---
title: "Google and Yahoo’s New Email Authentication Policy for 2024 | DMARC Report"
description: "Google and Yahoo’s New Email Authentication Policy for 2024 from DMARC Report explains practical steps for email authentication, domain protection."
image: "https://dmarcreport.com/og/blog/google-and-yahoos-new-email-authentication-policy-for-2024.png"
canonical: "https://dmarcreport.com/blog/google-and-yahoos-new-email-authentication-policy-for-2024/"
---

Quick Answer

The prevalence of \[email-based attacks\](https://cio.economictimes.indiatimes.com/news/digital-security/email-based-phishing-attacks-surge-464-in-1st-half-of-2023-report/101408574) has necessitated the implementation of robust strategic measures. To mitigate the impact of these attacks and safeguard their digital ecosystem, security teams have been encouraged to employ \[email authentication protocols\](https://dmarcreport.com/what-is-dmarc/). However, it was never a mandatory practice until very recently. On Oct 03, 2023, Google and Yahoo announced that from

Related: [Free DMARC Checker](/tools/dmarc-checker/) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fgoogle-and-yahoos-new-email-authentication-policy-for-2024%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Google%20and%20Yahoo%E2%80%99s%20New%20Email%20Authentication%20Policy%20for%202024&url=undefined%2Fblog%2Fgoogle-and-yahoos-new-email-authentication-policy-for-2024%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fgoogle-and-yahoos-new-email-authentication-policy-for-2024%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fgoogle-and-yahoos-new-email-authentication-policy-for-2024%2F&title=Google%20and%20Yahoo%E2%80%99s%20New%20Email%20Authentication%20Policy%20for%202024 "Share on Reddit") [ ](mailto:?subject=Google%20and%20Yahoo%E2%80%99s%20New%20Email%20Authentication%20Policy%20for%202024&body=Check out this article: undefined%2Fblog%2Fgoogle-and-yahoos-new-email-authentication-policy-for-2024%2F "Share via Email") 

![Google and Yahoo’s New Email Authentication Policy for 2024](https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg) 

The three core email authentication standards - SPF ([RFC 7208](https://datatracker.ietf.org/doc/html/rfc7208)), DKIM ([RFC 6376](https://datatracker.ietf.org/doc/html/rfc6376)), and DMARC ([RFC 7489](https://datatracker.ietf.org/doc/html/rfc7489)) - work together to verify that an email genuinely originates from the domain it claims to represent. Since February 2024, Google and Yahoo require all three for bulk senders. The prevalence of [email-based attacks](https://cio.economictimes.indiatimes.com/news/digital-security/email-based-phishing-attacks-surge-464-in-1st-half-of-2023-report/101408574) has necessitated the implementation of robust strategic measures. To mitigate the impact of these attacks and safeguard their digital ecosystem, security teams have been encouraged to employ [email authentication protocols](https://dmarcreport.com/what-is-dmarc/). However, it was never a mandatory practice until very recently. On Oct 03, 2023, Google and Yahoo announced that from February 2024 , [DMARC implementation](https://dmarcreport.com/blog/9-reasons-why-companies-resist-implementing-dmarc/) would be imperative for organizations that send more than 5000 emails per day to continue to do so. This strategic move aims to fortify email systems against [fraudulent activities](https://cybernews.com/news/email-invoices-sent-by-paypal-can-be-a-fraud/), enhance overall cybersecurity, and effectively mitigate the influx of spam emails. Moreover, the deadline set forth by the email service providers underscores the sense of urgency required to tackle malicious attacks and foster a more secure and \*\*reliable email environment for their users.

> Google’s February 2024 requirements were a turning point, says Brad Slavin, General Manager of DuoCircle. Before that, DMARC was a recommendation. Now it’s a gate - if your DMARC record is missing or set to p=none without a plan to enforce, your email deliverability to Gmail is at risk.

Want to know more about this policy and how it’d impact your **email-sending practices**? In this article, we’ll dive into the intricacies of the new [email authentication policy](https://dmarcreport.com/what-is-dmarc/).

## What are the Updates in the New Email Authentication Policy?

As the digital landscape expands, the tactics employed by cyber adversaries become **more sophisticated**. Recognizing the pressing need for heightened security protocols, Google and Yahoo have released new policies for their users with an aim to bolster the authentication process and prevent [unauthorized access to ](https://www.jdsupra.com/legalnews/episource-llc-confirms-recent-data-4870082/)[sensitive information](https://www.jdsupra.com/legalnews/episource-llc-confirms-recent-data-4870082/).

