Email marketing is one of the most effective tools that a nonprofit organization can use to stay connected with their donors, boost fundraising appeals, and send important updates to those involved in their mission.

However, email marketing is facing big changes in 2024 that may impact you and your organization. We’ve created a handy resource to help explain these changes, and what they might mean for you.

Google and Yahoo have announced that they are now requiring email senders to implement specific email authentication methods.

Starting on February 1, 2024, senders who send more than 5,000 messages per day to Gmail or Yahoo accounts must meet the following requirements:

Email authentication is a set of tools and techniques used to ensure that an email being sent is legitimate, and isn’t an attempt to send an individual spam, phishing attempts, or other malicious communications.

These requirements are designed to help prevent your messages going to your contact’s spam folders, as well as prevent any attempts to impersonate your organization by bad actors. They’re meant to help make sure that verified, authentic emails hit your recipient’s’ inboxes more often – and invalid, junk emails have a harder time clogging up individual inboxes.

While these changes will now be required, these authentication tools have always been considered as a part of “best practices” for bulk email deliverability. These requirements also help Google and Yahoo move towards a safer, more standardized global email ecosystem, and are part of a greater initiative to help the two companies align with global cybersecurity standards moving forward.

Additionally, while these changes are now a requirement through Google and Yahoo, other ISPs (“internet service providers”) and email clients are also beginning to enact stronger authentication requirements. This means these changes will likely also become requirements for other email clients in the future.

Learn more about these new guidelines here (Google) or here (Yahoo).

This means that if you send one email to over 5,000 Gmail or Yahoo email recipients, you’ll now be subject to these new requirements moving forward – even if you don’t send emails of that volume frequently, or ever again.

If this is the case for your organization, and you do not comply with these requirements, your emails are more likely to be quarantined or flagged as spam or junk by email providers, and not reach their intended recipients.

In order to make sure you’re compliant with these new changes, you’ll want to make sure that your SPF, DKIM, and DMARC records are set up for your sending domain. (If you’re not familiar with these terms, scroll down for more information.)

Network for Good will be releasing additional tools to help confirm that your organization is compliant with these guidelines in the near future; however, your organization is (and will remain) responsible for ensuring that these records are set up correctly within your organization’s domain.

We’ve created a quick reference chart to help explain what steps you and your organization may need to take below.

Please ask yourself:

* Please note that one email blast to 5,000 recipients still counts as 5,000 emails, since the email blast is sending out 5,000 individual emails!

We also strongly recommend that all customers sign up for Postmaster Tools, which is a free service through Gmail. Postmaster Tools reports on spam rates associated with the email address you use to send communications. Because Gmail doesn’t inform us when an email recipient reports a message as spam, Postmaster Tools provides that reporting so you can stay on top of any potential risks – such as keeping your spam rate below 0.3%.

Messages sent without the proper authentication sent after February 1st may end up in increased “bounce” rates, or messages being sent to the junk or spam folder more frequently.

SPF (or “Sender Policy Framework”) is an email authentication tool that helps to prevent spanners from sending unauthorized messages that appear to come from your organization’s domain.

Here are some setup steps for the most common domain hosts that nonprofits use:

DMARC (or “Domain-based Message Authentication, Reporting & Conformance”) is an email authentication tool that helps email clients understand what to do with messages sent from your domain that don’t pass SPF or SKIM authentication.

DMARC is particularly helpful in helping you identify senders who may be maliciously impersonating your domain, and helps email providers understand whether an email that fails those authentication methods should be delivered to a spam folder, or ultimately rejected.

Here are some setup steps for the most common domain hosts that nonprofits use:

DKIM (or “DomainKeys Identified Mail”) is an email authentication tool that allows email clients to verify that the domain owner listed on the email is the person (or organization) who actually owns that domain.

Learn more about setting up DKIM for your domain here.

DNS (or “Domain Name System”) records are designed to help a domain (or subdomain) point to an IP address. For example, a small business may use a DNS record to have the URL “examplestore.smallbusiness.com” instead lead site visitors to an online store, like Amazon or eBay.

Other than adding security to your sent messages and increasing confidence that any emails sent from your organization are legitimate, there shouldn’t be much impact on your contacts.

Despite an anticipated minimal impact, you may want to communicate to your contacts if your “from” email address will be updated so that they’re aware of the change.

No, this change is impacting all bulk mail senders across the internet community. These changes will be required of any organization who sends emails to 5,000 or more Google or Yahoo recipients.

These changes affect all mail senders, no matter where the email was created or is being received.

You can learn more about these updated through the following resources: