Google unveils stricter anti-spam rules for bulk email senders

To keep Gmail users’ inboxes “safer and more spam-free”, Google is introducing new requirements for bulk senders (of commercial email).

“Last year we started requiring that emails sent to a Gmail address must have some form of authentication. And we’ve seen the number of unauthenticated messages Gmail users receive plummet by 75%, which has helped declutter inboxes while blocking billions of malicious messages with higher precision,” said Neil Kumaran, group product manager, Gmail Security & Trust.

“That’s great progress, but there’s much more we need to do — starting with new requirements for large senders.”

Gmail requirements for bulk senders

Bulk senders are email services or software used by online businesses that send over 5,000 messages to Gmail accounts in one day.

Starting February 2024, bulk senders will have to:

• Set up SPF (protection against domain spoofing), DKIM (digital signature to prevent sender impersonation) and DMARC (protection against forged email messages) authentication for their sending domain
• Make sure their sending domains/IPs have valid forward and reverse DNS records
• Add ARC headers – which indicate the message was forwarded – to outgoing email if they regularly forward email
• Use the Internet Message Format standard
• Make it easier for users to unsubscribe from commercial emails, with just one click of the mouse

They will also have to avoid impersonating Gmail From: headers and keep spam rates (reported in Postmaster Tools) below 0.3%.

“Moving forward, we’ll enforce a clear spam rate threshold that senders must stay under to ensure Gmail recipients aren’t bombarded with unwanted messages. This is an industry first, and as a result, you should see even less spam in your inbox,” Kumaran added.

Other practices that may “trip up” commercial emails

In its email sender guidelines Google has pointed out other steps bulk senders can take to make sure their commercial messages don’t end up in the spam folder or blocked by Gmail.

Some are (or should be) obvious, such as “don’t impersonate other domains or senders without permission”, “don’t send messages to people who didn’t sign up to get messages from you”, and “don’t purchase email addresses from other companies”.

Other are less intuitive.

“Don’t mix different types of content in the same message. For example, don’t include promotions in sales receipt messages,” Google says. And “don’t mark internal messages as spam”.