Releases and Updates

AmaraEllis
by: HubSpot Employee
HubSpot Employee

Google and Yahoo have hired a digital bouncer, but we’re here to help you get on the list!

What were previously considered recommended best practices will now be mandatory for senders to enhance their credibility amidst the epic battle against unsolicited salty processed canned pork emails, aka SPAM. 

 

Starting in February 2024, Google and Yahoo will require senders to implement email authentication alongside other significant policy changes surrounding consent and engagement. Senders who fail to meet these requirements will see their emails delayed, blocked, or directed to spam.  While this may seem sudden, these changes have always been touted as the standard best practices of email deliverability. 

 

With the uptick of spam and abuse, mailbox providers are finding the balance between unauthorized and legitimate mail by fortifying their systems to further protect their users. You may be left wondering ‘What does this mean for me?” But don’t stress! We prepared the following guide to outline what you need to do to meet the new requirements with HubSpot today.

 

There are three primary requirements all HubSpot Marketing and Connected Email users should be aware of: authenticate your emails with SPF, DKIM, and DMARC, enable easy unsubscription, and only send wanted emails by maintaining low spam rates. 

 

1. Email Authentication: Authentication is a methodology that empowers senders to legitimize their sending further. There are three primary methodologies that Gmail and Yahoo will now require - SPF, DKIM, and DMARC. Unauthenticated emails may be bounced with a 5.7.26 error or marked as spam. 

 

Simply configuring your Email Sending Domain doesn't cover all the bases. Verifying that your 'from addresses' are actively using your connected domain and ensuring it’s authenticated with DKIM is crucial. HubSpot already has you covered with SPF if you're sending from our shared swimlanes, and if you're using a dedicated IP for sending our team will be in touch with additional instructions on how to get this properly set-up for your account. When crafting marketing emails, remember the 'Suggestion' prompt that alerts you if you're about to save or send an email without utilizing a connected domain. We also recommend going through your active campaigns to check for this suggestion and update your ‘from address’ accordingly. Here are all the resources you need to ensure you meet the authentication requirements if you are using HubSpot Marketing Email: 

 

1. Set up DKIM by connecting an email sending domain

2.  Add HubSpot to your SPF record if you are using a dedicated IP. If you are using our shared swimlanes for sending, HubSpot already has you covered and no changes are needed.

3. Use a DMARC policy with HubSpot

 

If you are using another product to send emails and have questions about DNS authentication, please contact your Network Administrator or IT team for additional assistance, as these settings are not managed within your HubSpot account. For more information about the importance of email authentication and its impact on your overall deliverability, please check out the following blog post

 

2. Enable Easy Unsubscription: Senders will now need to make unsubscribing from emails as easy as possible. If people don’t want your emails anymore, they shouldn’t have to hunt down the unsubscribe button or send carrier pigeons. 

 

HubSpot is planning an update to the marketing email headers (aka ‘list-unsubscribe’ headers) to meet this new standard. When this is released you may see a spike in unsubscribe rates.

 

Sends from connected email accounts do not automatically include unsubscribe links. To ensure you meet the upcoming requirements, follow this guide to add unsubscribe links to your 1:1 emails

 

3. Ensure You’re Sending Wanted Email: You wouldn’t want a stranger in your house making themselves tea uninvited, so you shouldn’t be sending emails without explicit consent. 

 

Senders with spam complaints consistently averaging 0.3% or more will experience performance issues such as delays, spam foldering, or bounces if not properly addressed. All senders should aim to maintain spam complain levels at 0.1% or less to ensure their emails are successfully handed off for delivery to their contacts' respective mailboxes. 

                                   

Yahoo spam complaints are accounted for within the HubSpot app under the Spam Reports. However, Gmail spam complaints are not tracked within the  HubSpot app, as they use a unique feedbackloop program that protects user privacy by generating aggregated reports by sender or campaign. Senders should instead enroll in Google Postmaster Tools (GPT) to monitor Gmail spam complaints externally.

 

GPT will give you a snapshot of your sending performance with Gmail, including insight into your spam rates, domain reputation, delivery errors, and more. As this is an external program managed outside of HubSpot, please visit the Gmail Help Center for additional assistance with set-up and troubleshooting.


While the 2024 Yahoo and Gmail requirements may seem daunting, remember that HubSpot is here to help ensure you are not alone in the email wilderness! You can comment on this community post with any questions or concerns. In the meantime, check out the official guidelines from Google, and remember, we’re all in this together!

