Connect with us

Hi, what are you looking for?


Email Security

Google, Yahoo Boosting Email Spam Protections

Google and Yahoo are introducing new requirements for bulk senders, to improve phishing and spam protections.

Google and Yahoo on Tuesday announced a series of new requirements meant to improve email phishing and spam protections for their users.

Starting with the first quarter of next year, both email service providers will require that bulk senders first authenticate their emails using industry best practices, which should improve users’ trust in the source of messages.

The new requirement is intended to prevent incidents where attackers take advantage of bulk senders’ improperly secured or configured systems.

“To help fix that, we’ve focused on a crucial aspect of email security: the validation that a sender is who they claim to be. As basic as it sounds, it’s still sometimes impossible to verify who an email is from given the web of antiquated and inconsistent systems on the internet,” Google explains.

“Sending properly authenticated messages helps us to better identify and block billions of malicious messages and declutter our users’ inboxes,” Yahoo notes.

Next year, both email service providers will also require that bulk senders provide users with the option to easily unsubscribe from commercial emails, with a single click, and that the senders honor the request within two days.

Furthermore, both Google and Yahoo will enforce a clear spam rate threshold for large senders, thus ensuring that users receive less unwanted emails in their inboxes.

“Yahoo looks forward to working with Google and the rest of the email community to make these common sense, high-impact changes the new industry standard,” Yahoo senior director Marcel Becker said.

Advertisement. Scroll to continue reading.

According to Google, while numerous senders already meet these requirements, the upcoming changes should be considered basic email hygiene by all senders. Large senders are encouraged to consult Google’s guidance before the new policies are enforced (starting February 2024).

Both Google and Yahoo encourage the email community to adhere to these practices to improve user protection and security.

“Keeping email more secure, user friendly and spam-free requires constant collaboration and vigilance from the entire email community. And we’ll keep working together to make sure your inbox stays safe,” Gmail product manager Neil Kumaran said.

Related: Google Now Lets US Users Search Dark Web for Their Gmail ID

Related: Google Workspace Client-Side Encryption Now Generally Available in Gmail, Calendar

Related: Email – The System Running Since 71’

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to and Exchange Online.


Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.


Enterprise users have been warned that cybercriminals may be trying to phish their credentials by luring them with fake emails that appear to be...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...