Google and Yahoo have hired a digital bouncer, but we’re here to help you get on the list!
What were previously considered recommended best practices will now be mandatory for senders to enhance their credibility amidst the epic battle against unsolicited salty processed canned pork emails, aka SPAM.
Starting in February 2024, Google and Yahoo will require senders to implement email authentication alongside other significant policy changes surrounding consent and engagement. Senders who fail to meet these requirements will see their emails delayed, blocked, or directed to spam. While this may seem sudden, these changes have always been touted as the standard best practices of email deliverability.
With the uptick of spam and abuse, mailbox providers are finding the balance between unauthorized and legitimate mail by fortifying their systems to further protect their users. You may be left wondering ‘What does this mean for me?” But don’t stress!We prepared the following guide to outline what you need to do to meet the new requirements with HubSpot today.
There are three primary requirements all HubSpot Marketing and Connected Email users should be aware of: authenticate your emails with SPF, DKIM, and DMARC, enable easy unsubscription, and only send wanted emails by maintaining low spam rates.
1. Email Authentication:Authentication is a methodology that empowers senders to legitimize their sending further. There are three primary methodologies that Gmail and Yahoo will now require - SPF, DKIM, and DMARC. Unauthenticated emails may be bounced with a 5.7.26 error or marked as spam.
Simply configuring your Email Sending Domain doesn't cover all the bases. Verifying that your 'from addresses' are actively using your connected domain and ensuring it’s authenticated with DKIM is crucial. HubSpot already has you covered with SPF if you're sending from our shared swimlanes, and if you're using a dedicated IP for sending our team will be in touch with additional instructions on how to get this properly set-up for your account. When crafting marketing emails, remember the 'Suggestion' prompt that alerts you if you're about to save or send an email without utilizing a connected domain. We also recommend going through your active campaigns to check for this suggestion and update your ‘from address’ accordingly. Here are all the resources you need to ensure you meet the authentication requirements if you are using HubSpot Marketing Email:
2. Add HubSpot to your SPF record if you are using a dedicated IP. If you are using our shared swimlanes for sending, HubSpot already has you covered and no changes are needed.
If you are using another product to send emails and have questions about DNS authentication, please contact your Network Administrator or IT team for additional assistance, as these settings are not managed within your HubSpot account. For more information about the importance of email authentication and its impact on your overall deliverability, please check out the following blog post.
2. Enable Easy Unsubscription: Senders will now need to make unsubscribing from emails as easy as possible. If people don’t want your emails anymore, they shouldn’t have to hunt down the unsubscribe button or send carrier pigeons.
HubSpot is planning an update to the marketing email headers (aka ‘list-unsubscribe’ headers) to meet this new standard. When this is released you may see a spike in unsubscribe rates.
Sends from connected email accounts do not automatically include unsubscribe links. To ensure you meet the upcoming requirements, follow this guide to add unsubscribe links to your 1:1 emails.
3. Ensure You’re Sending Wanted Email: You wouldn’t want a stranger in your house making themselves tea uninvited, so you shouldn’t be sending emails without explicit consent.
Senders with spam complaints consistently averaging 0.3% or more will experience performance issues such as delays, spam foldering, or bounces if not properly addressed. All senders should aim to maintain spam complain levels at 0.1% or less to ensure their emails are successfully handed off for delivery to their contacts' respective mailboxes.
Yahoo spam complaints are accounted for within the HubSpot app under the Spam Reports. However, Gmail spam complaints are not tracked within the HubSpot app, as they use a unique feedbackloop program that protects user privacy by generating aggregated reports by sender or campaign. Senders should instead enroll in Google Postmaster Tools (GPT) to monitor Gmail spam complaints externally.
GPT will give you a snapshot of your sending performance with Gmail, including insight into your spam rates, domain reputation, delivery errors, and more. As this is an external program managed outside of HubSpot, please visit the Gmail Help Center for additional assistance with set-up and troubleshooting.
While the 2024 Yahoo and Gmail requirements may seem daunting, remember that HubSpot is here to help ensure you are not alone in the email wilderness! You can comment on this community post with any questions or concerns. In the meantime, check out the official guidelines from Google, and remember, we’re all in this together!
