In October 2023, Google and Yahoo announced new requirements for bulk senders, or, as Google defines, anyone who sends more than 5,000 emails per day. These changes impact customers of any email service provider—not just Mailchimp customers—and will go into effect in February 2024. While these changes will require you to take a few new steps, enacting these measures can help improve your deliverability by building your credibility as an authenticated email sender.
These new requirements primarily impact two groups of email senders:
- Large senders, or anyone who sends to more than 5,000 Gmail or Yahoo email addresses on any single day.
- Anyone who uses a Gmail email address as their “From” email address when sending emails through any email service provider, regardless of sending volume or the email domains of their recipients.
- Senders will need to have the right authentication for the email domain they’re sending from.
In particular, senders will need to have SPF, DMARC, and DKIM set up correctly. SPF is already set up on all of our sending IP domain names, so there’s nothing you’ll need to do to set that up. DMARC stands for Domain-based Message Authentication, Reporting & Conformance. It’s a way for you to show that emails sent from your domain are legitimate, and tell receiving inbox providers what to do with an email that isn’t legitimate. This protects both senders and recipients from activities like phishing, spamming, and spoofing. DMARC uses DomainKeys Identified Mail (DKIM)—a method of email authentication that helps identify that the email you sent is really from you—to evaluate the authenticity of email messages. When both DMARC and DKIM are set up correctly, someone can send an email via an email service provider—in your case, Mailchimp—and Gmail and Yahoo will see that your domain records have approved Mailchimp as a service that can send emails that display as coming from your domain. Gmail and Yahoo will then allow your emails to go to Gmail and Yahoo email addresses.
- Senders must include a one-click unsubscribe link in your email.
All bulk emails must have an unsubscribe method in place that allows recipients to unsubscribe in one click, as well as an unsubscribe link in the body of the email and header of the email. All bulk email senders are required to honor unsubscribe requests within two days. Luckily, all emails sent through Mailchimp do this automatically.
- Senders’ spam rates will need to fall below a certain threshold.
Google and Yahoo will begin enforcing a spam rate threshold that senders must stay under to ensure Gmail and Yahoo recipients aren’t being sent spam.
It is important to reiterate that these changes impact all email service providers, and not just Mailchimp. If you want to use an email service provider to send out newsletters and marketing automation, we strongly encourage you to use a custom domain and make sure it is properly authenticated.
What You Can Do
If you’re a customer who will need to make adjustments based on these new requirements, we’ll email you with specific guidance on how to navigate these changes based on your unique sender setup. If you want to set up everything yourself, here are the steps you’ll need to take:
Acquire or Set Up a Custom Domain
If you’re a customer who will need to make adjustments based on these new requirements, we will guide you through each step you need to complete on the Domains Overview page in your account. If you want to set up everything yourself, here are the steps you’ll need to take:
Starting in February of 2024, Gmail will begin using DMARC to protect their domain from unauthorized use. Gmail doesn’t allow for users to set up authentication for their individual address—this is because DMARC applies to the entire @gmail.com domain. When you send an email from any service other than Gmail itself using a @gmail.com domain, Gmail will tell recipient inboxes that Gmail didn’t send the email and therefore they should reject the email.
It is likely that more services could adopt the same requirements as Google and Yahoo in the future and impact email senders who are using other freemail domain services. For this reason, we strongly encourage you to set up a custom domain. You can learn more about what those are and why they’re important for your brand here.
We recommend that you find a domain through a registrar that is accredited with the Internet Corporation for Assigned Names and Numbers (ICANN) and provides email hosting, like Godaddy or Domain.com. View ICANN’s full list of accredited registrars here.
Once you have a custom domain, or if you already have a custom domain, you’ll need to set up DMARC and DKIM.
Set up DMARC
You can set up DMARC authentication for your sending domain in your DNS provider yourself, and you can take care of it at any time. Your DMARC enforcement policy can be set to none, and Google has some specific guidelines to set your brand up for success.
Set up DKIM
Once you complete all of the steps outlined above, you’ll then meet the new authentication requirements for Google and Yahoo.
We’re dedicated to helping ensure our customers see as little disruption as possible from these changes. As we approach implementation of these new requirements, we’ve taken a few measures to help smooth the transition.
First, we've updated the Domains Overview page in Mailchimp accounts, which includes step-by-step guidance for what you need to do to authenticate your custom domain. In many cases, you’ll be able to fully authenticate your domain without leaving your Mailchimp account.
Second, as we continue to encourage all users to authenticate and own their own domains, we've started overwriting sending domains for some Mailchimp customers. Mailchimp customers who are sending from a free email address may already notice this change: Free email service providers, like Gmail or Hotmail, don’t allow Mailchimp customers to authenticate their sending domain since those customers do not own their domain, so to ensure that these users don't experience sending interruptions, we have started using a mailchimpapp.com subdomain as the sending domain. For more information about why we do this—and why it's important to authenticate your domain if possible—check out our resource on the limits of free email.
And beginning March 15, we will also use the same overwrite process for highly impacted Mailchimp users with unauthenticated domains. By using an email address from our domain, we can ensure our customers’ mail meets the new authentication requirements for bulk senders as we continue to urge customers to authenticate their own custom domains to maintain brand consistency.
We’ll continue to monitor announcements from Google and Yahoo and make changes to our product that help our customers' emails continue to land in their contacts’ inboxes. We’ll communicate more information as it is available. In the meantime, please use one of our support options if you have any questions.
Updated: February 21, 2024