Google and Yahoo have hired a digital bouncer, but we’re here to help you get on the list!
What were previously considered recommended best practices will now be mandatory for senders to enhance their credibility amidst the epic battle against unsolicited salty processed canned pork emails, aka SPAM.
Starting in February 2024, Google and Yahoo will require senders to implement email authentication alongside other significant policy changes surrounding consent and engagement. Senders who fail to meet these requirements will see their emails delayed, blocked, or directed to spam. While this may seem sudden, these changes have always been touted as the standard best practices of email deliverability.
With the uptick of spam and abuse, mailbox providers are finding the balance between unauthorized and legitimate mail by fortifying their systems to further protect their users. You may be left wondering ‘What does this mean for me?” But don’t stress!We prepared the following guide to outline what you need to do to meet the new requirements with HubSpot today.
There are three primary requirements all HubSpot Marketing and Connected Email users should be aware of: authenticate your emails with SPF, DKIM, and DMARC, enable easy unsubscription, and only send wanted emails by maintaining low spam rates.
1. Email Authentication:Authentication is a methodology that empowers senders to legitimize their sending further. There are three primary methodologies that Gmail and Yahoo will now require - SPF, DKIM, and DMARC. Unauthenticated emails may be bounced with a 5.7.26 error or marked as spam.
Simply configuring your Email Sending Domain doesn't cover all the bases. Verifying that your 'from addresses' are actively using your connected domain and ensuring it’s authenticated with DKIM is crucial. HubSpot already has you covered with SPF if you're sending from our shared swimlanes, and if you're using a dedicated IP for sending our team will be in touch with additional instructions on how to get this properly set-up for your account. When crafting marketing emails, remember the 'Suggestion' prompt that alerts you if you're about to save or send an email without utilizing a connected domain. We also recommend going through your active campaigns to check for this suggestion and update your ‘from address’ accordingly. Here are all the resources you need to ensure you meet the authentication requirements if you are using HubSpot Marketing Email:
2. Add HubSpot to your SPF record if you are using a dedicated IP. If you are using our shared swimlanes for sending, HubSpot already has you covered and no changes are needed.
If you are using another product to send emails and have questions about DNS authentication, please contact your Network Administrator or IT team for additional assistance, as these settings are not managed within your HubSpot account. For more information about the importance of email authentication and its impact on your overall deliverability, please check out the following blog post.
2. Enable Easy Unsubscription: Senders will now need to make unsubscribing from emails as easy as possible. If people don’t want your emails anymore, they shouldn’t have to hunt down the unsubscribe button or send carrier pigeons.
HubSpot is planning an update to the marketing email headers (aka ‘list-unsubscribe’ headers) to meet this new standard. When this is released you may see a spike in unsubscribe rates.
Sends from connected email accounts do not automatically include unsubscribe links. To ensure you meet the upcoming requirements, follow this guide to add unsubscribe links to your 1:1 emails.
3. Ensure You’re Sending Wanted Email: You wouldn’t want a stranger in your house making themselves tea uninvited, so you shouldn’t be sending emails without explicit consent.
Senders with spam complaints consistently averaging 0.3% or more will experience performance issues such as delays, spam foldering, or bounces if not properly addressed. All senders should aim to maintain spam complain levels at 0.1% or less to ensure their emails are successfully handed off for delivery to their contacts' respective mailboxes.
Yahoo spam complaints are accounted for within the HubSpot app under the Spam Reports. However, Gmail spam complaints are not tracked within the HubSpot app, as they use a unique feedbackloop program that protects user privacy by generating aggregated reports by sender or campaign. Senders should instead enroll in Google Postmaster Tools (GPT) to monitor Gmail spam complaints externally.
GPT will give you a snapshot of your sending performance with Gmail, including insight into your spam rates, domain reputation, delivery errors, and more. As this is an external program managed outside of HubSpot, please visit the Gmail Help Center for additional assistance with set-up and troubleshooting.
While the 2024 Yahoo and Gmail requirements may seem daunting, remember that HubSpot is here to help ensure you are not alone in the email wilderness! You can comment on this community post with any questions or concerns. In the meantime, check out the official guidelines from Google, and remember, we’re all in this together!
