There are three requirements. The first requirement - DKIM - is already a de facto must-have when sending emails to avoid getting marked as spam. The second is also a legal requirement in the US for all commercial email under the CAN-SPAM act[0]. And the third is more or less how email delivery has worked for the last 20 years or so anyway.
[0] The "one click" and "within two days" parts are a little stricter than the bare minimum CAN-SPAM requirements, but not much, and they are not difficult for any legitimate sender to implement.
The one-click part I believe is referring to the unsubscribe smtp header.
CAN-SPAM is ignored for the most part anyway, e.g. LinkedIn requires recipients to authenticate in order to unsubscribe and openly violates the letter and spirit of the law to the point scripts are required: https://github.com/chengyin/linkedin-unsubscribed
> CAN-SPAM is ignored for the most part anyway, e.g. LinkedIn requires recipients to authenticate in order to unsubscribe and openly violates the letter and intent of the law to the point scripts are required:
There are several known-bad actors. LinkedIn isn't even the worst offender - Amazon is much more brazen, though they get less flak for it because the number of violating non-transactional emails they send is lower.
Regardless, I stand by my point that this isn't a big shift. Google stating publicly that they will penalize people who are violating an law that turns 20 years old this year, and which has generally been implemented by almost all legitimate bulk email providers[0], is not something I'm particularly surprised about or worried by.
Again, the first and third bullet points in this press release are already de facto policy at Gmail, and have been for over a decade. The news is that Google is stating this publicly, not that they're doing something new.
[0] The notable exceptions notwithstanding, it's quite rare to find a bulk email sender who violates this, because very few legitimate mail providers will allow it, and it's pretty difficult to set up your own mail server with decent inbox delivery rates.
Unsubscription requirements are a pain in the ass in the sense that anyone that steals a large list of emails (from any service, not yours in this particular case) could now run it against your service and unsubscribe a million users before you realize what's going on via a botnet.
There are three requirements. The first requirement - DKIM - is already a de facto must-have when sending emails to avoid getting marked as spam. The second is also a legal requirement in the US for all commercial email under the CAN-SPAM act[0]. And the third is more or less how email delivery has worked for the last 20 years or so anyway.
[0] The "one click" and "within two days" parts are a little stricter than the bare minimum CAN-SPAM requirements, but not much, and they are not difficult for any legitimate sender to implement.