78 Comments
CFlaherty
Member

Thanks for sharing this! Right now HubSpot's unsubscribe function is two clicks. Will this be changing across the board to comply with the newly required "One-Click Unsubscribe" as laid out in the policy update? If so, when will that be happening? Thank you!

danaland
HubSpot Employee
HubSpot Employee

Hi @CFlaherty!

Based upon RFC standard (aka internet 'rule' book), HubSpot's marketing email tool does currently meet one click unsubscribe through what is called "list unsubscribe header." This is a code HubSpot automatically places within the headers of the email. This enables an email client like Yahoo or Gmail to enable a 1 click unsubscribe button in their tool. 

Here is an example from Gmail.
Screenshot 2023-11-21 at 5.21.22 PM.png


If someone uses that link instead of the one in the footer, it requires only one click and they will be unsusbcribed from all.

We will continue to review our subscription process across tools to ensure compliance.

 

fiachra_duffy
HubSpot Employee
HubSpot Employee

Currently HS allows the email footer to have:

  • Unsubscribe button,
  • Manage Preferences button
  • or Both

Will this be changing? What is best practices going forward (a recipient can still unsubscribe from the Manage Preferences page)

Rgonzalez1
Contributor | Diamond Partner
Contributor | Diamond Partner

yes, we have always modified to "manage preferences" please let us know the go forward recommendation

danmoyle
Most Valuable Member | Elite Partner
Most Valuable Member | Elite Partner

Great resources and advice. Thank you @AmaraEllis!  

TAgency39
Member

The one-click unsubscribe requirement is two-fold from Google. You have to have both List-Unsubscribe-Post: List-Unsubscribe=One-Click and List-Unsubscribe: <https://solarmora.com/unsubscribe/example> in the header. I only see List-Unsubscribe in the headers. Is Hubspot planning on adding “List-Unsubscribe-Post: List-Unsubscribe=One-Click” to all headers before the deadline?

CIm3
Member

I'm a bit confused so does Hubspot's Marketing emails already meet the one click unsubscribe requirement? 

Also, what about Sales 1:1 emails? Does Hubspot do anything with that to help with compliance? 

CEberhardt
Member

Hey all! Thanks for this resource. It looks like this advice largely focuses on Marketing Emails. What advice do you have for sequences / sales emails? 

JeffBell
Member | Platinum Partner
Member | Platinum Partner

I just have a question about the authentication. Are all three methods required, will one do, or should we have a combination of some sort?

Rooper
Member

Question: When we say Google will require this, I assume this includes non-Google business domains running through Google Workspace (and not just Gmail accounts)?

MPhelps
Member

Question: we have the "prefer fewer emails from me" unsubcribe enabled in our 1-2-1 emails (sequences) at the bottom after the email signature, but this appears at the end of the email so not very prominant. Will HubSpot be changing this to appear higher up or is this something we can/need to edit to place higher up?  https://knowledge.hubspot.com/email/add-an-unsubscribe-link-to-my-one-to-one-emails  

Kierstin
Contributor | Diamond Partner
Contributor | Diamond Partner

I also worry about the "one-click" rule. We purposefully use "manage preferences" because there are cyber attack detection tools that some large companies use that click every link in an email before it goes to the end user. This has caused some clients to have unsubscribes from people who never meant to unsubscribe and get upset when they stop receiving the communications. How will this be handled if we're forced to include the one click unsubscribe link? 

filipg
Contributor

Isn't this just for the accounts that send more than 5k emails a day?

hroberts
HubSpot Product Team
HubSpot Product Team

@CEberhardt For sales emails, the guidance is the same, but the requirements for all senders do not involve changes managed in HubSpot the way that marketing email does. You should work with your IT team to ensure you have SPF or DKIM authentication set up in your DNS records, and a DMARC policy configured. You should also be reviewing your spam rates in Google Postmaster Tools.

If you are a bulk sender, there are a few more requirements. Note: If you're using the same domain for marketing and sales, it all counts towards that 5,000 email/day consideration, so it's certainly possible to be a bulk sender of sales email if the overall volume of the sending domain is that high. The unsubscribe requirement for bulk senders is the reason we are recommending opting into unsubscribe links for sales emails. It is unclear how strictly Google will hold non-marketing emails to this standard, but reading the most recent FAQs mentioning "commercial" emails means it is likely. One important note is that Google is starting with personal gmail.com recipients, not Google Workspace accounts, so B2C senders might feel the impact of the changes sooner.

Ultimately, Google and Yahoo aren't going to tell us everything, and they are going to continue tightening the requirements as time goes on. Our overall recommendation is to start following all the guidelines you can as quickly as you can. Check Google Postmaster Tools to understand what kind of volume and spam rates you have today. If you're sending close to or over 5k/day, and to a lot of gmail.com recipients, you should strongly consider opting into unsubscribe links for sales email sends.

hroberts
HubSpot Product Team
HubSpot Product Team

@MPhelps The placement of the unsubscribe link below the signature is the standard location and where recipients expect to find it. We don't have any plans to change it at this time.

MarkEdwards
Member

Is there a Hubspot recommended testing resource to check that DKIM, SPF and DMARC are set up correctly?

oyvindwe
Participant

@MarkEdwards You can check DKIM, SPF, and DMARC configuration for your domain using e.g. https://mxtoolbox.com/ 

I find it a bit annoying that the required DKIM record is removed from the HubSpot UI after connceting the domain, so you have to trust the green checkmark on the "Domains & URLs" page. The SPF record is available, so you can compare it with what's registered in DNS.

AmaraEllis
HubSpot Employee
HubSpot Employee

@JeffBell Gmail and Yahoo have stated that all three authentication methods are mandatory. DKIM requires you to connect a valid email-sending domain you own and update DNS records, as outlined in the following KB. You're already covered with SPF, so no changes or actions are necessary there. Lastly, to meet the DMARC requirement, you'll need to publish a DMARC record with a minimum policy of p=none. We suggest starting with a basic policy v=DMARC1; p=none; pct=100;
rua=mailto:youremail@example.com 

It essentially means, "Apply this policy to all my messages, and if it does not pass SPF or DKIM authentication checks, do nothing." This policy is meant to be neutral for those who haven't configured DMARC previously and get comfortable with reading through the XML reports that will be sent for processing. If you need assistance generating a more robust custom policy, there are DMARC-specialized organizations such as DMARCIAN available. 

AmaraEllis
HubSpot Employee
HubSpot Employee

@Rooper Gmail recently updated the email sender guidelines to clearly define these requirements for personal Gmail accounts, meaning those with addresses ending in @gmail.com or @googlemail.com.

JBrenna
HubSpot Product Team
HubSpot Product Team

Regarding 'one click unsubscribe' compliance questions:

 

For marketing emails - HubSpot is planning an update to the marketing email headers (aka ‘list-unsubscribe’ headers) to ensure all marketing emails sent from HubSpot will meet RFC-8058. The new header will automatically be applied to all marketing emails, and I will post here once the new headers are live. You can also look out for this release in the Product Updates section of your portal 

 

For sales emails - The actions required to become compliant are not taken within HubSpot since we simply integrate with your external email account. You will need to work with your IT team to ensure your email authentication is set up properly, and use Google Postmater Tools to check your spam rates. The only thing that may require some action to be taken in HubSpot is if you are a bulk sender who needs to add unsubscribe links. In that case, you should opt into that setting for sales emails.

 

BSchimke
Member

Aside from Google and Yahoo, what about Microsoft/Outlook?  Will changes be needed with these email platforms?

ShiranA
Contributor | Diamond Partner
Contributor | Diamond Partner

Is this something all Hubspot users (or the ones using the Marketing Hub) are going to have to implement?
On the Add Hubspot to SPF record page it says: "As an email service provider, HubSpot already has an SPF policy that covers marketing emails sent through our shared servers." - does that mean I need to take action or not?...

MAdams21
Member

Really helpful information! 

AmaraEllis
HubSpot Employee
HubSpot Employee

@filipg These requirements will apply to all senders with additional technical guidelines when sending to Gmail accounts for large-volume senders, meaning those who send close to or above 5K emails daily. It's also important to note that Yahoo didn't explicitly state their definition of bulk senders like Gmail being those who send 5K emails/day.

The guidelines being presented by Yahoo and Gmail are established sending best practices that every sender should be following today but will be more strictly enforced come February.

AmaraEllis
HubSpot Employee
HubSpot Employee

@MarkEdwards Some recommended tools for checking the formatting of your SPF and DMARC record would include the following:

https://dmarcian.com/dmarc-inspector/

https://dmarcian.com/spf-survey/

 

To check your DKIM records, you can use MXToolbox. Please note that DKIM records are only populated once upon creation and permanently hidden for security purposes.

AmaraEllis
HubSpot Employee
HubSpot Employee

@BSchimke The guidelines presented by Gmail and Yahoo are industry best practices that have existed for quite some time. Microsoft/Outlook and other major mailbox providers may likely follow suit and enforce them more strictly, but they haven't made any formal announcements at this time.

