Badsender

All you need to know about the new deliverability rules for Gmail and Yahoo! unveiled in 2024

published on ,
updated on

In 2024, the small world of email marketing is buzzing around the Gmail and Yahoo! announce new deliverability rules. This article takes the time to review these changes and follow them over the long term.

These new rules, like all email deliverabilityare first and foremost designed for protect users. Protect them from spam and unsolicited messages, but above all to guarantee their safety.

These two major objectives involve the need to prove your identity through various more or less technical processes and ensure that the recipients of your emails really want to receive them (and can therefore also object to receiving them).

This article is freely available.

It took time and expertise!

This month, thanks to our customer-sponsors: Actito, Puig France, Voyageurs du Monde, CMI France, Cegeka, BPI France, Citeo, FFT, Castor & Pollux, Clarins, Mews Group. They enable us to publish free content. Thanks to them, Badsender is fulfilling its mission of educating the French emailing and CRM ecosystem to promote responsible email.

With over 10,000 monthly readers, if only 1% became customers, we'd continue this mission for a long time to come! Become a customer and benefit from our expertise while supporting the production of open knowledge.

See what we can do together

Let's make no mistake. Together, Gmail and Yahoo! have simply dictated the new minimum foundation for email deliverability best practices.. In B2C databases, Gmail is often the most represented destination. By teaming up to announce very similar rules, the two players can be sure that all senders will align themselves with them. There's a reason why so much digital ink has been spilled.

Last update: November 4, 2025

Live - Deliverability: what to make of the recent announcements from Gmail and Yahoo!

This is the kind of (complex) subject that it's essential to cover orally.
In this live report, we go over every point of the latest announcements. We'll explain the impact on the delivery of your emails, and what you need to do to ensure they're received correctly.

Watch the live on Youtube

Pace of rollout of new Gmail and Yahoo! rules

Deployment began gradually in 2024, but one key date marks a milestone major reinforcement of enforcement. As of November 2025, Gmail is stepping up the enforcement of its guidelines on non-compliant traffic. This phase marks the end of the grace period: messages that do not comply with the sender's requirements will experience disturbances, including temporary (4xx) and permanent (5xx) discharges. Application of the rules will now be less selective than before

Who is affected by these updates?

Any sender targeting Yahoo! and Gmail addresses. For Google this means two : gmail.com and googlemail.com. Google specifies that these rules do not apply to e-mails sent to business mailboxes from Google Workplace.

On the Yahoo! side, this concerns a large number of domain names (yahoo.com, yahoo.com, ymail.com, aol.com, aol.fr...). You can find an "almost" exhaustive open source list of Yahoo! deliverability destinations at our EmailDestinations project on GitHub.

Mass shippers are subject to some additional requirements which we'll explain below. Google points out thatfrom 5000 emails per day, you are considered a mass sender. There is no encrypted limit for Yahoo! which defines a mass sender as one who sends a "significant" quantity of emails.

If you're reading this, you're probably a mass-mailer. So try to comply with all the email best practices listed below. It can't hurt.

Should we expect Armageddon?

No. Just confirmation of good deliverability practices which have been repeated for many years. By the way, on the technical side, it's likely that if you go through a professional platform you're already obliged to authenticate your emails correctly, and that one-click List-Unsubscribe has been available for a long time.

The scary thing is now the rules are official, They're hard-written in documentation, and the consequences are known. More importantly, Gmail's approach has shifted from education to’active application of its requirements. From November 2025, Non-compliance for mass-mailers will result in explicit rejection (codes 4xx/5xx). No more silent spam placement for clear violations of the guidelines. And so.., if you're a spammer (or one who doesn't know it), your life is going to get a lot harder, because delivery interruptions will be direct.

If, on the other hand, you have good deliverability practices, you should be able to get by with a few minor adaptations.

On the other hand, compliance with these rules will in no way guarantee delivery of your emails in the main box. It's still a minimum to respect.

Finally, it's important to note that allowing your email recipients to feel safe and confident in their inboxes is also a great way to improve the overall email user experience. The less spam and illegitimate emails there are, the higher the visibility of your messages. Think about it!

