Find articles, videos and help to use Spotler to the max.
  1. Gator Help Center
  2. Set up and Infrastructure
  3. Deliverability

Articles in this section

See more

Yahoo & Google 2024 + Microsoft 2025 Sender Guidelines

Kicking off February 2024, Yahoo and Google have put in place sender regulations which will require the following for senders who send bulk emails to these accounts: Authenticate outgoing email, avoid sending unwanted or unsolicited email, and make it easy for recipients to unsubscribe.​ You must ensure you meet these requirements in order to avoid a negative impact to the delivery of your mail.

Updated: Note this article also covers the changes by Microsoft who announced similar requirements starting May 2025.

The Requirements:

  • Set up SPF or DKIM email authentication for your domain.
  • Ensure that sending domains or IPs have valid forward and reverse DNS records, also referred to as PTR records.
  • Use a TLS connection for transmitting email.
  • Keep spam rates reported in Postmaster Tools below 0.10% and avoid ever reaching a spam rate of 0.30% or higher.
  • Format messages according to the Internet Message Format standard (RFC 5322).
  • Don’t impersonate Gmail From: headers. Gmail will begin using a DMARC “quarantine” enforcement policy, and impersonating Gmail From: headers might impact your email delivery.
  • If you regularly forward email, including using mailing lists or inbound gateways, add ARC headers to outgoing email. ARC headers indicate the message was forwarded and identify you as the forwarder. Mailing list senders should also add a List-id: header, which specifies the mailing list, to outgoing messages.

If you send more than 5000 emails per day:

  • Set up DMARC email authentication for your sending domain. Your DMARC enforcement policy can be set to “none”. 
  • For direct mail, the domain in the sender's From: header must be aligned with either the SPF domain or the DKIM domain. This is required to pass DMARC alignment.
  • Marketing messages and subscribed messages must support one-click unsubscribe, and include a clearly visible unsubscribe link in the message body

If you would like to read the requirements directly:

Google requirements

Yahoo requirements

Microsoft requirements

What You Need To Do

If you send emails from any Spotler Group product, note that we already handle most of these requirements for you. The only ones that you need to do are the items bolded and underlined in the list above. These are, setup DMARC authentication on your domain. Create a Google Postmaster Tools account and monitor your spam rate. Finally for marketing and subscribed messages, include a clearly visible unsubscribe link.

The unsubscribe link is self-explanatory, but we will now dive into explaining more about the other two.

DMARC

Important note: This article is meant to explain what DMARC is, not a guide of how one should implement it. DMARC has more considerations than this article explains and every domain will be different with its setup and rollout of DMARC.  

DMARC stands for Domain-based Message Authentication, Reporting and Conformance. It lives on the visible From address that you use to send your emails.

These mailbox provider requirements currently all talk about high volume senders, or sending over 5000 a day.  But that could change any day to just be all domains.  Therefore you should be setting up DMARC for every domain your business uses regardless of what the domain is used for. 

Note that to pass DMARC authentication your domain needs to also pass either SPF or DKIM authentication.  For many years now Spotler has not allowed customers to use domains that don’t already pass SPF, DKIM and DMARC.  But depending on the domain you use and its policy setting, all this DMARC talk is still important for you.

There are several different tools you can use to check whether you have a DMARC record set up, two popular ones are:

Whether you have a DMARC record, and whether it is doing what it needs to do are not exactly the same question.

If you don’t already have a DMARC record, here’s what you need to know.

DMARC has 3 policy levels, which you should move through one at a time:

  1. p=none (minimum requirement)
  2. p=quarantine
  3. p=reject (best)

The point of DMARC is to protect your sending domain from being abused or spoofed by malicious actors.  These policy values are instructions to the mailbox providers, for how to handle emails from your domain that fail authentication. 

The minimum requirement that mailbox providers ask for is a “none” policy but the intention of DMARC is for you to progress your policy up to “reject”.

“p=none” means your instruction to the mailbox provider, is to do nothing if they receive unauthenticated email from your domain. You technically pass DMARC.  But if some malicious actor is using your domain, you aren’t telling the mailbox provider to do anything about it.  The emails being sent from malicious actors will be delivered and your reputation can be impacted severely from them.

“p=quarantine” is in the mid-point for rolling out DMARC on your domain.  Your instruction to the mailbox provider, is to quarantine all email sent from your domain that fails authentication.  Malicious actors are now immediately unable to use your domain with the success they have with a “none” policy.  But quarantined emails could still be accessed by the recipients and your reputation can still be impacted.