Here are a \*\*few takeaways from the new policy update that you should know:

## Mandatory SPF and DKIM Authentication

Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM) are the two primary pillars of email authentication that help users verify the \*\*legitimacy of an email and prevent [threat actors](https://ciosea.economictimes.indiatimes.com/news/security/threat-actors-double-down-on-emerging-and-tried-and-tested-tactics-to-outwit-employees-proofpoint/98439018) from executing their nefarious activities. By implementing these protocols, you can mitigate the risk of falling prey to spoofing attacks and establish the **authenticity of your domain**.

![Dmarc report](https://media.mailhop.org/dmarcreport/images/2023/11/dmarc-report-7626.jpg) 

## How Do You Verify DMARC Configuration?

When it comes to bolstering your [email security](https://dmarcreport.com/blog/why-email-security-matters-and-how-to-get-it-right/) and enhancing email deliverability, DMARC has been among the \*\*most reliable authentication tools recommended by experts. So far, organizations have been only encouraged to implement DMARC, [which has hardly been taken seriously by their security teams.](https://dmarcreport.com/blog/phishing-protection-why-are-so-few-using-dmarc/) However, with this new policy update, Google and Yahoo have now taken an assertive stance . Even if set at the “**p=none**,” this push allows the domain owners to gain insights into their email ecosystem.

## Passing DMARC Alignment

The new policy update, laid out by the world’s two major email service providers, emphasizes the necessity for emails to pass [DMARC Alignment](https://dmarcreport.com/blog/what-is-dmarc-alignment-and-how-does-it-work/) successfully. This means that the visible \*\*“From” address in your email should align with the “From” Header or the DKIM domain. As an integral aspect of the [DMARC](https://dmarcreport.com/) protocol, it adds to the legitimacy of the sending, thereby reinforcing the \*\*receiver’s confidence and trust and creating a reliable email environment.

## Allowing Easy Unsubscribe

Don’t you hate it when you receive unwanted spam emails in your inbox? In an attempt to streamline and **declutter email inboxes**, Google and Yahoo have directed commercial senders to facilitate easy unsubscribing for recipients. This involves the inclusion of List-Unsubscribe message headers and a clear, one-click “Unsubscribe” button at the bottom of the email.

## Reducing Spam Rate Threshold

Is your [email deliverability](https://dmarcreport.com/blog/fix-spf-permerror-overcome-too-many-dns-lookups/) facing a hit lately? With the implementation of the new Email Authentication policy by Google and Yahoo, bulk email senders would be now required to keep their **spam rate threshold below 0.3%**. If a sender exceeds this threshold, it might negatively impact their email infrastructure. _By setting a stringent standard, Google and Yahoo aim to enhance the emailing experience of its users and mitigate the impact of spam emails_.

## Who is this Policy For?

The new policy update by Google and Yahoo is primarily aimed at **bulk commercial senders**. If your daily email volume surpasses 5,000 messages to Google or Yahoo addresses, it’s crucial to follow these guidelines. But if you’re sending fewer than 5,000 emails each day, you can skip the \*\*one-click unsubscribe and DMARC requirements and choose either [SPF](https://dmarcreport.com/what-is-spf/) or [DKIM](https://dmarcreport.com/blog/dkim-explained-how-dkim-works-and-why-is-dkim-important-for-organizations/). However, given the **ever-expanding threat landscape**, it is highly recommended that all email marketers adopt and comply with these protocols, regardless of the number of emails you send in a day.

## How Does it Impact Your Organization?

With the rise of email marketing, [email authentication](https://dmarcreport.com/blog/spf-vs-dkim-vs-dmarc-difference-explained-2026/) can be easily deemed as one of the most comprehensive practices to reduce the risk of spam and **enhance deliverability**. But let’s face it, ensuring that your emails land in the recipient’s inbox instead of spam is no easy feat!

This is why proactively adapting to these strategies is crucial for ensuring successful [email campaigns](https://influencermarketinghub.com/glossary/email-campaign/) while upholding the integrity and legitimacy of your brand. In this vein, it is imperative to understand that these measures are not intended to complicate **email marketing**; instead, they aim to provide a secure and reliable environment for end-users.

