Stricter email security at Gmail & Yahoo: this is what you need to know and do

  • 5 March 2024
  • Reading time: 6 min
  • Tools

Gmail (Google) and Yahoo are tightening their security rules regarding incoming emails. In order to combat spam more effectively, they are introducing three new guidelines that are also important for those involved in email marketing. We'll tell you what you need to know and what action you need to take.

These rules are becoming stricter:

In an update, Google explains what will change. They didn't make this decision alone. Yahoo's competitors are also tightening their email security.

Three new rules, or guidelines, are being introduced:

Contacts/subscribers must be able to unsubscribe from your emails easily.
You will only be able to deliver a maximum number of 'spam emails' to an email address.
Only authenticated emails will be delivered.
Continuing to send emails to Gmail & Yahoo: here's what you need to do

Additional rules for bulk senders

Everyone is affected. No matter how many emails you send per month, you will need to make adjustments to continue sending emails smoothly to Gmail and Yahoo email addresses.

However... if you're a larger company sending more than 5,000 emails per day (150,000 per month or more), the two email platforms will impose additional rules on you. Because then you're considered a bulk sender.

Do you feel targeted? Are you one of these bulk senders? Then we recommend using a professional email platform like Flexmail. Such platforms are not only highly suitable for your email marketing needs, but they also have extensive expertise in email security.

Continuing to send emails to Gmail & Yahoo: here's what you need to do

If you need to take action yourself, it's helpful to know what you need to do to comply with these tightened rules.

Allow one-click unsubscribe

You must provide your contacts with an easy way to unsubscribe from your newsletters and other emails. To comply with this rule, you actually only need to make a small adjustment. You might not even need to change anything at all.

Allow your subscribers to easily unsubscribe by placing an unsubscribe button in the header or footer of your emails. Clicking on it will immediately unsubscribe them.

One button and one click are much easier compared to, for example, a long list of questions you have to fill out before you can unsubscribe.

Keeping an eye on spam and delivery rates

The new rules from Gmail and Yahoo indicate a greater focus on monitoring delivery rates and combating spam.

Email marketers should not only pay attention to open and click rates, but also to the number of emails that never reach the inbox.

Actually, this isn't a bad idea at all. A low spam rate indicates a healthy email list with more potential for customers.

To maintain and improve these different ratios, you can use Gmail's Postmaster Tools. With these tools, you can analyze the spam rates of your emails and ensure you stay below the important threshold of 0.3%.


If your spam rate exceeds that established threshold, it's crucial to refresh your knowledge of email best practices regarding deliverability.

Enhanced email security via SPF, DKIM, and DMARC

Let's be honest: now we're getting into the most challenging and technical part. That third guideline from Google and Yahoo is no joke. Their security filters will only allow authenticated emails through.

To comply with this, bulk senders are required to set up SPF, DKIM, and DMARC together. If you send fewer emails, you'll have less work ahead. However, you'll still need to set up SPF or DKIM, combined with DMARC.


Here are the three terms explained:

  • SPF (Sender Policy Framework)
  • DKIM (DomainKeys Identified Mail)
  • DMARC (Domain-based Message Authentication Reporting and Conformance)

For those familiar with the world of email marketing, these technical terms should be well-known. For those less acquainted: SPF, DKIM, and DMARC have been established for several years as the best ways to secure your emails.

SPF is a protocol that specifies who is authorized to send email on your behalf or on behalf of your business. DKIM, on the other hand, is a form of digital signature.

DMARC serves as an additional layer of security. It determines what should happen to an email if it doesn't meet the standards of SPF or DKIM. While DMARC is useful, unfortunately, it's not yet widely adopted by most companies.

This blog article provides a detailed explanation of what SPF, DKIM, and DMARC mean and how they work. It's an interesting read!

Enhanced email security via SPF, DKIM, and DMARC

In safe hands of Combell

Do you have a mailbox with Combell? Do you send emails through us? Then, of course, you want to know what you need to do and what we have already done for you in terms of SPF, DKIM, and DMARC. 😉

That's why we're letting Combell expert Cedric Dubois (Teamlead Platforms Infrastructure) speak up. If anyone has knowledge about email security, it's him.

"It is indeed very important to set up SPF and DKIM, although you shouldn't see it as a complete solution," says Cedric. "These options will never eliminate all spam from the world, but they are strong filters."

Creating an SPF Record

Cedric on SPF: "Such a record lets mailboxes know which mail servers your emails are being sent from. It's a kind of recommendation to spam filters to indicate which emails are legitimate and which are not.

Because of this recommendation, spam filters immediately notice when spammers are sending emails on your behalf using other mail servers. These fraudulent emails are blocked by the spam filters. Conversely, an SPF record increases the chance that your own emails will pass through the spam filter.


If you use Combell's mailboxes, a Combell SPF record is used by default. You can read more about this on our blog.

As a Combell customer, you can easily create and add your SPF record yourself. There is a guide on our support pages. For those who need extra help, our professional support team is always available."

DKIM by default

It turns out that those who email through Combell are well-equipped against spam. Cedric says, "With Combell's basic mailboxes, you can rely on default DKIM. This cryptographic signature guarantees that no changes have been made to your email along the way."

Improved email delivery with DMARC

DMARC builds upon your SPF and DKIM records. With this, you provide mailbox providers with instructions on how to handle emails claiming to be from you but lacking SPF and/or DKIM. This could indicate a spoofing email.

"Instead of relying on a large spam filter to keep out malware and spam, DMARC focuses on a stable way to identify legitimate emails and deliver them to the inbox," says Cedric.

Also read

Learn more about improved email delivery with DMARC on our support pages.

Email security: additional tips from our expert

Especially for our customers, colleague Cedric provides additional tips to better secure your emails and prevent spam.

At Combell, we do everything to protect our customers. If a customer suddenly starts emailing from thirteen different countries simultaneously, we proactively block those emails and ask the customer to reset their password as a precaution.

Strong password policy

"In my opinion, as important as SPF, DKIM, and DMARC: strong passwords. They consistently enhance the security of your tools. Don't use the same password everywhere, set up 2FA, use a Password Manager... Plenty of options!"

Be stricter when sending emails

"Many don't think about this, although it's so logical. You can increase the strictness of your email communication by, for example, only sending emails from specific IP addresses. Include those IP addresses in your SPF record and ensure that list remains as limited as possible.

You can do this if you want more certainty about the delivery of your emails. The spam filters of Gmail and Yahoo will recognize your IP address."

Use the Combell server as an SMTP server

"It's the SMTP server that sends your email to your recipient. Then your contact retrieves the email from an email server using POP or IMAP. Using Combell as an SMTP server is not only better for delineating your SPF, it's also much safer."

Work via a specialized email tool

"Look, at Combell, we really do a lot to protect our customers. I've experienced situations where a customer suddenly starts emailing from thirteen countries simultaneously. That's immediately suspicious. As soon as we notice that, we proactively block all those emails and ask the customer to reset their password as a precaution.

But if you really want to get serious about email marketing, you need specialized tools. Sending mass emails from a regular mail program is asking for trouble.

At Flexmail, all they do is ensure the highest delivery rates. That's their core business. Moreover, DMARC is included as standard with Flexmail."