Google & Yahoo's 2024 Email Sender Rules Explained
A guide to the 2024 Google and Yahoo sender requirements. Learn about the new rules for SPF, DKIM, DMARC, spam rates, and one-click unsubscribe.
In February 2024, Google and Yahoo began enforcing new requirements for all email senders, especially those sending over 5,000 emails per day. These rules mandate email authentication via SPF, DKIM, and DMARC, keeping spam complaint rates below 0.3%, and offering a one-click unsubscribe option. The goal is to reduce spam and increase security for all email users.
TL;DR
- Authentication is mandatory: Senders must implement SPF, DKIM, and have a DMARC policy.
- Spam rate threshold is firm: Senders must keep user-reported spam rates below 0.3%, and ideally below 0.1%.
- One-click unsubscribe is required: Bulk senders must include a one-click unsubscribe link in message headers.
- The rules apply to everyone: While stricter for bulk senders (5,000+ emails/day), all senders must use at least SPF or DKIM.
- Enforcement is gradual: Non-compliant senders faced temporary errors starting in February 2024, with rejections increasing from April 2024.
The 'Why' Behind the 2024 Sender Changes
In early 2024, Google and Yahoo implemented new requirements for email senders to create a safer and less spam-filled inbox experience for their users. These changes aim to close loopholes that attackers exploit and give users more control over the messages they receive. The rules apply to all senders, but are more stringent for bulk senders, defined as those sending close to 5,000 or more messages to personal Gmail accounts within a 24-hour period. Senders who meet this threshold even once are permanently considered bulk senders. The core pillars of these new guidelines are stronger email authentication, maintaining low spam complaint rates, and providing an easy unsubscribe process.
Mandatory Email Authentication: SPF, DKIM, and DMARC
A central requirement of the 2024 updates is the mandatory implementation of email authentication protocols to verify a sender's identity and prevent spoofing. All senders must authenticate their mail with at least Sender Policy Framework (SPF) or DomainKeys Identified Mail (DKIM). Bulk senders, however, must implement SPF, DKIM, and Domain-based Message Authentication, Reporting, and Conformance (DMARC).
DMARC builds on SPF and DKIM, allowing domain owners to specify how receiving mail servers should handle messages that fail authentication checks. For the 2024 requirements, a minimum DMARC policy of p=none is sufficient, which monitors sources but does not affect delivery. Additionally, the domain in the 'From:' header must align with either the SPF domain or the DKIM domain to pass DMARC alignment.
| Requirement | All Senders | Bulk Senders (5,000+ emails/day) |
|---|---|---|
| SPF Authentication | Required (SPF or DKIM) | Required |
| DKIM Authentication | Required (SPF or DKIM) | Required |
| DMARC Policy | Recommended | Required (at least p=none) |
| Header Alignment (From:) | Recommended | Required (SPF or DKIM alignment) |
Spam Rate Thresholds and One-Click Unsubscribe
To ensure senders are delivering relevant content, both Google and Yahoo now enforce a strict spam complaint rate threshold. Senders are required to keep their user-reported spam rate below 0.3%, with a strong recommendation to stay below 0.1%. Senders can monitor their spam rates using tools like Google Postmaster Tools. Exceeding the 0.3% threshold can lead to delivery delays and rejections.
For bulk senders, providing an easy way for users to opt-out is now mandatory. This must be a one-click unsubscribe option, implemented by including a List-Unsubscribe header in the email. This allows email clients like Gmail to display an unsubscribe button at the top of the message, separate from any link in the email footer. The deadline for implementing the one-click unsubscribe feature was June 2024. Unsubscribe requests must be honored within two days.
Consequences of Non-Compliance
Both Google and Yahoo began a gradual enforcement of these new rules in February 2024. Initially, a small percentage of non-compliant email traffic from bulk senders received temporary errors with specific error codes to help them identify and fix issues. Starting in April 2024, both platforms began rejecting a percentage of non-compliant traffic, with plans to gradually increase the rejection rate over time. This means that failure to comply will increasingly result in emails not being delivered at all, rather than just being sent to the spam folder. These rules affect any email sent to a personal @gmail.com, @googlemail.com, or any Yahoo-hosted email address.
Related reading
- understand how these changes affect inbox placement
- see our latest cold email reply rate research
- compare the costs of in-house vs outsourced SDR teams
Frequently Asked Questions
What is a bulk sender according to Google's 2024 rules?
A bulk sender is any sender that sends close to 5,000 or more messages from the same primary domain to personal Gmail accounts in a single day. Once a sender meets this threshold, they are permanently classified as a bulk sender.
What DMARC policy is required by Google and Yahoo?
The minimum requirement is a DMARC policy of p=none. This policy allows you to monitor email streams without affecting the delivery of messages that fail authentication.
What is the spam complaint rate limit for the 2024 sender rules?
Senders must keep their spam complaint rate below 0.3% and are strongly encouraged to maintain a rate below 0.1%. This rate is monitored through tools like Google Postmaster Tools.
When did the one-click unsubscribe rule go into effect?
The requirement for bulk senders to implement a one-click unsubscribe header became mandatory in June 2024.
Do these rules apply if I send less than 5,000 emails per day?
Yes, while some rules are stricter for bulk senders, all senders must authenticate their email with at least SPF or DKIM and keep their spam rates low.
Last updated: May 2026