Gmail has introduced new measures to reduce unwanted emails for users, effective from February 1, 2024. Currently, you might encounter the “bounce apocalypse” as dormant or inactive Gmail accounts are being removed from their servers. Bounce messages, including phrases like “inactive mailbox” and “disabled mailbox,” will be bounced back to your email marketing system. This presents a valuable opportunity to verify that your data is active, cleaned, and opt-in compliant.
But the big blow will come on 1 February 2024, when Gmail has announced new tightening of the email certifications SPF, DKIM and DMARC to minimize spam mails to their 1.2 billion users (2023).
As an emailer, you must be aware that the requirement, among other things, is that everyone who sends more than 5,000 emails a day to Gmail must have SPF, DKIM and DMARC verified emails.
Here is a brief explanation of what email certifications are:
SPF
SPF prevents spammers from sending unauthorized messages that appear to come from your domain. Configure SPF by publishing an SPF record on your domain. The SPF record for your domain must reference all email senders for your domain. If third-party senders are not included in your SPF registration, messages from these senders are more likely to be marked as spam. Learn more about how to define your SPF record and add it to your domain.
DKIM
Enable DKIM for the domain that sends your mail. Recipient servers use DKIM to verify that the domain owner sent the message. Learn more about how to enable DKIM for your domain.
Important! Sending to personal Gmail accounts requires a DKIM key of 1024 bits or greater. For security reasons, we recommend that you use a 2048-bit key if your domain provider supports this. Learn more about DKIM key length.
DMARC
DMARC allows you to tell recipients what to do with messages from your domain that do not transmit SPF or DKIM. Set up DMARC by publishing a DMARC record for your domain. Messages must be authenticated by SPF and/or DKIM to pass DMARC authentication. The authentication domain must be the same domain that appears in the From: header of the message. Learn more about how to add a DMARC record to your domain.
We recommend that you set up DMARC reporting so that you can monitor mail that is sent from your domain or that appears to be sent from your domain. DMARC reports help you identify senders who may be impersonating your domain. Learn more about DMARC reporting.
When you configure DMARC, you can optionally configure BIMI to add your brand logo to messages sent from your domain. Learn more about how to add your brand logo with BIMI.
Comprehensive Guide to Installing DKIM, SPF, and DMARC Records
Setting up your email authentication correctly is crucial for ensuring your messages reach their intended recipients and don’t get caught in spam filters. Here’s a breakdown of the resources available to help you install DKIM, SPF, and DMARC records:
- DKIM (DomainKeys Identified Mail)
- Online Tutorials: Websites like DigitalOcean and Cloudflare provide step-by-step guides for configuring DKIM on various email servers.
- Video Walkthroughs: YouTube hosts several tutorial videos by tech experts demonstrating DKIM configuration across multiple platforms.
- Official Documentation: Check your email provider’s official support pages for specific instructions tailored to their services.
- SPF (Sender Policy Framework)
- Guides and Articles: Resources like MXToolbox and dmarcian offer comprehensive articles and tools to generate your SPF records.
- Community Forums: Websites like Stack Overflow and Reddit’s r/sysadmin are excellent for troubleshooting and tips from experienced users.
- Email Service Providers: Many email service providers have their own detailed setup guides for SPF records in their help sections.
- DMARC (Domain-based Message Authentication, Reporting & Conformance)
- Interactive Tools: Services like DMARC Analyzer and EasyDMARC provide both educational materials and validation tools to ensure correct DMARC implementation.
- E-Learning Courses: Platforms such as Udemy and Coursera offer courses that cover not just DMARC, but the entire suite of email authentication protocols.
- Technical Blogs: Many cybersecurity blogs provide in-depth analysis and guides on setting up DMARC for different server environments.
Practical Steps
- Start with DKIM: Verify your email domain and generate the necessary private and public keys.
- Move to SPF: Determine the IP addresses that are authorized to send emails on behalf of your domain.
- Finalize with DMARC: Define your DMARC policy, and ensure it aligns with your DKIM and SPF settings for optimal email security.
By leveraging these resources, you can effectively set up DKIM, SPF, and DMARC records to enhance your email security and deliverability. Each step is essential, making sure to follow the resources that best fit your email server’s configuration.
Here are the requirements for 5000+ sends daily from the Gmail Postmaster support page:
- Configure SPF and DKIM mail authentication for your domain.
- Ensure that sender domains or IP addresses have valid forward and reverse DNS records. These are also called PTR records. Get more information.
- Keep spam rates reported in Postmaster Tools below 0.3%. Get more information.
- Format messages according to the Internet Message Format standard (RFC 5322).
- Don’t mimic Gmail’s From:-headers. Gmail will begin using the quarantine enforcement policy for DMARC, and impersonating Gmail’s From:-headers may affect the delivery of your mail.
- If you regularly forward emails, e.g. using mailing lists or inbound gateways, add ARC headers to outbound mails. ARC headers indicate that the message has been forwarded and identify you as the person who forwarded it. Mailing list senders should also add the List-ID header, which identifies the mailing list, to outgoing messages.
- Configure DMARC mail authentication for your sender domain. Your DMARC enforcement policy can be set to none. Get more information.
- In the case of direct mail, the domain in the sender’s From: header must be aligned with either the SPF domain or the DKIM domain. This is required to be approved after a DMARC adjustment.
- Marketing and opt-in communications must support one-click opt-out and include a clearly visible unsubscribe link in the message text. Get more information.
If you send more than 5,000 emails per day before February 1, 2024, you must follow the guidelines in this article as soon as possible. You may be able to improve your mail delivery if you meet the requirements to send before the deadline. If you do not meet the requirements described in this article, your mail may not be delivered as expected or may be marked as spam. You can get help with mail delivery problems by going to Troubleshooting.
For more information on configuring SPF, DKIM, and DMARC, go to Avoid spam, spoofing, and phishing with Gmail authentication.
Yes, it’s boring and nerdy text, but it will be necessary to double check that your sending domains are set up correctly in DNS before the deadline.
Yahoo Mail has similar plans in the works.
Microsoft free mail universe, with Hotmail, Outlook etc., have not announced any measures regarding certification yet.
If you have a system with a portal that forwards e-mails, e.g. a mail form that maintains the user’s own email and sending domain, it will cause delivery problems, so remember that you can send “on behalf of” with your own domain if it has a correct DNS configuration. We now have a new product where you can test your email for more information. Read more on
Try our brand new email tester to get your score
Get a service check of your email now at test.smtp.ai