their call to action. Yet, the road to this objective is built on a foundation of best practices.  Email content should provide value to the recipient, be relevant to their interests, and exist because of a consent-based arrangement established at opt-in.  Emails based on these foundations will see more effectiveness as opposed to senders who shortcut or ignore these. At best, they face recipient disinterest, leading to resource expenditure with minimal returns, and at worst, recipients’ frustration as inbox providers grant them increasing control over email permissions.

Most digital marketers adhere to best practices but that does not negate a feeling of anxiety when mailbox providers make changes. Concerns about whether they are prepared for the changes or, if not, what efforts be undertaken to be compliant are natural.  At Mapp, we frequently field questions like this and help our senders maintain their campaigns at optimal levels.  This article will touch on these recently announced changes from Google and Yahoo.  In addition, it will touch on what senders should do to remain compliant and give their mail the best opportunity to reach their audience’s inbox.

What Gmail And Yahoo Have Announced For 2024

Google and Yahoo released updates via their respective blogs,  both highlighting authentication while referring to sender best practice pages which each of the providers maintains.  Beyond this, both announcements declared the intent to expand measures taken to prevent unwanted commercial email (a.k.a. spam).

Gmail has had a busy year. They announced a cleanup of inactive accounts earlier this year and they would no longer accept unauthenticated IPv4 mail (to complement a similar announcement about IPv6 last year).  With this latest announcement, they plan to expand on that and have set February 2024 as the timeline for senders to be compliant.  Yahoo seems to be keeping a similar timeline though it’s a less defined “first quarter 2024” timeline.

Specifically, each announcement called out three main points:

1. Senders are expected to authenticate their mail

Traditionally, Gmail and Yahoo have accepted mail, and the placement of that mail could vary depending on how closely senders adhere to best practices. In the update, the term “strong authentication” is explicitly mentioned as the industry standard SPF and DKIM authentication measures.  Non-compliant senders could face the typical spam placement or a 5.7.26 rejection error.

2. Make Unsubscribing Easy 

Google has offered one-click unsubscription for a while now, but allowing recipients to easily opt out of campaigns has become more important. It might seem counterproductive to make it easy for recipients to leave but, when the unsubscription process is overly complex or burdensome, recipients may find the spam button an easier alternative.  For the first time, senders are given clear guidance that a 0.3% rate of user-reported spam is where they expect senders to stay under.

3. Ensure sent mail is desired 

Keeping mail relevant to the permission grant given to senders is critical but it also must be maintained through efforts to align with subscriber preferences for content, cadence, and more. Users who are sent mail that they strongly desire rarely complain; however, when consent is not obtained, or maintained, or mail is simply not relevant to their needs, it can lead to complaint.  As noted above, Google is taking a firm stance on the level of spam which senders should not exceed so measures to ensure your audience desires mail need to become as much a part of sender’s programs as SPF and DKIM.

Senders: What must be done to prepare?

Senders have always been encouraged to adhere to these best practices so this might not seem like a big deal at first glance. However, they emphasize a rising wave of concern with authenticity in digital communications that providers are working to address.  To best position your email marketing program, we’ve nailed down some of the following actions for you to take.


1. SPF and DKIM: Senders who delegate their domain to Mapp can rest easy as Mapp ensures the validity of the entries. Senders who do not must maintain this themselves – and Mapp can assist you with any needs.

2. One-Click Unsubscription: Take advantage of one click unsubscription on each send. The announcement indicates that senders have two days to process the unsubscription and Mapp platforms process this feedback automatically without any delay.

3. Consent: Obtain express permission from a prospective recipient to send them your mail. Do not opt-in on a recipient’s behalf or presume, because of some other action (such as a purchase) that they consent to receive your mail.


1. Postmaster Tools: Configuring sending domains in this tool allows for feedback to be given on mail for that domain. Aggregated ratings for IP and Domain reputation can be found but, most directly, the User Reported Spam rating they reference in this update can be found there.  Monitor the spam rate closely.

2. Strong DMARC policy: As of this announcement, Google only requires a “none” policy for handling of mail that fails either DKIM or SPF. It has not been required yet but, given their stance on rejecting unauthenticated mail, a “reject” policy is a natural alignment with the direction these providers want senders to go.

3. Preference Management: Taking the time to engage users about their preferences can go a long way toward keeping complaint levels low. If a sender sends too much mail, it could cause complaints.  Too little and a recipient might forget why your mail is showing up at all.  There is no “one size fits all” cadence which makes it important to obtain and maintain as many details about user preference as possible.

Hear from Mapp’s Deliverability Team 

At Mapp, we’re committed to empowering senders.  With our knowledge of these best practices, we can help make sense of what can be a daunting list of requirements.  We keep current with the latest requirements through continuing education and industry outreach so senders can focus more on creating compelling collateral that inspires their recipients to action. So, if you’re looking for help, why not have a chat with our experts?

*Mapp MTA statitstics 

Recent Articles