Google, Yahoo, and Outlook's Guidelines for Email Security and Delivery
Note: This document contains a combination of guidelines that apply to all email senders and to 'bulk senders' as classified by Google, Yahoo, and Outlook. A bulk sender is defined as an organization that sends more than 5000 emails per day to recipients with Gmail, Yahoo, or Outlook email addresses through all of their organization's emailing platforms. Since your organization can be classified as a bulk sender even if you are sending less than 5000 emails via Zoho CRM, owing to emails sent by your organization from other emailing platforms, Zoho CRM recommends that all email senders implement the guidelines expected from bulk senders.
To maximize the deliverability of emails sent through Zoho CRM, we have been actively requesting all customers who use custom domains to actively send emails to authenticate all domains via SPF and/or DKIM authentication methods. Similarly, Gmail, Yahoo, and Outlook have established new guidelines to be followed by those who send 5000 or more emails daily to recipients who have Gmail, Yahoo, or Outlook accounts. Their sender policy establishes the need for authentication of emailing domains, prevention of sending unwarranted or unsolicited emails, and ensuring recipients can easily unsubscribe from all emails. It is important to note that what were previously considered recommendations before are now mandated by these providers for better email delivery.
Let's look at each point in brief for a better understanding. We ask that you follow all these guidelines to have better email delivery for your organization and to protect your email-sending practices from potential risks. Your actions will also help us maintain a better email infrastructure that is shared among all Zoho CRM customers.
Email Authentication
Gmail, Yahoo, and Outlook now require authentication of your email-sending domains by one or more authentication methods, depending on how many emails you send per day. If emails are sent from domains that are not authenticated, they may bounce with a 5.7.26 error for Google and 5XX for Yahoo, or be marked as spam. For Outlook, the emails will be bounced with a 550; 5.7.515 Access Denied error.
If emails are bounced by the email service provider, within Zoho CRM, the emails will be marked as temporarily bounced, with the bounce reason "Authentication failure". This would enable users to manually unblock such records, after the admin has included the necessary authentication settings.
Action to be taken by all email senders:
- Authenticate your domain via DKIM
All email senders are required to ensure authentication of their email-sending domains with DKIM records available within Zoho CRM. This is a mandatory step to use your organization's custom domains to send emails. If your domains are not authenticated, all emails sent from Zoho CRM will automatically have their FROM: address replaced by Zoho's own authenticated domains. - Set DMARC policy and alignment for your domain
DMARC (Domain-Based Message Authentication, Reporting, and Conformance) is built as a combination of the DKIM and SPF standards with additional features like reporting, policy definition, and the notion of identity alignment. A DMARC policy helps the email servers and systems used by your recipients decide what actions to take for emails from your domain that don’t pass SPF or DKIM, protecting your domain from bad actors and phishing attempts that try to make use of your domain to send emails.
Since Zoho CRM requires your organization's email-sending domains to be authenticated by adding DKIM records, your domain will meet the expected DMARC standard if your organization is not a bulk sender, once you complete DKIM authentication. No additional steps are required in this case. However, in the interest of protecting your organization from future risks, we recommend that you complete the DMARC steps as recommended for bulk senders, in further sections of this document.
Action to be taken by all bulk email senders:
- Authenticate all email-sending domains with both DKIM and SPF records
For added protection and to comply with requirements set by Google and Yahoo, all bulk senders are expected to authenticate their email-sending domains using both SPF and DKIM records. - Publish a valid DMARC policy
All bulk email senders must set up a DMARC policy. To pass DMARC authentication, your domains must first be authenticated via DKIM and SPF. Your organization will pass this requirement as long as you follow the previous steps mentioned in this document.
When publishing a DMARC policy, all bulk senders are expected to publish a policy with at least 'p=none' so that emails do not land in spam.
There are other types of DMARC policies you can choose to set if you are looking for specific outcomes that come with those types of policies. These types are as follows: - 'p=quarantine' - Your recipient's email systems will mark the incoming message as spam and send it to the recipient's spam folder. The email will still be delivered, but will not be available in the inbox folder of your recipient.
- 'p=reject' - The incoming email will be completely rejected by your recipient's email systems and will not be delivered.
Note: It is important that you ensure you have authenticated all your domains via SPF and DKIM before choosing to implement a quarantine or reject the DMARC policy. This is needed to avoid instances where your own DMARC policy completely stops your organization from sending outgoing emails via certain systems or domains.After configuring DMARC, you have the choice to enable BIMI, which allows you to include your brand logo in emails sent from your domain.