Thanks for sharing this! Right now HubSpot's unsubscribe function is two clicks. Will this be changing across the board to comply with the newly required "One-Click Unsubscribe" as laid out in the policy update? If so, when will that be happening? Thank you!
Based upon RFC standard (aka internet 'rule' book), HubSpot's marketing email tool does currently meet one click unsubscribe through what is called "list unsubscribe header." This is a code HubSpot automatically places within the headers of the email. This enables an email client like Yahoo or Gmail to enable a 1 click unsubscribe button in their tool.
Here is an example from Gmail.
If someone uses that link instead of the one in the footer, it requires only one click and they will be unsusbcribed from all.
We will continue to review our subscription process across tools to ensure compliance.
The one-click unsubscribe requirement is two-fold from Google. You have to have both List-Unsubscribe-Post: List-Unsubscribe=One-Click and List-Unsubscribe: <https://solarmora.com/unsubscribe/example> in the header. I only see List-Unsubscribe in the headers. Is Hubspot planning on adding “List-Unsubscribe-Post: List-Unsubscribe=One-Click” to all headers before the deadline?
Hey all! Thanks for this resource. It looks like this advice largely focuses on Marketing Emails. What advice do you have for sequences / sales emails?
Question: When we say Google will require this, I assume this includes non-Google business domains running through Google Workspace (and not just Gmail accounts)?
Question: we have the "prefer fewer emails from me" unsubcribe enabled in our 1-2-1 emails (sequences) at the bottom after the email signature, but this appears at the end of the email so not very prominant. Will HubSpot be changing this to appear higher up or is this something we can/need to edit to place higher up? https://knowledge.hubspot.com/email/add-an-unsubscribe-link-to-my-one-to-one-emails
I also worry about the "one-click" rule. We purposefully use "manage preferences" because there are cyber attack detection tools that some large companies use that click every link in an email before it goes to the end user. This has caused some clients to have unsubscribes from people who never meant to unsubscribe and get upset when they stop receiving the communications. How will this be handled if we're forced to include the one click unsubscribe link?
@CEberhardtFor sales emails, the guidance is the same, but the requirements for all senders do not involve changes managed in HubSpot the way that marketing email does. You should work with your IT team to ensure you have SPF or DKIM authentication set up in your DNS records, and a DMARC policy configured. You should also be reviewing your spam rates in Google Postmaster Tools.
If you are a bulk sender, there are a few more requirements. Note: If you're using the same domain for marketing and sales, it all counts towards that 5,000 email/day consideration, so it's certainly possible to be a bulk sender of sales email if the overall volume of the sending domain is that high. The unsubscribe requirement for bulk senders is the reason we are recommending opting into unsubscribe links for sales emails. It is unclear how strictly Google will hold non-marketing emails to this standard, but reading the most recent FAQs mentioning "commercial" emails means it is likely. One important note is that Google is starting with personal gmail.com recipients, not Google Workspace accounts, so B2C senders might feel the impact of the changes sooner.
Ultimately, Google and Yahoo aren't going to tell us everything, and they are going to continue tightening the requirements as time goes on. Our overall recommendation is to start following all the guidelines you can as quickly as you can. Check Google Postmaster Tools to understand what kind of volume and spam rates you have today. If you're sending close to or over 5k/day, and to a lot of gmail.com recipients, you should strongly consider opting into unsubscribe links for sales email sends.
@MPhelpsThe placement of the unsubscribe link below the signature is the standard location and where recipients expect to find it. We don't have any plans to change it at this time.
I find it a bit annoying that the required DKIM record is removed from the HubSpot UI after connceting the domain, so you have to trust the green checkmark on the "Domains & URLs" page. The SPF record is available, so you can compare it with what's registered in DNS.
