top of page
  • OpaCyber

The Google Ban Hammer

Marketers, or anyone one else sending bulk emails, we have bad news. Google and Yahoo are about to bring out the “ban hammer”!


Google Ban Hammer explained by Opa Cyber Security
Google Ban Hammer - Opa Cyber Security

This applies whether you are sending directly or using a “bulk mail” service such as Mailchimp, Sendgrid, Constant Contact, Salesforce etc. If you’re sending direct your problems are worse, for reasons we’ll come onto..

 

From February, Google is bringing in new measures to reduce the amount of spam being delivered to users of their services. We won’t focus on Yahoo in this post as we don’t want to go back to the 20th century



These new measures could hugely affect delivery of your emails for:

 

  • Marketing Newsletters

  • Customer Service Interactions

  • Web shop notifications

  • Targeted Promotions

 

We’ll break it down into three parts:

  1. What the changes are

  2. What you don’t really need to worry about

  3. What you DO really need to worry about

 

Gmail has 1.8Bn users. Yes that’s B as in Billion. We estimate about 50% of personal email could be gmail

 

For the moment, emails to Google Workspace accounts aren’t affected but if this move is successful we don’t think it will be long before that is included too and Google Workspace has just under 50% of the business email market

 

So how many of the emails you send will be affected? Hard to tell

 

It depends on the vertical of your business and whether you are primarily sending to business or personal users (or maybe a mixture of both)

 

Either way it is probably going to be significant

 

What the changes are

 

1 - All senders:

 

  • SPF or Dkim email authentication required

  • Ensure valid forward and reverse DNS records

  • Spam rates reported below 0.3%

  • Message format adheres to RFC 5322 standard

  • No Gmail Impersonation in FROM headers (Gmail setting DMARC Quarantine policy)

 

2 - Senders of more than 5,000 messages per day:

 

  • All of the above, plus:

  • Dmarc email authentication for your sending domains

  • “From header” must be aligned with either the SPF domain or the DKIM domain

  • One-click unsubscribe for subscribed messages

  

What you don’t really need to worry about

 

  1. Ensure valid forward and reverse DNS records

  2. Message format adheres to RFC 5322 standard

  3. No Gmail Impersonation in FROM headers (Gmail setting DMARC Quarantine policy)

 

  1. If you’re using a “bulk mail” provider this will be taken care of for you

  2. RFC 5322 is a cure for insomnia. Yes we’ve read the whole thing. It defines the rules of how email should be constructed. Again, unless you designed your own email platform in the basement one afternoon it’s unlikely you won’t be compliant

  3. This is mostly a fix for spammers that abuse gmail servers to try and hide their nefarious emails. As with item 2 it’s unlikely you will be affected

 

 What you DO really need to worry about

 

All senders:

  1. SPF or Dkim email authentication required

  2. Spam rates reported below 0.3%

 

  1. Authentication is designed to prevent Bad Actors from sending email as your organisation. This impersonation tactic is known as spoofing and can use your organisation’s email for malicious cyber attacks

  2. You’re on your own here! If recipients report your messages as SPAM at a rate that exceeds the new 0.3% your messages could be blocked or sent directly to a Junk Folder. This will, though, help cut down on those emails people might receive with “you are receiving this because we thought it might be of interest” complete BS justification for sending stuff people didn’t ask for. The more these are marked as spam the sooner the Google Ban Hammer will strike

 

High-volume Senders:

  1. Dmarc email authentication for your sending domains

  2. “From header” must be aligned with either the SPF domain or the DKIM domain

  3. One-click unsubscribe for subscribed messages

 

  1. Dmarc tells the receiving email service what to do if the email doesn’t comply with SPF and the policy must be Quarantine as a minimum. From the metrics we see ABOUT 50% OF ALL EMAIL will fail in this compliance requirement (we just did a quick test and for 20 bulk emails received by clients EXACTLY 50% would fail the Google requirements)

  2. Email must be authenticated and aligned. This can be tricky to set up with “bulk mail” providers but we have the know how

  3. Oh, yes. This is going to catch out a lot of senders if Google really means one-click. Providers like Mailchimp conform exactly. When you click unsubscribe on a Mailchimp email you are taken to a web page that confirms the unsubscribe. It does ask you to, optionally, provide a reason and that’s quite fair enough as far as we see it. Just today, though, we have seen several other provider’s emails where the unsubscribe link goes to a page with an “are you sure” button to click. That’s not ONE-click Also, the unsubscribe must be honoured within two days. That will give a black eye to those that say “this may take up to a week to take effect”


If your business needs help, we are here for you!! Reach out and we can discuss your requirements to ensure your business emails reach your customers!






Comments


bottom of page