What You Need to Know About DMARC: February’s Google and Yahoo! Sender Requirement Changes

eCommerce business complying with DMARC requirements and reaching more customers through email marketing

Google is a real business powerhouse. It’s been a digital juggernaut for decades. Today, whether it’s search, advertising, or email, no one questions that Google reigns supreme. This impressive reputation has been well earned. Google knows what it’s doing, and more importantly, it’s hard for a business to succeed without it. So now, when Google makes a move like implementing DMARC, businesses across industries and across the world stop dead in their tracks and prepare to follow.

As always, Google not only sets the standard, it is the standard. This time is no different. As of February 1st, 2024, Google and Yahoo! will be changing their sender requirements, and businesses sending over 5,000 daily emails to Gmail or Yahoo! accounts must ensure they meet this new standard.

As usual, Google’s standards are higher, so meeting their requirements will also automatically make you compliant with the Yahoo! changes. Any business that wants its emails to reach its intended destination needs to take action immediately to fall in line with the new requirements.

We’ll give you the 411 on the changes and then explain what you need to do to avoid massive issues.

What Is DMARC?

DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. While that is certainly a long and scary technical term, it’s actually a pretty simple principle. Basically, DMARC is a method of preventing spoofing or phishing emails impersonating your business from getting to their destination unnoticed.

It’s the email equivalent of showing your ID to prove that you are who you say you are. This will check every sender’s ID to make sure you aren’t merely impersonating your business. This keeps you and your customers safe.

Why Is DMARC Authentication Important?

Okay, so DMARC is an email bouncer checking IDs at the door. What does that mean, though? What does it actually do? Let’s use a common example that most people can relate to.

Have you ever gotten an email that says it’s from Walmart or Amazon about a gift card you won? Or what about an email from FedEx or UPS saying that your package is ready for pickup?

Upon further inspection, though, you may notice that the message has a lot of basic grammar errors or was sent from a non-branded email address like 1b24z75q@hotmail.com. Emails like this are delivered every day to people who may or may not know how to tell when they’re real or a scam.

Google has created a system to help prevent this kind of thing from happening to Gmail users. DMARC is that system. It authenticates every email and tells the receiving server what to do with any emails that fail these checks.

Ultimately, this will lead to more consumer safety, fewer innocent people scammed, and more protection for your brand. These changes will prevent anyone from using your name to do something shady—and negatively impacting your brand’s reputation as a result. But not following these regulations may affect your email deliverability and put your emails in the spam folder.

What Are SPF and DKIM, and Why Do They Matter for DMARC Authentication?

Remember when we said DMARC checks every sender’s ID to make sure they are who they say they are? Well, SPF and DKIM are the processes it uses to do it. DMARC alone is just the instructions for what to do with the emails that aren’t authenticated. SPF and DKIM are how it knows if each email is legitimate.

They each serve an important purpose. Together, these two steps ensure that only emails you intend to represent you can use your name.


The Sender Policy Framework (SPF) keeps a list of all domains and servers that you have authorized to send emails for your business. This is the equivalent of the list a school keeps for all the people allowed to sign a child out.

It helps make sure that every email is sent from either a domain or server that belongs to your business or one that you have explicitly cleared to send correspondence in your name. This is perfect for businesses that use a third party like Klaviyo to send their marketing emails.


DomainKeys Identified Mail (DKIM) is like a digital signature. It gives Gmail a way to double-check that you actually sent the email in question. It also ensures no changes were made between when you sent it and when it arrived.

This keeps anyone from pretending to be you or carjacking your email on its way down the internet superhighway to sneak their message into a genuine email you sent and authorized.

Steps to Prepare for Google and Yahoo!’s New Sender Requirements

Email marketing manager ensuring their processes comply with DMARC requirements

The standards for both are similar, but since Google’s bar is a bit higher, those are the standards you have to meet. Again, once you have everything set up to their specifications, you’ll have already passed Yahoo!’s standards as well.

Here’s what you have to do:

  1. Ditch the @gmail Address: Change your friendly “from” email address—the one your customers see—to one with a domain you own. For example, instead of YourBrand@gmail.com, you’ll want something like Hello@YourBrand.com.
  2. Set Up a Dedicated Sending Domain: You’ll want a branded sending domain just for sending emails. If your domain is YourBrand.com, then your sending domain can be something like Send.YourBrand.com. The domain for your “from” email address and sending domain should have the same root domain (i.e., YourBrand.com).
  3. Configure Your DMARC Policy: This must be done through your domain provider (such as GoDaddy or Cloudflare). You can follow Google’s instructions for what to do to prepare for and complete this step.
  4. Simplify Unsubscribing: Make unsubscribing from your marketing emails easy by adding a one-click unsubscribe link to the header of your emails and having an unsubscribe link somewhere in the body.
  5. Keep Spam Complaints Low: Make sure your spam rate is below 10%.

Become DMARC Compliant ASAP

It is really important that you meet all these requirements before February 1st. Ultimately, making these changes will ensure that more of your emails actually land in your customers’ inboxes.

While Google did its best to simplify this process, we’re not going to lie to you: some of it is still rather technical. It’s vital that you complete each step to their specifications. But don’t worry—you don’t have to do it alone.

Future Holidays is a creatively-led web design agency that specializes in, among other things, email marketing. We can help you set up your DMARC policy and then ensure that you meet all the requirements. Contact us today to find out more about how we can help.

Additional References: