• by Ray Schultz , Columnist, March 21, 2024

Bulk email senders are running out of time to comply with the new rules from Gmail and Yahoo Mail. But they shouldn’t view them as a punitive exercise.

“We want to create a better environment and ecosystem for senders and users alike,” said Marcel Becker, senior director, product management at Yahoo, speaking at Beyond the Basics: An Email Requirements Roundtable with Google, Yahoo and Valimail, a webinar presented by Valimail on Thursday, moderated by Warren Duff from Valimail.    

Why now?

“The amount of threats is increasing, and with GenAI it will continue to accelerate,” said Neil Kumaran, product lead at Google. “This is a good opportunity to leverage great standards to increase people’s safety and also achieve clarity over the ecosystem.”

To recap, Gmail and Yahoo Mail now require that bulk senders authenticate their emails. 

 “When you don’t authenticate, anyone can send email as you,” said Seth Blank, chief technology officer, Valimail. “There has been an enormous acceleration in spam and phishing since Covid started.”

Why focus on bulk senders?

“To us, a bulk sender is someone who sends a lot of email, and perhaps the same copy to multiple people,” Kumaran explained. “There are two reasons: A., they are larger targets of impersonation. B., Large senders are also potential servers of spam. We’re (starting with) that portion of the mailstream, but these are best practices for everyone.” 

Indeed, smaller senders shouldn’t think, “Nobody’s using this for phishing, I’m not important,” Becker said. ”If you’re not protecting your domain, someone will abuse it.”  

And don't forget that senders must have an unsubscribe button by April 1 and promptly honor all opt-out requests. 

Nobody denies that the spam problem is critical. 

“To put in perspective, there’s not just a little spam out there,” Kumaran said. “It’s the opposite: Most emails are spam, it could be 90% of all email attempts: they are garbage. Identifying the 10% which are actually good, which our viewers want, can let you in.”

What should people know about the tools—namely, DKIM (DomainKeys Identified Mail), SPF (sender policy framework) and the self-protective device DMARC (domain-based message authentication, reporting, and conformance)?

“Each piece of the requirements exists for a reason,” Kumaran said. “Nothing is a panacea, but together they’re straightforward, based on open standards. Many senders do them already.”

What’s the takeaway? 

“We’re encouraged by the data we’re seeing with adoption,” Kumaran continues. “If we raise the bar here, every one of our users benefits.”

“We don't want people not to focus on the details in some weird way, but to zoom out a little bit: What is the spirit of this?” Becker added. 

In the end, the goal is to  “make the world safer for everyone,” Blank said.