What hoteliers need to know about Google and Yahoo’s email authentication changes in 2024 — Source: Revinate, Inc.

New year, new email rules. Google and Yahoo have announced new email authentication requirements that take effect on February 1st, 2024. As email marketers in the hospitality space, we should pay attention to these new rules, because email continues to be a top — if not the top — marketing channel. Email marketing is stable, controllable, and affordable. Moreover, everyone has an email address. The last thing we want is to threaten this direct access to our customers and prospects by not complying with sender rules.

Non-compliance with sender requirements can reduce the likelihood of your emails reaching the subscriber’s inbox. This likelihood is called email deliverability. One variable that affects email deliverability is email authentication.

Email authentication is the process that verifies the legitimacy of an email sender. Authenticated emails allow email service providers (ESPs) to trust that the emails they are sending are not coming from bad actors, like spammers, spoofers, or scammers. Failure to properly authenticate emails can result in messages ending up in the spam folder or not being delivered at all.

Hotels that use Google or Yahoo and do not meet their new requirements will have their emails sent to spam and junk folders or be blocked entirely. Imagine all of your marketing and transactional emails are never even received by your guests. How much revenue would your hotel lose if you couldn’t communicate with your guests via email?

Don’t worry — we’ll cover what you can do to ensure high email deliverability for your property.

What changes are Google and Yahoo making to their email standards in 2024?

Both Google and Yahoo are ESPs that are enforcing identical requirements for bulk email senders on February 1st, 2024. Both ESPs require bulk senders to authenticate their email, enable easy unsubscription, and ensure they’re sending wanted emails.

From Google’s blog:

Authenticate their email: You shouldn’t need to worry about the intricacies of email security standards, but you should be able to confidently rely on an email’s source. So we’re requiring those who send significant volumes to strongly authenticate their emails following well-established best practices. Ultimately, this will close loopholes exploited by attackers that threaten everyone who uses email.
Enable easy unsubscription: You shouldn’t have to jump through hoops to stop receiving unwanted messages from a particular email sender. It should take one click. So we’re requiring that large senders give Gmail recipients the ability to unsubscribe from commercial email in one click, and that they process unsubscription requests within two days. We’ve built these requirements on open standards so that once senders implement them, everyone who uses email benefits.
Ensure they’re sending wanted email: Nobody likes spam, and Gmail already includes many tools that keep unwanted messages out of your inbox. To add yet another protection, moving forward, we’ll enforce a clear spam rate threshold that senders must stay under to ensure Gmail recipients aren’t bombarded with unwanted messages. This is an industry first, and as a result, you should see even less spam in your inbox.

Let’s explore these requirements and how to comply with them in more detail.

Know who manages your domain

Authenticating your email is the best way to ensure your messages reach your subscriber’s inbox. To start the process, you’ll need to know who manages your domain. Your domain is your property’s URL, like revinate.com, and it follows the @ symbol in your email address. Managing your domain means that you can make technical changes to it, like pointing it to a different webhost (the company that serves up the content of your website). Most of the changes will be done by writing DNS records, which are information that other systems can access, like in the case of authenticating email as legitimate. We recommend having someone on hand with the technical ability and knowledge to modify your DNS records.

Set up SPF and DKIM email authentication for your sending domain

DomainKeys Identified Mail (DKIM) is a protocol that validates that the content of an email has not been altered in transit. This validation is achieved by adding a non-visible string of characters to the email that acts as a unique key – also known as a hash. The recipient’s email system will recognize that key and verify that the message has not changed since the time it was sent. DKIM records are provided by your ESP.

Once you have your DKIM record, you’ll have to access the DNS zone for your domain and create a CNAME record. Depending on your domain configuration, this maintenance may take place with the registrar or your web host. Each of these providers offer different experiences for writing DNS records, so we recommend following your provider’s support documents.

Sender Policy Framework (SPF) is a method to prevent unauthorized email senders from using your domain for their email deployments. The SPF record allows the recipient’s email system to recognize and accept only authorized senders of your domain. Unauthorized senders run the risk of being blacklisted or having their emails blocked.

A technical resource will be required to write your SPF record, but you’ll be able to define rules for sender IP addresses, mail exchange servers, and domains. For guidance on writing the record, check out this SPF guide on syntax.