“p=reject” means you are confident all email sent using your domain passes authentication.  Your instruction to the mailbox provider, is to reject all email sent from your domain that fails authentication.  This is the strongest policy setting and you should be aiming to get your domain to this level.

You cannot just immediately start with a “reject” policy however.  DMARC affects your whole domain.  You must check every possible use of your domain, passes authentication at all of its usages.  If you know your domain is only used at a single place, say an ESP, then you could go straight to the “reject” policy.  But if the domain you are managing is used elsewhere, say for your day to day business emails, then you need to make sure they pass authentication too.  Otherwise if you were to start higher than the “none” policy, you could impact your email sending from those other sources.

Another important note: DMARC is setup on the root of the domain.  Its policy applies to all subdomains.  You are setting up DMARC for the domain in its entirety.  Not just for the subdomain. So, if DMARC is setup for example.com, it’s also setup for esp.example.com and support.example.com, but not for example-esp.com or example.co.uk.

So if the domain you use for an ESP is a subdomain, where that domain is used elsewhere.  You are setting up DMARC for the domain in its entirety.  Not just for the subdomain.

Because of all this is why the DMARC setup in your DNS allows for reporting addresses (rua and ruf) for where mailbox providers should send reports about your DMARC authentication.

The idea with DMARC is that you should use the reporting feedback and start with a “none” policy.  You check the reports and make sure every email you send for your domain passes authentication, fixing any that fail.  When you are confident that all your genuine mail passes, you move to the “quarantine” policy and monitor again. When you are confident everything still passes ok, you move to the “reject” policy.  But if you are already 100% confident you could start with “reject” straight away.

An example DMARC record for a staged rollout with reporting would look something like:

  • v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com; ruf=mailto:dmarc@yourdomain.com
  • v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com; ruf=mailto:dmarc@yourdomain.com
  • v=DMARC1; p=reject; rua=mailto:dmarc@yourdomain.com; ruf=mailto:dmarc@yourdomain.com

Google Postmaster Tools (GPT)

Postmaster Tools

This is a set of tools that show you various metrics for your delivery to Google. The 2 best graphs to pay attention to are “User-Reported Spam”, where’ you’ll see how close you are to the target of <0.3%, and “Domain reputation”. Domain reputation is mostly for B2C senders at this point, as it measures how you perform when sending to @gmail, and @googlemail, but not GSuite (Google’s business accounts). However, there is a belief among deliverability experts that this will be expanded, so it’s worth familiarizing yourself with the tool now and benchmarking your current performance.

A graph with blue lines Description automatically generatedA graph with blue lines Description automatically generated

Microsoft Email Hygiene Recommendations

Microsoft also recommend the following for email hygiene…

  • Compliant P2 (Primary) Sender Addresses: Ensure the “From” or “Reply‐To” address is valid, reflects the true sending domain, and can receive replies. 
  • Functional Unsubscribe Links: Provide an easy, clearly visible way for recipients to opt out of further messages, particularly for marketing or bulk mail. 
  • List Hygiene & Bounce Management: Remove invalid addresses regularly to reduce spam complaints, bounces, and wasted messages. 
  • Transparent Mailing Practices: Use accurate subject lines, avoid deceptive headers, and ensure your recipients have consented to receive your messages. 

These are not currently technical requirements but they are worth reviewing.  The last three are self-explanatory but we have had some questions about the first so lets go into that.

This recommendation is stating that “from” or “reply-to” address should be valid.  And not an address which doesn’t exist where sending an email to it would bounce.  Ideally the replies go to into something that humans can access.  Sending from “noreply@” type addresses is not technically denied by this recommendation but the tone here is you shouldn’t use them.

Our Recommended Next Steps

Ensure Opt-Ins - Ensure you are emailing people who want to hear from you

Test Subscribed Contacts - Periodically send messages to ensure subscribed contacts are engaging

Avoid Spam Content - Links and attachments should be visible and easy to understand. Don’t encourage contacts clicking on links they don’t understand

Unsubscribe Contacts - Consider manually unsubscribing contacts who aren’t interacting

Readability - Keep spam score down with clear and engaging subject lines, and avoiding misleading text

“noreply” - Stop sending from “noreply@” type addresses and make the recipients feel they can reply and reach a human if they want to.

 

At Spotler, we have done most of the work for you in preparation of this but should you require further assistance please get in touch with your Account Manager via email or contact our Support team by logging a ticket to support@spotler.co.uk