UPDATE: New Google email sender guidelines: What you need to do

Google has published new guidelines for email senders that will take effect in February 2024. In this blog article, we give you an overview of the changes and show you what you need to do now.

Google had already announced the changes in October 2023 and explained that the focus would be on the validation of emails. The aim is to ensure even more reliably that the senders of emails are who they claim to be. In addition to Google, Yahoo is also introducing new guidelines.

What does the new guideline specify?

In addition to the existing guidelines, all senders who send emails to Gmail accounts must comply with the following from February 2024:

• Senders must set up appropriate SPF or DKIM records for their domain.
• Senders must ensure that sender domains or IP addresses have valid forward and reverse DNS records (PTR records).
• Senders must use a TLS connection.

In addition, the spam rates reported in Postmaster Tools should always be below 0.10 % and never above 0.30 %. Google also emphasises the importance of RFC 5322 and points out that sender information in Gmail email headers must not be changed. As the quarantine policy will be applied in Gmail in future as part of the DMARC checks, this could otherwise have a negative impact on the delivery of emails.

Google recommends that senders who frequently forward emails (via mailing lists or gateways) add ARC headers to outbound emails.

Special requirements for bulk senders

In addition to the requirements mentioned above, Google has additional requirements for senders who send more than 5000 emails per day to Gmail accounts.

• Bulk senders must set up corresponding SPF and DKIM entries for the sending domain.
• Bulk senders must set up email authentication via DMARC for their sending domain. The DMARC policy can be set to none.
• It must be possible to unsubscribe from marketing emails and subscribed messages via an unsubscribe link (“One Click Unsubscribe”) and list-unsubscribe. The cancellation must also be processed within two days.

What you need to do

On-premises customers of NoSpamProxy should verify that they have taken all necessary measures, especially with regard to email authentication using SPF, DKIM and DMARC as well as PTR entries.

Cloud customers of NoSpamProxy should make sure that the DKIM and SPF entries offered by us have been adopted and that a corresponding DMARC entry is available.

Our recommendation for the authentication of emails

In the new guidelines, Google requires SPF and DKIM entries to be set up and ARC headers to be added to outbound emails. Bulk senders are also recommended to set up authentication via DMARC.

We recommend that all NoSpamProxy customers always use all available options for email authentication and for validating the sender’s reputation.

Further information

In our series of articles on sender reputation and email security, you will find further information on the topics of Authenticated Received Chain (ARC), Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), Domain-based Message Authentication, Reporting and Conformance (DMARC) and DNS-based Authentication of Named Entities (DANE):

• Sender reputation and email security – Part 1: Authenticated Received Chain (ARC)
• Sender Reputation and Email Security – Part 2: Sender Policy Framework (SPF)
• Sender Reputation and Email Security – Part 3: DomainKeys Identified Mail (DKIM)
• Sender Reputation and Email Security – Part 4: Domain-based Message Authentication, Reporting and Conformance (DMARC)
• Sender Reputation and Email Security – Part 5: DNS-based Authentication of Named Entities (DANE)