How to Prepare for Gmail & Yahoo's New Sender Requirements

Yahoo and Gmail have announced that starting in February 2024, senders will need to authenticate their email domain when sending emails to Gmail and Yahoo accounts. Google cites their reasons for these changes in requirements as: to protect recipients from malicious messages, help protect organizations from being impersonated, and to reduce the likelihood of emails being rejected or marked as spam by Gmail.

Google is requiring domains to be authenticated by February 1, 2024. Yahoo is following suit, but has not yet specified a date. To help you prepare for these upcoming changes, we’ve got the steps to protect your organization and continue your email efforts without any bumps in the road.

What Are the Requirements?

The requirements that senders must meet depends on the number of emails they send. Google has split these into two different approaches: all senders and those who send over 5,000 messages per day, called bulk senders.

Requirements for all senders

• Authenticate your domain

  • Sender Policy Framework (SPF) is an email authentication protocol that helps to prevent email spoofing (a common tactic used in phishing attacks and spam emails.) A SPF record identifies the mail servers and domains that can send emails on behalf of your domain. Each domain can only have one SPF record.

  • DomainKeys Identified Mail (DKIM) is a protocol that allows a domain to take responsibility for sending a message by signing it in a way that can be verified by mail providers. 

• Lower spam rates

  • Spam rates are calculated on a daily basis. The goal is to keep your spam rate below .1% and should never reach higher than .3%. If your spam rate does climb, your messages could be sent directly to spam folders or blocked entirely.

Requirements for bulk senders

Bulk senders will be required to adhere to requirements outlined above as well as… 

• Advertisers must have a DMARC policy

  • Domain-based Message Authentication Reporting and Conformance (DMARC) is an authentication standard that offers domain-level protection of the email channel. Its authentication identifies and prevents email spoofing techniques in email-based attacks. It is also the first and only widely deployed technology that can make the header from a domain trustworthy. 

• Messages must pass DMARC alignment

  • This means that the sending Envelope From domain is the same as the Header From domain, or that the DKIM domain is the same as the Header From domain.

• Messages must include one-click unsubscribe

  • To make unsubscribing easy, one-click opt-outs will now be required. This is a feature that is coming soon to AdRoll! 

How to Make These Changes

Steps to setting up email authentication within AdRoll

It’s important to keep in mind that email campaigns in AdRoll that do not adhere to these requirements by the required date will be paused.

1. Specify your email sending domain

Navigate to Email Settings, and choose Email Authentication. You can also reach this area by going to Email Newsletters or Automated Emails then Settings to Authentication. If you already have our pixel setup on your site, the sending domain field will be pre-filled with this info. You can also delete your configuration data to specify any sending domain. You can delete and update the sending domain whenever needed.

1. Specify “CNAME” or “TXT” configuration data

AdRoll automatically supplies and recommends a CNAME style for authentication setup. If your website has a domain purchased from Shopify or if your email authentication is limited to TXT-style configuration, delete your configuration data and choose TXT option. Click Generate to see the configuration data that is needed to copy over.

1. Copy email authentication data over to your DNS provider

The configuration data that is generated needs to be copied over to your DNS provider. That is typically where you purchased your domain name, like GoDaddy.

If you’re not comfortable with or know who your DNS provider is, work with your IT person to complete this step. You can find a complete DNS email authentication guide here.

1. Return to AdRoll and verify setup

Once you have copied your data over, return to the AdRoll platform and click Verify. It may take up to an hour for your DNS provider to get your email authentication published. Set this aside and come back if it doesn’t verify immediately. If some records are verified, but not others, double check whether the data copied over is accurate. When you see Yes for each item under the Valid column, you’re all done!

That’s it! Confirm your success by sending an email. Just navigate over to Automated Emails or Newsletter Emails and send yourself a preview.

You can watch the video walk through for email authentication on AdRoll here.

When to Get Started

We recommend starting making these changes right away, but January at the latest. Earlier adoption will help you avoid any disruption in email sends in February. Authentication also helps systems trust your emails, so you’ll find this is beneficial to you even before these changes take place. Because these changes may take some time or your IT team, the additional time will help ease collaboration and internal processes.

Step Up Your Email Strategy With AdRoll

Choose from over 200 professionally built templates to create and send expertly designed emails with AdRoll. Our email brand manager, AI-powered creative partner, and drag and drop email builder make customizing your emails with your own images, logos, and colors fast and simple — no creative or development experience required. Learn more about getting started today!

More helpful AdRoll links:

• Unsubscribe link in email templates

• How to update DNS for AdRoll email authentication

• Configuring your AdRoll email sending identity

• Setup email authentication, SPF & DKIM

Last updated on December 22nd, 2023.