In October 2023, Gmail released a product update promising “a safer, less spammy inbox.” In it, Google admitted that, despite its spam filters, unwanted emails were still reaching users’ inboxes. To combat this, Google and Yahoo announced new standards for email senders that would be effective February 2024.

These new standards mean that all banks that send bulk marketing emails (classed as at least 5,000 emails in a 24‑hour period) need to comply with the requirements set forth by Google and Yahoo. 

Des Moines, Iowa-based Mills Marketing tracks email benchmarks for community banks and finds that 75% of community bank customers use either Google or Yahoo for email. 

Crystal Steinbach
Crystal Steinbach

“Given this high percentage, it is crucial for community banks to comply with the new email sending policies implemented by Google and Yahoo,” says Crystal Steinbach, digital marketing director at Mills Marketing. 

The new requirements focus on sender verification and authentication. Before the change, DomainKeys Identified Mail (DKIM) alone was considered a best practice for domain authentication and was what most community banks were using, Steinbach says. Now, bulk email senders must authenticate their email service provider (ESP) using both DKIM and domain-based message authentication, reporting and conformance (DMARC) authentication. 

Google also recommends updating your sender policy framework (SPF) record. The record should include all email senders for your domain and prevents senders from sending unauthorized messages that appear to be from the domain. This is particularly critical for banks, whose customers are at risk for financial crimes if they open an email believing it to be a legitimate message from their bank.

The additional verification assures Google and Yahoo that senders are legitimate and is designed to reduce spam and phishing efforts. Both companies will enforce a maximum spam complaint rate of 0.3%.

From a community bank’s perspective, following the requirements increases the likelihood that emails will land in their customers’ inboxes. As spam decreases and users receive fewer unwanted emails, the emails that make it to their inboxes will stand out. 

“It is actually an opportunity to build even more trust with customers by taking a transparent, proactive approach to communications,” says Alana Levine, chief revenue officer and cofounder of Vancouver, British Columbia-based Fintel Connect, a partner marketing solution for fintechs and banks. “The clearer a bank can be about ensuring they are on the safe sender list, the better.”

Also required: easy unsubscribes

Another change took effect on June 1 of this year. In 2003, the CAN-SPAM Act required bulk email senders to have an easy opt-out option within emails. Requests to opt out had to be honored within 10 business days. Some companies, following the letter of the law but not the spirit, hid opt-out links in email footers or made unsubscribing a multi-step process. 

Now, bulk senders must implement one-click unsubscribe in marketing emails. Yahoo also requires one-click unsubscribe requests to be honored within two business days. Google requires the unsubscribe link to be clearly visible in the message body. 

“Don’t bury the unsubscribe link,” warns Steinbach. “If users wish to unsubscribe, let them.”

Failure to comply risks emails getting flagged as spam

If community banks don’t update their email settings to meet Google and Yahoo's new standards, they risk being blocked from their customers’ inboxes. Some ESPs may not detect that emails are being blocked, but a drop in open rates would indicate deliverability issues.

A few community banks contacted Mills Marketing when they discovered a drop in email rates. Steinbach says the agency investigated and found that emails from senders with outdated authentication methods were more likely to be filtered into spam folders. 

She recommends that community banks monitor email deliverability and performance with metrics like domain reputation, spam complaint rates, inbox placement rates, open rates and click-through rates. 

If emails are classified as spam by Google and Yahoo, it hurts the sender’s overall domain reputation. Once that happens, it’s challenging to repair. Any senders that repeatedly violate the requirements could end up being blacklisted, making it extremely difficult to land in users’ email inboxes. 

“Also, failure to comply with email authentication standards can sometimes overlap with regulatory compliance issues,” Steinbach points out, noting this can lead to potential legal ramifications and fines. 

Levine suggests that community banks test their email settings across both marketing sends and the parent domain to ensure everything works as it should. Community banks should also regularly clean their email lists to remove inactive or invalid email addresses. By doing this, they can maintain a good sender reputation and improve their deliverability rates. 

With all these changes, community banks may be left wondering if their customers will even see their emails. Levine notes that following best practices will keep bank emails in their customers’ inboxes. 

“Having a platform that can easily manage different types of subscription preferences is key,” she says. “This can ensure the mission-critical communications are not impacted if a customer unsubscribes from marketing promotional materials.”