Set up a DMARC policy for your sending domain

Domain-based Message Authentication, Reporting & Conformance (DMARC) is a protocol that provides instructions to mailbox providers on what should happen if an email fails SPF and/or DKIM checks. DMARC also provides reporting to senders to improve protection of their domain from fraud.

Two important callouts regarding DMARC: First, the domain in the sender’s “From” header must be aligned with either the SPF or the DKIM domain. Second, this record is only required for bulk senders deploying over 5,000 emails a day, but it’s still highly recommended for all properties.

To set up your DMARC policy, you’ll start by creating a TXT record in your DNS for “_dmarc.” For the first field when entering the record name, you’ll type _dmarc.yourdomain.com (replace yourdomain.com with your actual domain name). For the record value, you’ll define your DMARC protocol, including your policy for email that fails DKIM and SPF checks. If your record looks like this:

v=DMARC1; p=none; rua=mailto:[email protected]

Then the p value represents your policy. P can equal none, quarantine, and reject. These are instructions to the receiving mail server on what to do if an email fails authentication. None takes no action, and the message is delivered as normal, but an email is sent to the address defined by the rua parameter for reporting. Quarantine sends the email to spam. Reject will bounce the email.

It is very important to start with p=none and go through a monitoring phase before implementing an enforcement policy of p=quarantine or p=reject as you could prevent legitimate sources from sending email on your behalf. Monitoring can be done for free with several 3rd party companies including Valimail* and others.

*Your use of any Valimail or other 3rd party tools is subject to their terms and conditions, and it is your responsibility to review and comply with those terms.

Establish one-click unsubscribe

Make it easy for email recipients to unsubscribe by making your unsubscribe link clearly visible on every email. Subscribers should also be able to unsubscribe from emails with one click.

Keep in mind that this does not mean you can have an unsubscribe link that sends the subscriber to a preference center or an “unsubscribe confirmation page.” These processes typically require the user to click an acknowledgement. One-click unsubscribe means one click. Finally, once a subscriber has unsubscribed, you must honor their request within two days.

Keep spam rates below 0.3%

Unwanted email is a chore to deal with. After deleting enough irrelevant messages, subscribers are likely to punish senders by reporting their email as spam. If the number of spam reports rises above established ESP thresholds, your sender reputation will be damaged, and Google and Yahoo may not deliver your emails. Google Postmaster Tools lists their spam threshold as 0.3%, but you should aim for 0.1% for every email deployment.

Following established email hygiene can help keep spam reports low. Practice permission-based marketing, enable double opt-in, segment your marketing lists, and make sure you’re not sending unexpected messages. It’s practically impossible to prevent all spam reports, but observing email best practices will help keep your email marketing in compliance.

Get more help with your email deliverability

If you’re a Revinate Marketing customer, our support team will help you meet ESP requirements. This maintenance includes:

  • Ensuring that sending domains or IPs have valid forward and reverse DNS records, also referred to as PTR records.
  • For subscribed messages, enabling one-click unsubscribe (list unsubscribe) with a visible unsubscribe link in the message body.
  • Formatting messages according to the Internet Message Format standard (RFC 5322).

Current customers can read our helpdesk article on these upcoming email authentication requirements. You can also reach out to your Customer Success Manager or email deliverability[at]revinate.com. Please use the subject: “Gmail/Yahoo Authentication.” Also, please include your sending (From) domain(s) and property name(s).

Not yet a Revinate Marketing customer? Discover the industry-leading CRM and email marketing solution that’s been voted #1 for five years in a row. Schedule a demo today!

About Revinate

Revinate empowers hoteliers to directly connect with their guests.

Our Guest Data Platform and communication solutions unlock revenue for hoteliers and put them in control of the full guest experience — initial research, booking, check-in, throughout the stay, and even after check out — all via the communication channels that guests prefer, whether it's voice, text, email, or web.

More than 12,000 hotels globally bank on Revinate to drive direct revenue and deliver delightful guest experiences.

Ask us how we do it. Visit our website to get a demo.

Sanjana Chappalli
VP of Brand Marketing and Communications
Revinate, Inc.

View source