Respect the basics of email deliverability

In its documentation and FAQ, Yahoo! takes the liberty of recall some basic elements that you are supposed to respect if you respect the law:

  • Make sure yousend emails only to recipients who have requested them.
  • Respect the delivery frequency promised at the time of registration (don't move your subscribers from your newsletter to your daily newsletter without asking).
  • The optin must be explicit (no pre-checked boxes).
  • Don't buy a contact list (and stop using previously acquired lists).
  • **Remove inactives** from your contact lists.

All this should have been taken for granted a long time ago, but unfortunately we have to admit that this is not the case in our daily lives. If you don't respect even these elements, respecting the new Gmail and Yahoo! rules won't be enough..

Deliverability indicators

Maintain an email complaint rate below 0.3%

For both Gmail and Yahoo!, the threshold rate is clear: you must not never exceed the 0.3% limit for spam complaints. At Google, negative impacts begin if you exceed 0.1% spam complaints. The 0.3% is a threshold beyond which your e-mails will land in the spam box or be rejected. Maintaining a spam rate of 0.3% or more makes the shipper ineligible for delivery support or mitigation measures.. Shippers remain ineligible as long as the rate is above 0.3%, and become eligible again after 7 consecutive days below this threshold.

For Gmail, the reference rate is the one in the "Spam rate" tab. on Google Postmaster Tools. At Yahoo! you can track your complaint rate via the Yahoo! feedback loop or via the Deliverability and Performance Feed.

Yahoo! specifies that the complaint rate is calculated by dividing the number of complaints by the number of successful emails.

Graph tracking complaint rates in Google Postmaster Tools

Who's concerned? The whole world

What does this mean in concrete terms?

First step, if you haven't already done so, configure Google Postmaster Tools for all your domains and sub-domains. This will enable you to track your Gmail spam complaint rate. On the Yahoo! side, you will need to have configured the "Complaint Feedback Loop" to find out your complaint rate.

Here, we're not dealing with a technical criterion, but with a question of performance. To achieve control your complaint rateit is recommended to work on acquisition sources addresses, on email inactives and on segmentation. In general, all the good marketing practices that are good for your engagement rates will also be good for reducing your spam complaint rate.

It is also We recommend that you separate your different types of email into different sub-domains (and different IPs).. This makes it possible to have different complaint rates for different types of messages, and to avoid having all your emails blocked at once.

Authentication required for everyone

We won't go into too much detail here, as we have several very complete articles dedicated to theemail authentication to which you can refer.

Just remember :

These three techniques (along with the 4th, BIMI, which is not affected by the new Gmail and Yahoo! rules) allow you toauthenticate that the email sender is legitimate.

DKIM "or" SPF configuration

For all email senders to Yahoo! and Gmail, setting up either DKIM or SPF becomes mandatory.

Who's concerned? The whole world

What does this mean in concrete terms?

It is necessary to configure one or other of these techniques for all your emailsSPF is the simplest of the two to deploy. The simpler of the two to deploy is normally SPF.

DKIM "and" SPF configuration

SPF and DKIM have been recommended for many years. Bulk mailers will now have to configure both or their emails will be rejected.

In its documentation, Google recommends using the same domain for email authentication as for hosting your public website. This further strengthens the legitimacy of your domain and therefore of your mailings.

Who's concerned? Mass shippers

What does this mean in concrete terms?

If you're using a pro email solution, then you should find all the information you need in its documentation. Every modern mailing platform must implement SPF and DKIM.

If, on the other hand, you've built an in-house mailing solution, especially for DKIM, you're going to have your work cut out for you.

DMARC configuration

The use of DMARC becomes mandatory for mass shippers. It is always authorized to use a minimal none policy (p=none). However, it is crucial to note that the absence of a DMARC registration (with a minimum none policy) makes the shipper ineligible for delivery support or mitigation measures. It's always a good idea to use DMARC reports to bring all your email traffic into line.