Marie_Sporich
Participant

We don't have a connected domain, we're just using Hubspot as our CRM, with Marketing Hub Starter to be able to send to a few thousand contacts at once. If we don't have a separate domain, do we need to set up any of the 3 authentication methods?

SaraEKinsella
Member

We recently started using one-to-one email campaigns to send videos/emails to our older prospects. After sending roughly 50 emails to Yahoo email users, we started receiving "bounced" notifications. As of now, our Hubspot admin let us know there is no workaround for this. Our Google/Gmail leads seem to have no issue(s).

LThomas71
Participant
That's sad...almost makes me want to define a HubSpot instance policy that no Yahoo emails will ever be utilized on contact profiles.
AmaraEllis
HubSpot Employee
HubSpot Employee

@SaraEKinsella Between 8:00 AM EST on Dec 11 and 12:48 PM EST on Dec 12, 2023, some customers experienced sales email (1:1) delivery issues to Yahoo recipients. As of 12:48 PM EST on Dec 12, newly sent sales emails should be delivered properly. We recommend resending the bounced emails. The incident has been fully resolved, and no data was lost. We apologize for any inconvenience and appreciate your patience as we resolve the issue.

If you're experiencing issues outside of this timeframe, please let me know the bounce error you're seeing. 

AmaraEllis
HubSpot Employee
HubSpot Employee

@ShiranA You do not need to adjust your SPF record if you aren't using a dedicated IP for sending, as these are already configured for senders on our shared swimlanes. If you are using a dedicated IP or plan to in the future, our Deliverability Operations team will reach out for additional instructions to ensure everything is properly connected to your account.

chavlene
Participant

Maybe hubspot can enable us to create a customizable "manage preferences" page 🙂 

esd3104
Member

Does this mean that HubSpot will finally address it's incomplete implementation of SPF and DMARC full alignment for the Return Path? See https://community.hubspot.com/t5/HubSpot-Ideas/Define-custom-Return-Path-without-a-dedicated-IP/idi-...

For those of us that have properly implemented DMARC and would like to have strict implementation we can't because of HubSpot's inability to properly deal with SPF return paths requires DMARC to be defined as relaxed.

Rgonzalez1
Contributor | Diamond Partner
Contributor | Diamond Partner

What @esd3104 said. This is 100% correct and has been a source of confusion and frustration. 

 

---------------

Rgonzalez1_0-1703024458373.png

 

Does this mean that HubSpot will finally address it's incomplete implementation of SPF and DMARC full alignment for the Return Path? See https://community.hubspot.com/t5/HubSpot-Ideas/Define-custom-Return-Path-without-a-dedicated-IP/idi-...

For those of us that have properly implemented DMARC and would like to have strict implementation we can't because of HubSpot's inability to properly deal with SPF return paths requires DMARC to be defined as relaxed.

DLloyd1
Member

😊Thanks for the heads up! The Google email sender guidelines mentioned brings up two questions though:

 

  1. At one point it says DKIM or SPF then it later says they must both be configured (and aligned). Some clarification will assist for those of us who need to communicate to IT and ensure requirements are met.

  2. The guidelines mentions avoiding sending emails in bursts (or risk delivery issues). Is HubSpot going to introduce throttling for single bulk send mails like newsletters?
LThomas71
Participant
Great suggestion on the "throttling" of emails!
laurabren
Contributor

I've added comments linking back to this announcement on several product suggestions/"ideas" posts, including two with larger numbers of upvotes. I would suggest everyone here do the same!

 

https://community.hubspot.com/t5/HubSpot-Ideas/Make-Throttling-Available-for-Email-Newsletter-Sends/...

https://community.hubspot.com/t5/HubSpot-Ideas/Staggering-Email-Sends-scheduling-or-through-workflow... 

AmaraEllis
HubSpot Employee
HubSpot Employee

@DLloyd1 Gmail and Yahoo are constantly updating their guidelines as we get closer to the February deadline for when these requirements will be enforced more strictly, which is why you'll likely see changes in their email sender guidelines over the next few months (Gmail and Yahoo). 

 

DKIM is configured for your sending domain and would need DNS changes as outlined in our Knowledge Base, whereas RFC 5321 states that SPF is primarily checked against the MAIL-FROM domain (also referenced as the bounce or return-path domain). If you're sending from the shared swimlanes, no modifications are needed with your IT team, as this is already set for you. On the other hand, if you're sending with a dedicated IP, our Deliverability Operations team will reach out with any DNS adjustments to be made along with the corresponding records. They will also send you an alert if DNS errors are detected that may affect your sending and follow up with multiple warnings. 

