Google and Yahoo Sender Requirements (for Cold Email)
The Google and Yahoo sender requirements are a set of email rules that took effect in February 2024. They require senders to authenticate mail with SPF and DKIM, publish a valid DMARC record, offer easy unsubscribe on bulk messages, and keep spam complaint rates low — commonly cited as staying under roughly 0.3%. Mail that ignores them is more likely to land in spam or be rejected outright.
What the requirements actually say
Google and Yahoo published near-identical guidance, so they are usually treated as one standard. The rules separate into baseline checks that apply to everyone and stricter checks for bulk senders (Google frames this around a daily threshold, commonly cited as roughly 5,000 messages a day to Gmail accounts).
| Requirement | Applies to | What it means |
|---|---|---|
| SPF + DKIM | All senders | Both authentication methods configured on the sending domain |
| Valid DMARC record | Bulk senders | A published DMARC policy; p=none satisfies the check |
| DMARC alignment | Bulk senders | The From: domain matches the authenticated domain |
| One-click unsubscribe | Bulk senders | RFC 8058 header-based unsubscribe, honored within 2 days |
| Low spam complaint rate | All senders | Keep complaints low — under ~0.3% is the figure usually cited |
| Valid forward/reverse DNS | All senders | The sending IP resolves correctly in both directions |
The key point for cold email: authentication and the complaint-rate expectation are not volume-gated. They apply whether you send five emails or fifty thousand.
The three authentication records
Most of the requirements come down to email authentication, which means three DNS records working together:
- SPF lists the servers allowed to send mail for your domain.
- DKIM adds a cryptographic signature that proves a message was not tampered with in transit.
- DMARC ties the two together and tells receivers what to do when authentication fails.
For bulk senders, DMARC must be present, and it must align — the visible From: domain has to match the domain that passed SPF or DKIM. A common mistake is publishing DMARC but failing alignment because mail is sent through a service on a different domain. The SPF, DKIM, and DMARC setup checklist covers how to get all three right.
Note that p=none is enough to satisfy the requirement. Google and Yahoo do not mandate an enforcing policy like quarantine or reject — they require that a valid DMARC record exists.
One-click unsubscribe
Bulk senders must include a one-click unsubscribe that works from a single click in the email client, implemented through the List-Unsubscribe and List-Unsubscribe-Post headers (RFC 8058). Unsubscribe requests must be processed within two days.
This is straightforward for newsletters. For cold outreach the picture is more nuanced — most cold-email tooling and good sequencers handle the header automatically, and honoring opt-outs quickly is sound practice regardless of the volume threshold. If a recipient does not want your mail, continued sending only drives complaints up, which is the metric that hurts you most.
The spam complaint rate
The complaint rate is the requirement that catches cold senders out. It is measured by how often recipients hit “report spam” on your mail. Google asks senders to keep this rate low and to never reach the higher threshold it warns about; the commonly cited figure is staying under roughly 0.3%, with a recommended target well below that.
Complaint rate is a direct readout of list quality and relevance. You cannot pass it with technical setup alone. The levers that actually move it:
- Email people who plausibly want to hear from you, not scraped lists.
- Keep volume per mailbox modest so a few complaints do not spike the rate.
- Make unsubscribing easier than reporting spam.
- Watch bounce rates too — high bounce rates and complaints often travel together as signs of a poor list.
A clean technical setup that fails the complaint threshold will still see mail go to spam. Authentication gets you in the door; behavior keeps you there.
What this does and does not cover
These are deliverability and platform rules, not law. Meeting every Google and Yahoo requirement says nothing about whether you have the legal right to email a given person.
Consent rules are separate and stricter. In the EU and Germany, UWG §7(2) generally requires prior opt-in for advertising email, including B2B, and the recipient’s jurisdiction governs. The sender stays responsible. For where the lines fall, see is cold email legal and the cold email GDPR guide. None of this is legal advice — the sender-requirement checklist and the consent question are two different problems you have to solve separately.
How Mailionaire approaches this
Every sending domain we set up ships with SPF, DKIM, and DMARC configured automatically, sender names that read as real people, and an isolated Microsoft 365 tenant — so the authentication side of the Google and Yahoo requirements is handled from day one. The complaint-rate side stays yours to earn through list quality and relevant copy; we monitor domains and mailboxes and replace them as they wear out. Pricing is flat at $50 per active domain per month, with details on the pricing page.
FAQ
What are the Google and Yahoo sender requirements?
Effective February 2024, Google and Yahoo require senders to authenticate mail with SPF and DKIM, publish a valid DMARC record, send from a domain with matching forward and reverse DNS, offer one-click unsubscribe on bulk messages, and keep spam complaint rates low — commonly cited as under roughly 0.3%. Stricter checks apply to bulk senders.
Do the requirements apply to cold email?
Yes, in practice. The rules target anyone sending to Gmail and Yahoo inboxes. Authentication and the complaint-rate expectation apply at any volume. One-click unsubscribe and the daily bulk-sender threshold (commonly cited around 5,000 messages a day to Gmail) are framed around higher volumes, but cold email to these mailboxes is still judged on authentication and complaints.
What spam complaint rate do Google and Yahoo expect?
Google asks senders to keep spam complaint rates low and to avoid ever reaching a higher threshold. The figure commonly cited is staying under roughly 0.3%, with a recommended target well below that. Complaint rate is measured by recipients marking your mail as spam, so list quality and relevance matter more than volume alone.
Does meeting these requirements make cold email legal?
No. The Google and Yahoo requirements are technical and platform rules, not consent law. Legality depends on the recipient's jurisdiction — Germany's UWG §7(2) generally requires prior opt-in even for B2B. Meeting the sender requirements does not remove your duty to have a lawful basis to email someone. This is not legal advice.
Mailionaire provisions real, isolated Microsoft 365 mailboxes for cold email — built in Switzerland, with optional EU/Swiss data residency — then monitors and replaces them as they wear out. One flat price per domain. See how it works →