@AmaraEllis We don't have any specific DMARC policy that we want to implement. We only want to respond to the updates from Google and Yahoo and do what is needed and not anything more. I asked you about p=none to p=reject because I see the DMARC record is published, but the policy is not enabled. (I've used the mxtoolbox.com website to check DMARC records).
So my question is, for this particular update, do we need a p=reject in the DMARC records, or will p=none be enough for these new changes from Yahoo and Google?
I am not a dev ops engineer, so please excuse me if I am asking redundant or stupid questions. Thank you!
@PStelling As of today these requirements are specifically for gmail/yahoo mail accounts. That said, we would still recommend compliance as these are best practices and this could change in the future.
@MRamirez25 - Yes, our solution will cover both list-unsubscribe and list-unsubscribe-post. These updates are actively being worked on and I will post here with an update on release as soon as possible.
Regarding your question > So my question is, for this particular update, do we need a p=reject in the DMARC records, or will p=none be enough for these new changes from Yahoo and Google?
The sender guidelines mention this explicitly (source )
Set up DMARC email authentication for your sending domain. Your DMARCenforcement policycan be set tonone.Learn more
So you can have it set to none and over time increase the strictness as you ensure you have SPF DKIM enabled and running on your configured sending domains.
I would like to ensure I am setting up DMARC correctly and have no experience. I put this on our corporate domain and it seems like it is going okay and checked out everywhere. Does hubspot agree this is a good standard record and can hubspot give everyone this record in the documentation for dummies so we know what to do?
Per Google and Yahoo guidelines, this only applies to users who send 5000 or more emails a day to either inbox.. I'm assuming if we are under this number, we do not need to setup the DMARC policy? Or is this something required by HubSpot?
@PStelling There are absolutely no stupid questions! The world of email can get very complex, and we're here to ensure we can guide our customers in the best way possible.
The guidelines Yahoo and Gmail have published are best practices that apply to all mailbox providers: sending with an authenticated email domain to recipients with confirmed opt-in, maintaining spam complaints below 0.1%–0.3%, and allowing for easy unsubscribes. Here is a more comprehensive list of common best practices MBPs expect all senders to follow, which is written by the global authority on anti-spam and abuse, the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG).
@Rgonzalez1 Here is our updated documentation that outlines the recommended DMARC policy to implement on your email-sending domain. As noted in the article, the policy you've shared is in line with Gmail and Yahoo's expectations for a properly authenticated domain.
@TTickle The DMARC authentication requirements apply to all senders, regardless of daily volume. There are no exceptions, as noted in Google and Yahoo's respective FAQ pages.
I'm struggling to figure out what actions actually need to be taken here. Can someone please confirm these things:
As long as my email sending domain is connected, the DKIM is taken care of by HubSpot, and there is no action needed on my end.
I will need to add an SPF to my DNS records.
In December, Google added a requirement that all senders use a TLS connection for transmitting email. Exactly what actions do I need to take to ensure this is in place?
I have read Google and Yahoo's requirements multiple times, and on both sites, DMARC setup is only listed as a requirement for bulk senders. Am I missing something here?
@caitlink I don't know about the TLS requirement, but I know that everyone needs to set up DMARC. The info on Google's page does mention that everyone needs to set up DMARC.
Hey folks - A quick update from the Email Product Team here at HubSpot.
One Click Unsubscribe - We are starting the rollout today and it will be fully rolled out before February. As we have mentioned before, these changes will be automatically applied to all promotional emails sending out of HubSpot. It will not be visible to you as the customer, but moving forward recipients will have an 'unsubscribe' link in the header of their emails. Please note that the way this appears to recipients is dependent on the email provider and we will not be able to provide a detailed list for all providers.
Email Variable Domains - Moving forward we will be appending a variable domain to all emails that are sending with a from-address that does not have DKIM configured. For MH-Starter+ you can configure your email authentication by navigating to Settings -> Websites -> Domains & URLs -> Connect a Domain -> Email Sending. Moving forward we can ensure MH-Free customer emails are properly authenticated through the variable domain process. You should have received a Product Notification email about this change earlier today.