Who's concerned? Mass shippers

What does this mean in concrete terms?

The most basic action is simply to have a DMARC record on your DNS server. It's simple, and doesn't cost more than a 10-minute intervention.

Ideally, DMARC reports should be monitored. to ensure that all your traffic is properly authenticated.

Example of DMARC (EmailConsul) report by email source

Shipping strategy and technical configuration

Sending domain alignment

Once again, to legitimize your identity as a sender, Yahoo! and Google ask you to align your domains. This means that domain names to send your email must be the same as those used in your SPF and DKIM authentications.

There has to be a correct alignment with one of the two authentication techniques, either SPF or DKIM (but both at the same time is even better).

When it comes to alignment, there are two different levels. Strict or relaxed alignment. Strict alignment means that the domain is exactly the same, whereas on "relaxed" alignment, a sub-domain is allowed. The DKIM and SPF alignment policy is defined in your DMARC registration. A "relaxed" alignment is allowed by Gmail and Yahoo!.

Who's concerned? Mass shippers

What does this mean in concrete terms?

This is one of the most technical points in this article. To check your alignment level, you'll need to read the technical header of your email and check 3 things:

  • From:" address This is the email address displayed to the recipient.
  • Sender address "Envelope This is the Return-Path email address declared in the SMTP dialog, and to which bounces will be sent.
  • The domain declared in the DKIM signature(s)

SPF alignment means that the domain of the "Envelope" address is the same as the domain of the "From:" address. In relaxed mode, sub-domains are allowed. In strict mode, it must be exactly the same domain.

Example of SPF alignment rules from Google documentation.

DKIM alignment means that the domain of the DKIM signature is the same as the domain of the "From:" address. In relaxed mode, sub-domains are allowed. In strict mode, it must be exactly the same domain.

Example of DKIM alignment rules from Google documentation.

To validate DMARC, at least one of the two alignments must be respected.

More details in Google's documentation on the subject : https://support.google.com/a/answer/10032169?sjid=6612418846590111173-NA#alignment

Valid "reverse DNS" and "forward DNS" records

Once again, it's a bit technical! In short, these two techniques enable you to check that your sending domain is linked to your IP address via a type "A" DNS record (forward DNS). And in the other direction, your IP address is linked to your sending domain name via a "PTR" (reverse DNS) DNS record.

Two-way validation provides additional proof of the legitimacy of your emails and the absence of identity theft.

Who's concerned? The whole world

What does this mean in concrete terms?

Test your IP and domain configuration. I recommend that you do it via MultiRBL. By entering your IP address, the tool will automatically check that the domain in the PTR record refers to the original IP address.

Best practice example of reverse and forward DNS at LinkedIn

Yahoo! specifies that the domain name present in the PTR record of your IP address must refer to your "From:" domain in some way.

Format your messages correctly

Your messages must comply with the Internet Message Format Standard described below. in RFC 5322. We won't go into it for too long in this article. It's all very technical. This standard describes how an email should be formatted. It must be respected. End of story 😉

Who's concerned? The whole world

What does this mean in concrete terms?

Probably nothing if you use an email tool market. It's up to them to make the changes, but chances are they're already compliant. If, on the other hand, you're using an "in-house" e-mail solution, you'd do well to check your compliance.

Introducing List-Unsubscribe "One-Click

As a reminder, List-Unsubscribe is the technical mechanism that enables webmail and messaging interfaces to display a unsubscribe button outside email content.

It becomes mandatory for Yahoo! and Gmail to put a List-Unsubscribe in your email headers. This List-Unsubscribe must be in "Post" mode. This means that the person who clicks on this List-Unsubscribe will no longer have to exit the webmail or email client interface to perform the unsubscribe action. The information will be automatically sent to the email routing platform.

What's more, this List-Unsubscribe will only be active if the email is signed by DKIM and DKIM signs the List-Unsubscribe and List-Unsubscribe-Post elements of your email.

Example of List-Unsubscribe in Gmail on an email from City Box Office

If the "one-click unsubscribe" option becomes compulsory, this is only for promotional and commercial emails. Transactional emails should not be equipped with it.

