How will Gmail enforce new email authentication requirements and what should senders do?

Summary

Gmail began enforcing new email authentication requirements in February 2024 with a gradual rollout. To comply, senders must authenticate their emails using SPF, DKIM, and DMARC. Maintaining a spam complaint rate below 0.3% is crucial, as exceeding this threshold indicates underlying issues. A one-click unsubscribe option is also essential. Google may not outright block senders exceeding the spam rate but could direct messages to spam. Senders should also ensure rDNS/PTR records point to their sending domain, clean their email lists, and publish a DMARC record at `_dmarc.yourdomain.com`. Google will provide a compliance dashboard in Postmaster Tools. If sending from multiple domains, each must be authenticated individually. The rollout is data-driven and based on feedback from large senders.

Key findings

  • Authentication: SPF, DKIM, and DMARC authentication are mandatory.
  • Spam Rate: Maintain a spam complaint rate below 0.3%.
  • Unsubscribe: Implement a one-click unsubscribe option.
  • Multiple Domains: Authenticate each domain individually if sending from multiple domains.
  • Gradual Rollout: Enforcement began in February 2024 with a gradual rollout.

Key considerations

  • Stay Updated: Keep up-to-date with Gmail's evolving requirements.
  • List Hygiene: Regularly clean email lists to remove inactive addresses.
  • rDNS/PTR Records: Ensure rDNS/PTR records point to the sending domain.
  • DMARC Record: Publish a DMARC record at `_dmarc.yourdomain.com`.
  • Monitor Performance: Continuously monitor sender reputation and deliverability metrics.

What email marketers say
8Marketer opinions

Gmail's enforcement of new email authentication requirements necessitates senders to implement several key practices. These include authenticating emails using SPF, DKIM, and DMARC, maintaining spam rates below 0.3%, providing easy unsubscribe options (preferably one-click), and ensuring a good sender reputation. If sending from multiple domains, each must be authenticated individually. Additionally, rDNS/PTR records should point to the sending domain, email lists should be cleaned to remove inactive addresses, and a DMARC record must be correctly published. Google will likely not outright block senders exceeding the spam rate threshold but may direct messages to spam folders. A compliance dashboard in Postmaster Tools is expected to be available in early 2024.

Key opinions

  • Authentication: SPF, DKIM, and DMARC are crucial for email authentication.
  • Spam Rate: Maintain spam rates below 0.3% to avoid deliverability issues.
  • Unsubscribe: Provide easy unsubscribe options (preferably one-click).
  • Sender Reputation: A good sender reputation is essential for deliverability.
  • Compliance Dashboard: Google will provide a compliance dashboard in Postmaster Tools.

Key considerations

  • Multiple Domains: If sending from multiple domains, each must be authenticated separately.
  • rDNS/PTR Records: rDNS/PTR records should point to the sending domain.
  • List Cleaning: Regularly clean email lists to remove inactive addresses.
  • DMARC Record: A DMARC record must be correctly published to enforce email authentication policies.
Marketer view

Email marketer from Reddit explains that if you are sending from multiple domains, it is important to authenticate all of them individually.

October 2023 - Reddit
Marketer view

Email marketer from MailerLite shares that senders should authenticate emails using SPF, DKIM, and DMARC, keep spam rates below 0.3%, and provide easy unsubscribe options to comply with Gmail's requirements.

July 2022 - MailerLite
Marketer view

Email marketer from Gmass recommends senders clean their email list and remove inactive emails to improve deliverability.

August 2023 - Gmass
Marketer view

Email marketer from SparkPost explains that senders need to make sure the rDNS/PTR record for the IP address is set to point to sending domain.

February 2022 - SparkPost
Marketer view

Email marketer from Sendinblue emphasizes the importance of setting up SPF, DKIM, and DMARC records. It also highlights the need for a one-click unsubscribe option to allow users to easily opt-out.

July 2024 - Sendinblue
Marketer view

Email marketer from EmailToolTester explains that Gmail's enforcement means marketers need to focus on email deliverability by properly authenticating their emails and maintaining a good sender reputation, otherwise, emails may end up in spam folders.