My HubSpot Partner Marketing Agency actually put a blog out about this to alert our clients of this change - anything with Google you don't really want to be left behind in. https://www.weidert.com/blog/email-authentication
@JBrenna Thanks for the update! For the One-Click Unsubscribe: If a HubSpot portal has set up multiple subscriptions, will a contact unenroll from ALL subscription types when they hit that unsubscribe in the header?
Is there a solution to only opt out of a single subscription type, or do the Google/Yahoo sender guidelines require the unsubscribe list header to unsubscribe from all communications?
We added the necessary SPF record and immediately began having issues emailing to Yahoo and AOL domains from our domain. When we deleted the record those messages began flowing.
GoDaddy only allows 1 SPF record for the domain, anymore than that causes issues, and we have Microsoft Exchange SPF record added already. Is it possible to add the hubspot SPF record into this existing record? How do we get around this issue?
OK, just one thing I'm unclear on ... Thanks to HubSpot, we have the one-click unsubscribe implemented for all of our marketing emails. Does the one-click unsubscribe also need to be implemented for order confirmation/shipping confirmation emails that we don't send through HubSpot?
@PStelling There are absolutely no stupid questions! As I've mentioned previously, the email world is very complex and nuanced, which is why we're here to help as much as possible!
When large MBPs like Gmail and Yahoo also start enforcing or making changes, others in the industry tend to follow suit. The requirements Gmail and Yahoo have outlined also apply to all mailbox providers (MBP). They are not new guidelines being implemented and are going from nice-to-have to must-have requirements for optimal deliverability. The end goal for MBPs is to ensure that all incoming mail is authenticated and that the recipient truly wants to receive it.
@TTickle We would need to know which domain you're having issues with and the exact errors being populated by Yahoo and AOL to properly troubleshoot. Please submit a ticket through the HS portal, and a member of our support team will be able to assist you further.
I am trying to verify an email sending domain but we already have an SPF record set since we're using google workspace to send the domain's non-marketing emails. What is the workaround for this? Do I need to use a different domain to authenticate marketing emails being sent from hubspot?
@ChristinaMM - The links added from our 'one click unsub' header will only unsubscribe the recipient from the subscription type used for the sent email not from all subscriptio types.
@moxietonicThis may help you. You don't need to use a different domain. Merge your various email senders in a single SPF record. This doesn't seem to be mentioned in the HubSpot docs I was going by including this post.
Following the guide above, I was led to a point where HubSpot offered to automate the update by connecting with our webhost. The automation tool was more of a DNS verifier than an actual updater.
In our case:
using Google Workspace as email host, provider, and sender
using Hubspot as a secondary email sender
no prior/existing SPF record in DNS for domain
updated the SPF record to HubSpot's recommended value
emails sent from GMail started bouncing to some domains and flagged as authentication issue by others
turns out that the SPF record needed to include both HubSpot's value and Google's value (even though it worked without being there before for Google)
This note would be more helpful if updated to say: Please note: if you also send emails via another email provider besides HubSpot, you may already have an existing SPF record set up in your DNS provider. Only one SPF entry can be specified in a domain's DNS record, but that single SPF entry can include multiple email providers. Check with your IT administrator if you need help adding HubSpot's SPF record, or you can use a third-party consulting service.
@ChristinaMM - The links added from our 'one click unsub' header will only unsubscribe the recipient from the subscription type used for the sent email not from all subscriptio types.
Hey folks! I wanted to share all the new resources available to help you understand and manage your email sending at HubSpot. Please continue using this blog post as a space to ask questions, but know that the most complete/updated information on these topics will be covered in the articles below.
Understanding email sending in Hubspot - Learn about how the various email tools in HubSpot work to better understand how your emails are sending on the backend.
Overview of email authentication - Deep dive into the different components of email authentication - DKIM, SPF, DMARC - to better understand how these systems work and why configuration is important.
@danaland I'm aware your reply is from November 2023, but I have a question about this:
If someone uses that link instead of the one in the footer, it requires only one click and they will be unsusbcribed from all.
When I just tested this to verify, the contact was unsubscribed from the subscription type chosen for the marketing email, not unsubscribed from all email. Could you confirm what's expected behavior here? cc @JBrenna
@karstenkoehler - The one click unsubscribe will only unsubscribe the recipient from the subscription type used to send that particular email. This was an improvement we made on this feature after hearing customer feedback about the 'unsub all' functionality.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.