Digital Chicks People Focused Tech Powered Logo

Gmail and Yahoo’s Authentication Changes

Did you know that approximately 90% of all emails sent are primarily business-to-consumer (B2C) communication? And that most consumers use either Gmail or Yahoo for their email accounts.

So, if you’re a business sending to consumers with these type of accounts, you’ll want to be sure you are ready for the new Google / Yahoo authentication requirements coming into effect February 2024. That’s right, next month.

Who Is Affected By These Changes?

These changes impact customers of any email service provider (ActiveCampaign, ConvertKit, Mailchimp etc.) and will go into effect in February 2024.

These new requirements primarily impact two groups of email senders:

  • Bulk senders – anyone who sends to more than 5,000 Gmail or Yahoo email addresses on any single day – this includes transactional emails
  • Anyone who sends email to a Gmail email address (i.e. you have Gmail addresses on your mailing lists) , regardless of sending volume

If you’re a smaller sender or only send transactional emails, you’re less likely to be impacted by the changes – but that doesn’t mean you can ignore them.

What’s required for large senders today will likely become a requirement for all senders down the road.

Plus, operating in the “barely compliant” zone, is rarely a good business strategy.

Why The Change

Properly authenticating emails that you send has always been a best practice, although not all senders use the tools available to protect their emails.

Unfortunately, if senders don’t properly authenticate their emails, they’re making it easy for bad actors to impersonate their domain to send phishing emails – —and that will damage your sending reputation.

Gmail and Yahoo are on a mission to protect their users from spam and unwanted emails, but if senders fail to properly secure their systems that mission is a whole lot harder to achieve.

That’s why Gmail and Yahoo decided that proper email authentication and following deliverability best practices are no longer a “nice-to-have”.

If you want to ensure your emails continue to make it to the inbox and protect your sending reputation, you’ll have to comply with key best practices for email authentication and spam prevention.

What Should You Do?

  1. Read any documentation sent to you from your email marketing company and start planning for these changes now
  2. Authenticate your emails using DKIM, SPF, and DMARC
  3. Use a TLS connection for transmitting email
  4. Making sure your sending server IP addresses have valid reverse DNS records (also referred to as PTR records)
  5. Don’t impersonate Gmail From: headers
  6. For direct mail, the domain in the sender’s From: header must be aligned with either the SPF domain or the DKIM domain (i.e. send from your domain name – like
  7. Format messages according to the Internet Message Format standard
  8. Implement best practices to reduce the occurance of your emails being flagged as spam
  9. Maintain a spam complaint rate under 0.10% (and avoid ever reaching a spam rate of 0.30% or higher)
  10. Allow people to unsubscribe by clicking just one link
  11. Honor unsubscribes within two days

Have a question?​

Are you planning a new or revised website? Maybe you want to create a course or membership?
Look no further, talk to us!
We are the experts you have been searching for.

Book a Call

How Digital Chicks Can Help

Navigating these changes (quickly) can be overwhelming and complex, especially considering the Social Media and SEO implications (if you have been using your website as your main online digital presence).

At Digital Chicks, we create customized digital marketing solutions, including websites (of all shapes and sizes), learning and e-commerce solutions, website management and support, SEO, and more.

Our team is ready to help you:

  • Develop a new, customized website that reflects your brand and meets your business needs
  • Manage your SEO and digital marketing plan to adapt to this (and other) changes
  • Manage the transition from your Google Site to your (new) website smoothly, ensuring minimal disruption to your online presence

Google’s decision to shut down “business.sites” websites may require some quick pivoting, but it also opens up opportunities to enhance your online presence through more advanced and tailored solutions.

Digital Chicks is here to guide you through every step of this transition, ensuring your business thrives online.

If you have any questions or need assistance building a new website for your business, please don’t hesitate to reach out.


  • Help protect email recipients from malicious messages, such as spoofing and phishing
  • Help protect you and your organization from being impersonated
  • Emails being sent following these requirements are less likely to be rejected or marked as spam by Gmail

All really really good reasons!

Changes are set to roll out gradually from February 2024, allowing for optimization and adjustments based on industry feedback.

These new requirements impact all senders, regardless of size, with a more noticeable impact on deliverability for bulk senders and transactional emails (if they are over the 5000 threshold).

This does not impact 1:1 email sending.

Heck no. We fully expect these requirements, and our understanding of them change, as the industry provides feedback.
Google and Yahoo will begin blocking mails that don’t meet their requirements. This can damage reputation and have long-term consequences on the deliverability rate of an email account.
Email messages that are sent in response to an action a user takes on a website or application

While Google has mentioned 5K daily sending as a criteria for defining a “bulk sender,” Gmail/Yahoo have clarified that email sending below those limits may be affected.

Yahoo explicitly states that there is no minimum volume threshold applicable to these requirements.

Therefore, we strongly encourage all customers to set up authentication, regardless of their email send size.

DKIM (DomainKeys Identified Mail) is an email authentication method that employs public-key cryptography to digitally sign emails, ensuring that the message body and attachments remain unaltered during transmission. The aim is to safeguard your email security and maintain the integrity of your domain.
DMARC, short for “Domain-based Message Authentication, Reporting & Conformance,” is like a guardian for your emails. It’s an email security standard that helps those who own a domain (like a website) monitor who’s sending emails on their behalf.
SPF, short for Sender Policy Framework, is a type of domain name TXT record that lists all the servers authorized to send emails from a particular domain.
Are you kidding – try saying “Domain-based Message Authentication, Reporting & Conformance” over and over again while talking. Even us techies have our limits.