August 2022 - EmailToolTester
Marketer view

Marketer from Email Geeks shares that Google updated its spam language, suggesting they won't outright block senders exceeding 0.3% spam rate. They also mentions the addition of a compliance status dashboard in Postmaster Tools in early 2024.

July 2021 - Email Geeks
Marketer view

Email marketer from Stack Overflow explains that a DMARC record needs to be published at `_dmarc.yourdomain.com` to enforce policies on unauthenticated mail.

February 2024 - Stack Overflow

What the experts say
5Expert opinions

Experts agree that Gmail's enforcement of new email authentication requirements necessitates adherence to best practices, with SPF, DKIM, and DMARC being crucial for authentication. Maintaining a spam complaint rate near 0.3% or lower is considered essential, indicating underlying issues if exceeded. Gmail's rollout is gradual and informed by feedback and data analysis, with a focus on senders authenticating their email. Providing one-click unsubscribe options is also recommended for compliance and improved user experience.

Key opinions

  • Authentication is Key: SPF, DKIM, and DMARC authentication are essential for compliance.
  • Spam Complaint Rate Matters: A high spam complaint rate (near 0.3%) signifies existing deliverability problems.
  • Gradual Rollout: Gmail's enforcement rollout is gradual and data-driven.
  • One-Click Unsubscribe: Implementing one-click unsubscribe is highly recommended.

Key considerations

  • Stay the Course: Continue focusing on email authentication best practices.
  • Monitor Performance: Closely monitor spam complaint rates and sender reputation.
  • Address Underlying Issues: If spam complaint rates are high, identify and resolve the root causes.
  • Adapt to Changes: Stay informed about Gmail's evolving requirements and adapt accordingly.
Expert view

Expert from Word to the Wise explains that Gmail's enforcement requires senders to authenticate with SPF, DKIM, and DMARC. She also mentions that maintaining a low spam complaint rate is critical to avoid deliverability issues.

June 2023 - Word to the Wise
Expert view

Expert from Email Geeks advises to stay the course with email authentication, even with Gmail's gradual rollout, to avoid potential issues.

June 2022 - Email Geeks
Expert view

Expert from Email Geeks explains that Gmail's enforcement rollout is slow and based on feedback from large senders. She states they are testing and using data to inform their decisions, including assessing how much legitimate email lacks authentication.

December 2021 - Email Geeks
Expert view

Expert from Spam Resource explains that the sender must set up SPF, DKIM, and DMARC, the most important for authentication. Also, they should enable the list-unsubscribe header with one-click unsubscribe enabled.

July 2023 - Spam Resource
Expert view

Expert from Email Geeks explains that a spam complaint rate near 0.3% indicates significant existing problems.

June 2023 - Email Geeks

What the documentation says
3Technical articles

Google's documentation states that Gmail began enforcing new email authentication requirements in February 2024 through a gradual rollout. Senders who don't meet the requirements may experience messages being directed to spam or rejected. Email authentication, specifically using SPF or DKIM, is crucial to allow Gmail to verify the sender's identity. SPF, as defined by the RFC Editor, helps prevent forging of sender addresses.

Key findings

  • Enforcement Start: Enforcement began in February 2024.
  • Gradual Rollout: Gmail is implementing the requirements gradually.
  • Impact of Non-Compliance: Non-compliant messages may be sent to spam or rejected.
  • Authentication is Essential: Senders must authenticate their emails using SPF or DKIM.
  • SPF Definition: SPF helps prevent forging of sender addresses.

Key considerations

  • Authentication Method: Implement either SPF or DKIM for email authentication (ideally both).
  • Compliance Timeline: Understand the timeline for the gradual rollout.
  • Potential Impact: Be prepared for potential deliverability issues if authentication is not properly configured.
Technical article

Documentation from Google Support details that senders must authenticate their email using SPF or DKIM. This ensures Gmail can verify the sender's identity.

August 2022 - Google Support
Technical article

Documentation from Google Workspace Updates explains that enforcement began in February 2024, with gradual rollout impacting senders who don't meet requirements. Some messages might go to spam, or be rejected.

May 2022 - Google Workspace Updates
Technical article

Documentation from RFC Editor specifies that SPF (Sender Policy Framework) is an email authentication method designed to detect forging sender addresses during the delivery of email.

August 2023 - RFC Editor