Google and Yahoo Email Requirements: What Changed and What You Need to Do
Starting February 2024, Google and Yahoo enforced new requirements for email senders. If you send more than 5,000 emails per day to Gmail or Yahoo addresses, you must comply or risk having your email rejected. Even smaller senders benefit from following these rules.
The three requirements
1. Email authentication is mandatory
Every email you send must pass authentication checks:
- SPF — Your domain's SPF record must list the servers authorized to send email on your behalf. Emails from unlisted servers fail the check.
- DKIM — Your email must carry a valid DKIM signature that matches your sending domain.
- DMARC — Your domain must have a DMARC record. At minimum,
p=noneis required, butp=quarantineorp=rejectis recommended.
For a detailed setup guide, see The Complete Guide to Email Authentication.
2. One-click unsubscribe is required
Marketing and newsletter emails must include:
- A
List-Unsubscribeheader with an HTTPS URL - A
List-Unsubscribe-Postheader supporting RFC 8058 one-click - A visible unsubscribe link in the email body
The one-click mechanism must process unsubscribe requests within 2 days. This is exactly the standard Cleanbox uses for its one-click unsubscribe feature — when a sender supports RFC 8058, you can unsubscribe with a single toggle.
3. Spam complaint rate must stay below 0.3%
If more than 3 out of every 1,000 recipients mark your email as spam in Gmail, Google may start blocking your messages. Yahoo has a similar threshold.
Monitor your spam rate in Google Postmaster Tools (free, requires domain verification).
Who is affected?
| Sender type | Impact |
|---|---|
| Bulk senders (5,000+/day to Gmail) | Must comply with all three requirements or face rejection |
| Regular senders (<5,000/day) | SPF or DKIM required (not both). DMARC and one-click unsubscribe strongly recommended. |
| Transactional email only | Authentication required. One-click unsubscribe not required for transactional messages. |
What this means for email forwarding
Email forwarding services face a specific challenge: when an email is forwarded, the SPF check may fail because the forwarding server is not listed in the original sender's SPF record.
Cleanbox handles this with SRS (Sender Rewriting Scheme) for relay addresses — the envelope sender is rewritten so that SPF alignment is maintained through the forwarding hop. For alias delivery via IMAP, SPF is checked at the Cleanbox server level before delivery, so the original authentication results are preserved.
Compliance checklist
- Check your SPF record: does it include all your sending services? Use
nslookup -type=TXT yourdomain.com - Verify DKIM is enabled in your email provider (Google Workspace, Microsoft 365, etc.)
- Publish a DMARC record (start with
p=none, move top=reject) - If you send marketing email: ensure
List-UnsubscribeandList-Unsubscribe-Postheaders are present - Monitor your spam rate in Google Postmaster Tools
- Monitor DMARC reports to catch unauthorized senders
For Cleanbox Relay users: your domain's SPF record should include include:_spf.cleanbox.to to authorize Cleanbox as a forwarding sender. See DNS configuration.