The deadline is June 2024 for Yahoo! and Google. Unsubscription must be effective within two days of the user's action.

Who's concerned? Mass shippers

What does this mean in concrete terms?

Again, if you're working with a professional email solution, the implementation should be done directly by them. Nevertheless, if in doubt, you can check your email headers and see if you can find a "List-Unsubscribe-Post: List-Unsubscribe=One-Click "and the "List-Unsubscribe:" header contains a URL.

With a few exceptions, your business router directly manages the implementation of List-unsubscribe in the technical e-mail header, not in the HTML template.

If you're using an in-house system and you're not using the unsubscribe mechanics natively integrated into your email campaign management solution. Then you've probably got your work cut out for you.

Using an encrypted connection with TLS on the Gmail side

TLS is used to encrypt the connection between two servers (in this case, SMTP for sending e-mail). While TLS was already widely recommended is now mandatory in order to send emails to Google.

Who's concerned? The whole world

What does this mean in concrete terms?

Once again, this is a highly technical notion, which takes place entirely on the sending server side. In principle, there's nothing to worry about if you're using a commercial solution. In Gmail, you can easily check whether an e-mail has been sent via a TLS-secured connection.

Check that TLS is used to send an email.

Other changes

Mass mailings from one address gmail.com

Google will publish a DMARC record with a "quarantine" policy. Yahoo! has long since switched to a "reject" policy.

This means that if you send emails with an address like mycompany@gmail.com from a third-party mailing platform (i.e. not from Gmail), your emails will be rejected or spammed.

Who's concerned? Not so many readers of this page (I hope)

What does this mean in concrete terms?

You'll need to use a domain name specific to your company and configure it on your mailing solution. If you don't have a domain name (and therefore no website), it's time to acquire one.

Simple and immediate unsubscribing

It must be easy for your recipients to unsubscribe of all the e-mails sent by your company, and all at once (even if you have several types of e-mail). This means that the unsubscribe link in your email must be visibleclearly identifiable and lead directly to a preference or unsubscribe page.

This means you don't have to put unsubscribing behind a login screen, or wait a month for the action to take effect. What's more, unsubscription must be effective within two days depending on the user's action.

Who's concerned? Mass shippers

What does this mean in concrete terms?

Set up a clearly visible unsubscribe button in your emails, allowing you to unsubscribe from all your emails at once. In an ideal world, this link would redirect to a email preference center.

FAQ

Will non-compliance trigger specific bounces?

Yes, and that's the essence of change in 2025. From November 2025, Gmail will prefer direct SMTP rejection. This rejection is accompanied by a rejection code and a specific reason. This is beneficial, as it puts an end to «silent spamming» for non-compliance, making failures a thing of the past. traceable and analyzable.

Reject messages will include an error code indicating the cause of the failure. For example, you might encounter: 4.7.27 (SPF failure), 4.7.30 (DKIM failure), 4.7.31 (No DMARC), or 4.7.32 (DMARC misalignment).

What's more, failure to comply with certain rules (such as a spam rate > 0.3% or the absence of minimum DMARC) makes the sender ineligible for assistance or mitigation.

In some cases, failure to comply with the rules (at least at Google) means that your mitigation requests via their contact form will be rejected by default.

Will a deleted/deactivated account send a specific bounce (soft, hard)? If so, on all shipments?

If we're referring to the fact that Gmail has been deactivating inactive email accounts since early December 2023 (the famous Gmail purge). So yes, deactivated addresses return bounces of the unknown user type.

Is List-unsubscribe required for all email types?

No. One-click List-Unsubscribe is only required for promotional and marketing e-mails. Basically, for emails where it's legitimate for a recipient to want to unsubscribe. List-unsubscribe is therefore not required for transactional emails.

Do certifications such as Validity or CSA have an added value on this subject-> avoid blacklisting in the event of a complaint rate exceptionally above the acceptable threshold?

For Gmail, no. For Yahoo, if you're above the Validity threshold you'll lose certification, so it's all the same.

Do you have any service providers to recommend for reinterpreting the DMARC reports generated?

There are plenty of them on the market... Dmarcian, DmarcAdvisor, EasyDmarc, Merox, Dmarc.fr, ...

Can't we use a preference center anymore? Or have a direct link and a link to the preferences?

In its documentation, Yahoo explicitly mentions the advantages of the preference center.

How to monitor with GPT do you have an article on this?

Yes, it's this way: https://www.badsender.com/2018/12/18/

So can we still have a landing page on our site on which we ask questions about why we unsubscribe?

List-Unsubscribe must be clearly distinguished from the unsubscribe link in the e-mail. In List-Unsubscribe, there will no longer be the option of declaring a landing page, as unsubscribing must be a one-click, immediate process. On the other hand, in the e-mail unsubscribe link, the landing page can still be used, but unsubscribing must be the primary objective of this page.

If there's a «preference center», unsubscribing via list-unsubscribe won't prevent you from receiving «other mails/optins». Gmail may therefore think that we're still sending e-mails.

The average threshold would then be to deoptinize on all optins. From what I've heard from people at Google, the pref center is still ok for them. They just don't want unsubscribed recipients to continue receiving mail.

Would theunsubscribe list become mandatory for all mailings?

No, it's only for commercial and marketing mailings. Triggers (confirmation, lost password, etc.) are excluded unless they are of a commercial nature.

Are the big emailers (mailchimp, brevo, others) already aligned with these prerequisites? Or... more or less?

It varies a lot. A distinction can be made between self-service platforms and those requiring Onboarding. The latter will be much better equipped, especially when it comes to domain name alignment, reverseDNS, etc., even if it's not perfect everywhere. On other self-service platforms, such as Mailchimp, there are bound to be quite a few changes, since many of them use the platform's technical domains, particularly when it comes to SPF alignment.

If you have several types of optin (because several types of message) and the user unsubscribes from a single opt'in, how will Gmail interpret this?

He'll misinterpret it... because he won't understand the difference between your different types of optins unless you take him to a Preference Center.

Don't imagine for a second that Google, Yahoo and others aren't capable of detecting your users' various actions. Their resources are sufficient.

How do they differentiate commercial emails from password emails, confirmations, etc.?

To be able to differentiate between them, you need to help them. On the one hand, the content (both the content of the e-mail and the subject line) of your e-mail helps Gmail and Yahoo to categorize the type of message, but it's also a question of the delivery address. If you get Gmail and Yahoo used to sending your purchase confirmations and lost passwords from one delivery address and your newsletters from another, this will help them categorize and know what filtering behaviors they need to have on the different message typologies.

Is there a set complaint rate per day or per campaign?

I'll say per day, I haven't seen a notification that stipulates this be done to the campaign because not all mass mailers have set up their feedback loop (for Gmail).

Haven't there been a few BIMI breaches with certified spammers?

Yes, a few months ago at Gmail because of Microsoft :p

Is it possible to consult this complaint rate?

Google provides 2 types of complaints in its Google Postmaster Tools: complaints per day (Spam Rate) and complaints per campaign (Feedback Loop - if properly configured via a Feedkback-id).

Microsoft is very (more) restrictive, isn't it?

I don't know if you could say they're more restrictive... I'd say they're less legible in the way they work. As a result, filtering and blocking may be more abrupt. What Gmail & Yahoo are doing is pretty strong, and lays a real foundation. It's a shame that Microsoft isn't participating in this movement in the same way... In short, it's more complicated to manage at Microsoft.

Will this reinforcement of best practices for 2024 be homogeneous worldwide, or will there be differences by geographical zone (e.g. EU vs. US vs. South America)?

There's one point I didn't make about Yahoo, but you have to distinguish Yahoo Japan from the rest of the world. Yahoo is a separate entity from Yahoo, so the rules don't apply. Otherwise, I don't think there will be any difference in treatment between countries for Gmail or Yahoo.

Where I can't get clear information about the spam rate: is it a rate that must not be exceeded for all sub-domains? For example, if a sub-domain exceeds these rates, does it penalize all sub-domains with the same «master» domain, or just the sub-domain concerned?

I think it's interesting to keep things in perspective. If you exceed the complaint rate of 0.3% on the main domain, you're potentially going to have an impact on all the sub-domains, and then you also have to monitor each independent sub-domain, but I don't think - but this will have to be checked - that if a single sub-domain causes a problem that there will be a contagion on the other sub-domains and on the main domain. In any case, we'll be learning a lot from February 2024 onwards about what's going to happen to campaigns.

What do you think is behind these new requirements? It seems to me that the underlying aim is to reduce the volume of mail stored.

What you need to bear in mind is that the major messaging operators face 2 major challenges: 1) Ensuring that the user experience of their solution is pleasant. This is the number one criterion, as it will enable them to keep their users and thus stay afloat, generate advertising revenue and clearly filter out spam and graymail. 2) The cybersecurity aspect: all these rules will make it easier for them to reject more criminal-type messages (phishing, extortion, scams, etc.), as there is a legal risk vis-à-vis them if they were to do a poor job of protecting themselves.

Do you have any feedback on the benefits of using private IP addresses for deliverability?

We're talking here about dedicated IP(s). There are many brands for whom dedicated IPs are not relevant, because their volumes are too small or their mailings too irregular, in which case it's better to continue with shared IPs. After certain thresholds, it's difficult to give figures without knowing the advertiser's context. On the technical side, a dedicated IP address will make it easier to comply with reverseDNS or DMARC alignment with the MailFrom / return-path domain signed with SPF, since this IP will only be used by a single advertiser.

What should a marketer listening to this live stream do to avoid being impacted by Gmail and Yahoo requirements?

Call a meeting with your alter ego in the IT department to review the various points mentioned in our article and classify them into 3 categories: this is ok, that's not ok, that we don't understand. And anything you don't understand, you'll need to ask your campaign management tool's support, or call in external consultants (like us) to draw up a checklist and make recommendations for implementation and deployment (send us an e-mail at yesreply@badsender.com).

And maybe define what a complaint is?

Yes, an action on the e-mail SPAM button with a feedback loop behind it.

Would the BIMI standard have an impact on this? Is it mandatory? Is there any point in doing so?

No impact on this subject. No Bimi is not mandatory at the moment, but I strongly recommend it for several reasons: adding an additional security protocol to the DNS, legitimizing the brand by displaying the logo and checkmarks (at Google and potentially at Yahoo if they decide to bring it back into service) to recipients.

DMARC becomes mandatory?

For mass mailings, yes, but it's better to implement it everywhere. It would be a shame to give the spammer a free ride by not securing your domain name and/or monitoring its activity (via DMARC reports).

Live: Yahoo and Google deliverability rules change... what's next?

At the start of 2024, Google and Yahoo! shook up the email marketing world with a series of new deliverability rules. After a few weeks, what is the real impact of these rules? And above all, while some were completely unprepared, what can we expect in the future? Should we expect even more drastic rules in 2025? How can we prepare for future waves?

We discussed all this with Yanna-Torry Aspraki (EmailConsul and EspecialMail) and Yves-Marie Le Pors-Chauvel (Postmastery).

Related resources

Google publications

Publications from Yahoo!

Additional resources

Support the "Email Expiration Date"

Brevo and Cofidis financially support the project. Join the movement and together, let's make the email industry take responsibility for the climate emergency.

I want to know more

Share

The author

Jonathan Loriaux Avatar
Jonathan Loriaux
I've been involved in email marketing for over ten years, and my career path began on the technical side (email campaign integration) before moving on to sales (as an eCRM expert) and finally marketing consultancy. For the past 9 years, I've been the author of the Badsender.com blog. Emailing isn't just an expertise, it's truly become my passion, which is why Badsender is now my main activity, with the creation of an emailing consulting business linked to the site.
All publications by Jonathan Loriaux
Previous
Next

Leave a Reply

Your email address will not be published. Required fields are marked *