![How to create dmarc record 1](https://media.mailhop.org/dmarcreport/images/2023/11/how-to-create-dmarc-record-1-1.jpg) 

## How Can You Up Your Email Authentication Game in 2024?

As we navigate the challenges of email-based attacks, it is crucial to have the right resources and know-how to fortify your defenses and prevent email-based attacks from affecting your deliverability. To this end, \*\*DMARCReport is your best ally in seamlessly aligning your [email infrastructure](https://dmarcreport.com/blog/dmarc-office-365-complete-setup-guide-2026/) with the updated norms. Our comprehensive range of email authentication services will not only help you build a sound security posture but also a **positive brand reputation**.

Still have questions about this policy or want to know more about our services? [Get in touch](https://dmarcreport.com/contact/) with our experts today!

## Sources

- [RFC 7208 - Sender Policy Framework (SPF)](https://datatracker.ietf.org/doc/html/rfc7208)
- [RFC 7489 - Domain-based Message Authentication, Reporting, and Conformance (DMARC)](https://datatracker.ietf.org/doc/html/rfc7489)

## Topics

[ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ email security ](/tags/email-security/) 

![Vishal Lamba](https://media.mailhop.org/dmarcreport/images/team/vishal-lamba.jpg) 

[ Vishal Lamba ](/authors/vishal-lamba/) 

Content Specialist

Content Specialist at DMARC Report. Writes vendor-specific email authentication guides and troubleshooting walkthroughs.

[LinkedIn Profile →](https://www.linkedin.com/in/vishal-lamba/) 

## Take control of your DMARC reports

Turn raw XML into actionable dashboards. Start free - no credit card required.

[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/) 

## Related Articles

[  Foundational 8m  10 Critical Learnings From Verizon’s 2021 DBIR - A DMARCReport Perspective  Nov 25, 2025 ](/blog/10-critical-learnings-from-verizons-2021-dbir-a-dmarcreport-perspective/)[  Foundational 12m  10 DNS Blacklist Insights That Improve Email Security And Deliverability Fast  Nov 14, 2025 ](/blog/10-dns-blacklist-insights-to-improve-email-security-and-deliverability/)[  Foundational 12m  10 Email Spoofing Detection Tools That Dramatically Improve Brand Protection  Nov 11, 2025 ](/blog/10-email-spoofing-detection-tools-that-dramatically-improve-brand-protection/)[  Foundational 12m  10 Reasons SPF Filtering Is Critical For Email Security  Nov 19, 2025 ](/blog/10-reasons-spf-filtering-is-critical-for-email-security/)

```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Google and Yahoo’s New Email Authentication Policy for 2024","description":"Google and Yahoo’s New Email Authentication Policy for 2024 from DMARC Report explains practical steps for email authentication, domain protection.","url":"https://dmarcreport.com/blog/google-and-yahoos-new-email-authentication-policy-for-2024/","datePublished":"2023-11-27T11:07:45.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2023-11-27T11:07:45.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/vishal-lamba/#person","name":"Vishal Lamba","url":"https://dmarcreport.com/authors/vishal-lamba/","jobTitle":"Content Specialist","description":"Vishal Lamba writes DMARC Report's how-to guides and vendor-specific configuration walkthroughs. His work focuses on step-by-step implementation guides for major email platforms (Google Workspace, Microsoft 365, SendGrid, Mimecast, Proofpoint, Brevo, and others), troubleshooting common SPF and DMARC errors, and translating RFC-level specifications into practical deployment procedures for IT administrators.","image":"https://media.mailhop.org/dmarcreport/images/team/vishal-lamba.jpg","knowsAbout":["SPF Vendor Configuration","Email Platform Integrations","SPF Troubleshooting","Technical Documentation","Step-by-Step Guides"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/vishal-lamba/"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/google-and-yahoos-new-email-authentication-policy-for-2024/"},"articleSection":"foundational","keywords":"dkim, DMARC, email security","wordCount":1036,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"Google and Yahoo’s New Email Authentication Policy for 2024","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"Google and Yahoo’s New Email Authentication Policy for 2024","item":"https://dmarcreport.com/blog/google-and-yahoos-new-email-authentication-policy-for-2024/"}]}
```