Notes:
- To learn more on how to authenticate your email-sending domains in Zoho CRM, click here.
- For setting up and publishing the DMARC policy, click here.
Avoid using public email addresses from providers like Gmail, Yahoo, or Outlook to send emails via Zoho CRM
This step is needed for all types of email senders, including bulk senders.When sending emails from within CRM, especially when sending any promotional emails, it is essential to send them using 'from addresses' that are connected to your email-sending domain instead of using free email addresses. Using public addresses to send emails from Zoho CRM may result in email delivery issues due to Gmail or Outlook's implementation of a DMARC quarantine enforcement policy. It is important to mention that Yahoo already has a similar policy in place. Zoho CRM currently does not allow the sending of mass emails using Yahoo's From headers via Zoho CRM, and this restriction will soon also be applied to Gmail and Outlook addresses too. The best way to send mass emails through Zoho CRM is by using custom email-sending domains.
One-click unsubscribe
This step is expected from organizations who are bulk senders, but we recommend all senders make use of Zoho CRM's unsubscribe link and email opt-out features to set this up.
It is expected that our customers primarily use Zoho CRM to send transactional emails. That being said, if you are sending any sales emails for promotional activities, it is recommended to allow your recipients to easily unsubscribe from your emails. The unsubscribe option should be clearly visible within the email and should be completed with just one click.
A 'List Unsubscribe' header will automatically be added to all mass emails and any email template that contains an unsubscribe link when the template is sent using any of Zoho CRM's email sending functionalities. This ensures that all promotional emails sent from Zoho CRM accounts comply with RFC standards.
Providing an easy opt-out option will decrease spam complaints against your email-sending domain.
Ensure sending only relevant emails
This step is needed for all types of email senders, including bulk senders.
Email providers require all senders to maintain a spam rate below 0.1%, and to never exceed 0.3% in any circumstance. Exceeding these limits will put your organization at risk of being completely blocked from sending emails.
How your emails are perceived by your recipients is important. This will largely be based on the content that you send. Improperly formatted and composed emails are more likely to be marked as spam by email providers. It is important to avoid using open-ended tags in your emails. Sales teams should be cautious about using malicious or overly short URLs, as this can lead to emails being flagged as spam. Urgent or spam-like language should be avoided in email content, even when aiming for conversions. It is crucial to maintain high standards for email content to improve deliverability rates and refine the mailing list to engage with interested recipients.
Zoho CRM provides your organization with an email credibility dashboard for the administrators to monitor their organization's email performance and periodically keep track of the email bounce and spam complaint rate. Learn more.
Although following all of the above guidelines seems challenging, we are here to help and guide you through the entire process. Please reach us at support@zohocrm.com if you would like to get assistance, or need your questions answered.
Access your files securely from anywhere
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
New to Zoho Writer?
Create. Review. Publish.
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.
New to Zoho Survey?
Zoho Sheet Resources
Zoho Forms Resources
New to Zoho Sign?
Zoho Sign Resources
Sign, Paperless!
New to Zoho TeamInbox?
Zoho TeamInbox Resources
New to Zoho ZeptoMail?
Design. Discuss. Deliver.
New to Zoho Workerly?
New to Zoho Recruit?
New to Zoho CRM?
New to Zoho Projects?
New to Zoho Sprints?
New to Zoho Assist?
New to Bigin?
Related Articles
Your Guide to Zoho CRM Email Tools
Introduction to Email Efficiently nurturing potential customers and building strong relationships is a core function of CRM. While email serves as a primary customer interaction channel, using separate email and CRM systems can lead to challenges in ...Email Authentication
In this digital era email forms a major part of communication in every business or organization. Companies often use different domains to deliver the message to its recipients. In such cases, it's crucial to establish an email policy that can define ...HIPAA Compliance with Zoho CRM
The Health Insurance Portability and Accountability Act (including the Privacy Rule, Security Rule, Breach notification Rule, and Health Information Technology for Economic and Clinical Health Act) ("HIPAA"), requires Covered Entities and Business ...Sending Mass Emails
Building strong connections with customers is crucial in business, and one effective way to achieve this is through skillful email communication. Zoho CRM provides a range of tools for mass email communication that have been designed exclusively for ...Zoho CRM for Google Ads
Google Ads is a powerful online advertising program designed to help you reach new customers and increase sales for your business through ads on Google Search and across Google's network of partner websites. By helping you drive more traffic to your ...
New to Zoho LandingPage?
Zoho LandingPage Resources