@JeffBellGmail and Yahoo have stated that all three authentication methods are mandatory. DKIM requires you to connect a valid email-sending domain you own and update DNS records, as outlined in the following KB. You're already covered with SPF, so no changes or actions are necessary there. Lastly, to meet the DMARC requirement, you'll need to publish a DMARC record with a minimum policy of p=none. We suggest starting with a basic policy v=DMARC1; p=none; pct=100; rua=mailto:youremail@example.com
It essentially means, "Apply this policy to all my messages, and if it does not pass SPF or DKIM authentication checks, do nothing." This policy is meant to be neutral for those who haven't configured DMARC previously and get comfortable with reading through the XML reports that will be sent for processing. If you need assistance generating a more robust custom policy, there are DMARC-specialized organizations such as DMARCIAN available.
@RooperGmail recently updated the email sender guidelines to clearly define these requirements for personal Gmail accounts, meaning those with addresses ending in @gmail.com or @googlemail.com.
For marketing emails - HubSpot is planning an update to the marketing email headers (aka ‘list-unsubscribe’ headers) to ensure all marketing emails sent from HubSpot will meet RFC-8058. The new header will automatically be applied to all marketing emails, and I will post here once the new headers are live. You can also look out for this release in the Product Updates section of your portal
For sales emails - The actions required to become compliant are not taken within HubSpot since we simply integrate with your external email account. You will need to work with your IT team to ensure your email authentication is set up properly, and use Google Postmater Tools to check your spam rates. The only thing that may require some action to be taken in HubSpot is if you are a bulk sender who needs to add unsubscribe links. In that case, you should opt into that setting for sales emails.
Is this something all Hubspot users (or the ones using the Marketing Hub) are going to have to implement? On the Add Hubspot to SPF record page it says: "As an email service provider, HubSpot already has an SPF policy that covers marketing emails sent through our shared servers." - does that mean I need to take action or not?...
The guidelines being presented by Yahoo and Gmail are established sending best practices that every sender should be following today but will be more strictly enforced come February.
To check your DKIM records, you can use MXToolbox. Please note that DKIM records are only populated once upon creation and permanently hidden for security purposes.
@BSchimkeThe guidelines presented by Gmail and Yahoo are industry best practices that have existed for quite some time. Microsoft/Outlook and other major mailbox providers may likely follow suit and enforce them more strictly, but they haven't made any formal announcements at this time.
We don't have a connected domain, we're just using Hubspot as our CRM, with Marketing Hub Starter to be able to send to a few thousand contacts at once. If we don't have a separate domain, do we need to set up any of the 3 authentication methods?
We recently started using one-to-one email campaigns to send videos/emails to our older prospects. After sending roughly 50 emails to Yahoo email users, we started receiving "bounced" notifications. As of now, our Hubspot admin let us know there is no workaround for this. Our Google/Gmail leads seem to have no issue(s).
@SaraEKinsellaBetween 8:00 AM EST on Dec 11 and 12:48 PM EST on Dec 12, 2023, some customers experienced sales email (1:1) delivery issues to Yahoo recipients. As of 12:48 PM EST on Dec 12, newly sent sales emails should be delivered properly. We recommend resending the bounced emails. The incident has been fully resolved, and no data was lost. We apologize for any inconvenience and appreciate your patience as we resolve the issue.
If you're experiencing issues outside of this timeframe, please let me know the bounce error you're seeing.
@ShiranA You do not need to adjust your SPF record if you aren't using a dedicated IP for sending, as these are already configured for senders on our shared swimlanes. If you are using a dedicated IP or plan to in the future, our Deliverability Operations team will reach out for additional instructions to ensure everything is properly connected to your account.
For those of us that have properly implemented DMARC and would like to have strict implementation we can't because of HubSpot's inability to properly deal with SPF return paths requires DMARC to be defined as relaxed.
For those of us that have properly implemented DMARC and would like to have strict implementation we can't because of HubSpot's inability to properly deal with SPF return paths requires DMARC to be defined as relaxed.
😊Thanks for the heads up! The Google email sender guidelines mentioned brings up two questions though:
At one point it says DKIM or SPF then it later says they must both be configured (and aligned). Some clarification will assist for those of us who need to communicate to IT and ensure requirements are met.
The guidelines mentions avoiding sending emails in bursts (or risk delivery issues). Is HubSpot going to introduce throttling for single bulk send mails like newsletters?
I've added comments linking back to this announcement on several product suggestions/"ideas" posts, including two with larger numbers of upvotes. I would suggest everyone here do the same!
@DLloyd1 Gmail and Yahoo are constantly updating their guidelines as we get closer to the February deadline for when these requirements will be enforced more strictly, which is why you'll likely see changes in their email sender guidelines over the next few months (Gmail and Yahoo).
DKIM is configured for your sending domain and would need DNS changes as outlined in our Knowledge Base, whereas RFC 5321 states that SPF is primarily checked against the MAIL-FROM domain (also referenced as the bounce or return-path domain). If you're sending from the shared swimlanes, no modifications are needed with your IT team, as this is already set for you. On the other hand, if you're sending with a dedicated IP, our Deliverability Operations team will reach out with any DNS adjustments to be made along with the corresponding records. They will also send you an alert if DNS errors are detected that may affect your sending and follow up with multiple warnings.
Lastly, our systems are designed to send in a round-robin fashion, based on the volume and frequency of your sending, and to properly load balance to ensure your emails are sent in a timely fashion. You must also keep in mind that how quickly a mailbox provider accepts messages for delivery can vary based on the sending practices followed and reputation on the respective platform. However, I understand your concerns and will review this with our internal teams for further consideration in improving our systems.
Just to clarify, the unsubcribe link we currently have at the footer of our emails will still comply when the changes come into place in February? Or does this have to be amended? If so what amendments do we need to make? Thanks
I wanted to clarify that alignment with your return path is not a requirement to pass the new Google/Yahoo requirements. If you are interested in gaining full alignment, our dedicated IP offering will continue to be your best option. Learn more about this here. We are aware of the demand for full alignment on the shared network, and would encourage folks to continue upvoting and leaving comments on the idea forum as this helps us evaluate demand when we are prioritizing product improvements. cc: @Rgonzalez1@esd3104
Thanks, but not really practical for small businesses/small non profits such as I represent – it’s $300 a month on top of a Pro or Enterprise plan from what I can see. Other email service providers handle this with a simple CNAME record in DNS, the same as you do for DKIM, to set the Custom Return Path for SPF alignment with DMARC. ActiveCampaign/Postmark is one example and it doesn’t cost anything to do it either! 😉 Google and Yahoo may not be doing it yet, but its only a matter of time until they do given the junk mail epidemic isn’t going away. Since sending email is such a big element of the HubSpot service, it’s just surprising your only way to support it is a very expensive dedicated IP address.
Right now, our DKIM reports an issue as we use "policy=none". This begs the question if this will be an issue? Does anyone have any insight re this? Very much appreciated!
@NLaine Additional information would be needed to fully assess why you may have authentication issues with a DMARC policy of P=none. Please submit a support ticket for assistance, including your email sending domain, full DMARC policy, and where exactly you're seeing errors reported.
@AmaraEllis Thank you for the detailed write-up and for guiding us through this process! I have setup all the three steps you recommended DKIM, SPF and DMARC. Once the DMARC record is published, do we need to change the p=none to p=reject? How long to wait before making that change? When I go to dmarcian to check all these records, it is unable to find the DKIM record associated with our domain. Our domain is startwithrex.com, and it is configured as the email-sending domain in Hubspot. Looking forward to your reply. Thanks!
@GarvitBafna I recommend working with a DMARC-specialized organization such as DMARCIAN to implement a policy best suited to your needs, especially if you want to use a P=Reject policy, as you'll need to monitor the DMARC reports that come in. If you have authentication concerns around your HubSpot connected email sending domain, please submit a support ticket for additional assistance.
@AmaraEllis How do I ensure marketing (or sales) emails have the `List-Unsubscribe-Post` header? I only see `List-Unsubscribe` in the headers from a marketing email I had a coworker send to me through hubspot. @JBrenna mentioned that list-unsubscribe would be added for one click unsubscribe compliance but google mentions BOTH List-Unsubscribe AND List-Unsubscribe-Post being required. Is this feature coming before the deadline or is there some action I need to take somwhere?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.