Understanding the 2024 Email Security Mandates


2024 email mandates.png

What you need to know 

There are new email security mandates set by Google and others that have gone into effect as of February 2024. 

Three new requirements

Google has mandated bulk senders to authenticate their emails, facilitate straightforward unsubscription options, and maintain compliance with a designated spam complaint threshold. Here’s what that means: 

Email Authentication

Google has made it mandatory for high-volume email senders to authenticate their emails securely, without expecting users to understand the technical details. This enhances email security and close vulnerabilities exploited by attackers.

Easy Unsubscription

Large email senders must provide a one-click option for Gmail users to unsubscribe from commercial emails, ensuring prompt processing within two days. These requirements are based on open standards, making it easier for everyone to manage their email preferences.

It’s important to note that beehiiv does automatically inject a list-unsubscribe header into all published posts when they are scheduled through the post editor. This header will not be present in test emails however, only on published posts.

Additionally, certain mail providers like Google and Yahoo choose if they want to show the actual unsubscribe button in the header for your readers to unsubscribe. This is done on a domain-sending reputation and reader-engagement basis, so the unsubscribe button may appear for some readers and not for others.

Reducing Spam

Google has set a clear spam rate threshold that senders must adhere to, ensuring Gmail users receive fewer unwanted messages. This measure aims to keep inboxes cleaner and free from spam.


Who the new changes affect 

  • All beehiiv accounts using a custom domain
  • High-volume / bulk senders 
    • Specifically, senders who send 5,000+ messages to Gmail addresses daily (be it 200 messages to 25 Gmail users or 1 message to 5000 Gmail users) 

What this boils down to

  • Custom domains will require DMARC authentication
  • One-click unsubscribe and processing within two days will be mandatory (beehiiv already handles this for all senders)
  • A spam rate threshold of 0.1% will be enforced (caused by recipients marking your email as spam)

What this means for those already using a custom domain 

All beehiiv accounts who are using a custom domain must also set up DMARC authentication as an added layer of security in order to be compliant with the new 2024 mandates. (Custom domains are only available on our paid plans.) 

What this means for those not using a custom domain

If your account regularly sends to a high-volume of subscribers and you are not already using a custom domain, then we recommend you start using one, as well as add DMARC to your account in order to be compliant with the new 2024 mandates.

Why this matters

  • Prevents security exploits
  • Ensures user-friendly experiences
  • Keeps beehiiv compliant with industry standards

Additional Resources

  • Refer to this article for instructions on adding a custom domain to your account
  • Refer to this article for instructions on adding DMARC to your account
  • Read our insightful blog article on the 2024 Email Security Mandates

Was this article helpful?