Chapter 5

The changing mailbox provider landscape

Savvy senders know they can’t take a one-size-fits-all approach to pleasing mailbox providers.

Each MBP has its own unique quirks and challenges, and getting into the inbox means understanding each one.

Which major mailbox provider presents your biggest deliverability challenge?

Respondents overwhelmingly stated that Microsoft was the most difficult mailbox provider for deliverability. This is unsurprising: Microsoft is often considered one of the toughest mailboxes for deliverability because of its strict filtering algorithms and high standards for sender reputation and user engagement.

As Microsoft explained in their State of Email Live webinar appearance, mailboxes like Outlook and Office 365 use advanced AI-driven filters that prioritize engaged subscribers and closely monitor sender reputation. Additionally, frequent updates to their filtering systems and requirements (like those covered in the next section) make inbox placement unpredictable.

For more information about specific MBP guidelines, check out each provider’s appearance on Validity’s State of Email Live webinar series:

"
70% of global email volume is sent during the first 10 minutes of each hour. This places stress on delivery infrastructure, meaning throttling, filtering, and blocking. Offsetting send times (i.e., sending at 9:17 AM instead of 9 AM) can boost deliverability and engagement.

Did you have enough time to prepare for the new Gmail/Yahoo requirements?

As mentioned earlier, Google and Yahoo dominated headlines in early 2024 by implementing stricter deliverability standards for bulk senders. These included mandatory email authentication and maximum thresholds for spam complaints. (Read more about these requirements here.)

While 38 percent of respondents said they had enough time to prepare for the new requirements, some are still adjusting to the policies.

To adhere to the new policies, senders were required to:

Publish a DMARC record
Ensure alignment with their SPF/DKIM domains
Implement a DMARC reporting solution (recommended)

What DMARC policy are you currently using for your email program?

Spotlight on DMARC

For many senders, the most significant change (and the biggest knowledge gap) centered around Gmail and Yahoo’s new DMARC requirements.

Do you understand how DMARC protects your brand from bad actors?

As we approach the one-year anniversary of the new requirements, senders should adopt a more proactive approach, looking for ways to future-proof their programs against the next big change. For example, instead of simply adhering to Gmail and Yahoo’s spam complaint threshold of .03 percent, senders should keep ahead of the curve by maintaining complaint rates closer to .01 percent.

In the same vein, rather than following Gmail and Yahoo’s current opt-in requirements to the letter, senders should go a step further and implement a more aggressive (and more widely recommended) double-opt-in approach. For more tips to future-proof your email program, watch Validity’s on-demand speaking session at GURU Conference 2024.

DMARC (Domain-based Message Authentication, Reporting and Conformance) protects brands by verifying that emails sent from their domains are legitimate. When an email fails these checks, DMARC can instruct the recipient's email server to reject or flag it as suspicious.

Despite DMARC’s importance, 57 percent of respondents admitted to only partially understanding the DMARC protocol. (Of course, this is an improvement on the 12 percent that had no understanding of DMARC.)

Furthermore, less than a quarter of respondents have implemented DMARC at its full strength using a p=reject policy. While Gmail and Yahoo aren’t currently mandating it, moving to a p=reject policy is the most effective way to prevent unauthorized or fraudulent use of your domain.

Malicious actors now view the p=none policy as a sign of weakness because it signals that senders aren't monitoring suspicious traffic or directing mailbox providers on how to handle it. This in mind, it's highly likely that the next iteration of bulk sender requirements will make p=quarantine/reject mandatory.

What capabilities did you use to implement DMARC?

We managed it internally
We used an external vendor
We used free external tools
We haven’t implemented DMARC yet