In an ongoing effort to enhance email security and combat malicious messages, leading email service providers (ESPs) have been steadily improving their policies for bulk email senders.
The goal? To thwart domain spoofing and make it easier for ESPs like Google, Yahoo, and Microsoft to detect malicious content.
Google and Yahoo were the first major ESPs to impose new requirements, which took effect in February 2024. Soon after, Microsoft announced its plans to join the fray.
If your business relies on sending marketing emails to existing and potential customers, here’s what you need to know.
Are you or are you not a bulk sender? That’s a question that has a slightly different answer depending on the ESP.
In short, if sending thousands of daily emails isn’t part of your marketing campaigns, the new requirements for bulk senders won’t apply to you. But if your company does qualify as a bulk sender, you’ll need to comply with ESP requirements to keep your email messages from landing in recipients’ junk folders.
Important Note: ESPs can classify your messages as spam even if they don’t classify your domain as a bulk sender. Trying to fly under the bulk sender radar will not allow you to avoid ESP content and protocol filtering.
Let’s face it—complying with the ESPs’ requirements requires measures bulk senders should already be taking. But if you’re not in the loop, here’s what you need to do.
Google and Yahoo require bulk email senders to set up email authentication records for their sending domains, and we can assume Microsoft will too. This involves configuring three crucial email authentication protocols for verifying the legitimacy of the sender's domain and preventing email spoofing—SPF, DKIM, and DMARC:
These protocols help verify the sender's identity, protect against domain spoofing, and improve the overall trustworthiness of email messages. And while DMARC enforcement isn't an immediate requirement, all providers encourage its adoption, indicating that it may soon become mandatory.
This one’s obvious: Don’t make users jump through a bunch of hoops to opt out of your marketing emails. Simplifying the unsubscribe process helps maintain a positive sender reputation and reduces the risk of emails being marked as spam.
To improve the user experience and reduce spam complaints, ESPs mandate an "easy unsubscribe” feature—in other words, implementing a One Click Unsubscribe option that allows recipients to opt out of emails with minimal effort.
All leading ESPs will enforce strict thresholds for reported spam rates. Domains with spam rates that exceed these thresholds will be blocked—bulk sender or not. Here's what you can do to stay compliant:
Ensuring your email systems have valid DNS records is critical for email security. Configuring SPF, DKIM, and DMARC protocols will help. You should also regularly monitor and audit your DNS records for unauthorized changes. Using Domain Name System Security Extensions (DNSSEC) will help protect against DNS spoofing and keep the integrity of your DNS records strong.
You should also host your DNS with a reliable provider with robust security features, including DDoS protection and redundancy to ensure your DNS infrastructure remains secure and available.
These moves from the major ESPs create a shared responsibility model between email senders and mailbox providers. If you haven’t already taken steps to keep your bulk sender status in good standing, start now by checking the stats of your domain authentication records using this online tool from Valimail.
If you’re already enforcing DMARC, consider amplifying your authenticated domain with a DigiCert Verified Mark Certificate (VMC), which displays your brand logo before recipients open the message. A VMC is like a stamp of completion for doing your due diligence to configure SPF, DKIM, and DMARC—and it’s a marketing move that will pay off for your brand.
Want to learn more about topics like email security, Verified Mark Certificates, and digital trust best practices? Subscribe to the DigiCert blog to ensure you never miss a story.