 

Lastly, our systems are designed to send in a round-robin fashion, based on the volume and frequency of your sending, and to properly load balance to ensure your emails are sent in a timely fashion. You must also keep in mind that how quickly a mailbox provider accepts messages for delivery can vary based on the sending practices followed and reputation on the respective platform. However, I understand your concerns and will review this with our internal teams for further consideration in improving our systems. 

AJenkinson
Member

Just to clarify, the unsubcribe link we currently have at the footer of our emails will still comply when the changes come into place in February? Or does this have to be amended? If so what amendments do we need to make? Thanks 

JBrenna
HubSpot Product Team
HubSpot Product Team

I wanted to clarify that alignment with your return path is not a requirement to pass the new Google/Yahoo requirements. If you are interested in gaining full alignment, our dedicated IP offering will continue to be your best option. Learn more about this here. We are aware of the demand for full alignment on the shared network, and would encourage folks to continue upvoting and leaving comments on the idea forum as this helps us evaluate demand when we are prioritizing product improvements. cc: @Rgonzalez1 @esd3104 

esd3104
Member
Thanks, but not really practical for small businesses/small non profits such as I represent – it’s $300 a month on top of a Pro or Enterprise plan from what I can see. Other email service providers handle this with a simple CNAME record in DNS, the same as you do for DKIM, to set the Custom Return Path for SPF alignment with DMARC. ActiveCampaign/Postmark is one example and it doesn’t cost anything to do it either! 😉 Google and Yahoo may not be doing it yet, but its only a matter of time until they do given the junk mail epidemic isn’t going away. Since sending email is such a big element of the HubSpot service, it’s just surprising your only way to support it is a very expensive dedicated IP address.
souravghosh
Member

How to implement these changes as a FREE Hubspot CRM/Inbox user?

All the Hubspot guidelines linked mentions the requirements of having a Hubspot Paid Subscription for setting up these. 

NLaine
Member

Right now, our DKIM reports an issue as we use "policy=none". This begs the question if this will be an issue? Does anyone have any insight re this? Very much appreciated!

AmaraEllis
HubSpot Employee
HubSpot Employee

@NLaine Additional information would be needed to fully assess why you may have authentication issues with a DMARC policy of P=none. Please submit a support ticket for assistance, including your email sending domain, full DMARC policy, and where exactly you're seeing errors reported.

AmaraEllis
HubSpot Employee
HubSpot Employee

@souravghosh To properly meet the Gmail-Yahoo requirements, especially sending from an authenticated sending domain, you must have a paid HubSpot subscription at this time, as outlined in our knowledge base articles.

 

MLawhon
Member

We only use the meeting scheduler feature in hubspot. Are we still required to do all the updates for spam?

GarvitBafna
Member

@AmaraEllis Thank you for the detailed write-up and for guiding us through this process! I have setup all the three steps you recommended DKIM, SPF and DMARC. Once the DMARC record is published, do we need to change the p=none to p=reject? How long to wait before making that change? When I go to dmarcian to check all these records, it is unable to find the DKIM record associated with our domain. Our domain is startwithrex.com, and it is configured as the email-sending domain in Hubspot. Looking forward to your reply. Thanks! 

AmaraEllis
HubSpot Employee
HubSpot Employee

@GarvitBafna I recommend working with a DMARC-specialized organization such as DMARCIAN to implement a policy best suited to your needs, especially if you want to use a P=Reject policy, as you'll need to monitor the DMARC reports that come in. If you have authentication concerns around your HubSpot connected email sending domain, please submit a support ticket for additional assistance.

MRamirez25
Member

@AmaraEllis How do I ensure marketing (or sales) emails have the `List-Unsubscribe-Post` header? 
I only see `List-Unsubscribe` in the headers from a marketing email I had a coworker send to me through hubspot. 
@JBrenna mentioned that list-unsubscribe would be added for one click unsubscribe compliance but google mentions BOTH List-Unsubscribe AND List-Unsubscribe-Post being required. Is this feature coming before the deadline or is there some action I need to take somwhere? 


Source (https://support.google.com/mail/answer/81126?hl=en)) : 
From the Google Sending Guidlines:

To set up one-click unsubscribe, include both of these headers in outgoing messages:

PStelling
Participant

Stupid question #1:
Does it only apply to recipients with Gmail or Yahoo mail accounts?

We're in B2B and only send mails to corporate domains (never hotmail/gmail etc.)