Changes to Google February 2024
In Feb 2024 Google and some other email platforms are going to implement some new requirements for senders sending over 5,000 emails in a single day to Google recipients.
https://blog.google/products/gmail/gmail-security-authentication-spam-protection/
Enforcement begins in February 2024 and will target anyone sending to @gmail.com and @googlemail.com addresses, regardless of their email service provider. For example, if you work in recruitment and predominantly send emails to private Gmail accounts, it’s crucial to adhere to these guidelines.
Users affected-
-Those sending under 5 000 emails daily from the sending domain
-Those sending 5 000 or more emails daily from the sending domain (Gmail describes this group as bulk senders)
What are the rules?
Requirements for all senders:
1. Set up SPF or DKIM email authentication for each of your sending domains at your provider.
As obvious as it can be for some senders, that step is still not met by everyone.
- SPF (Sender Policy Framework) is a security mechanism created to prevent spammers from sending emails on your behalf. It defines which IP addresses (including services you’re using, for example, mailgun.com), can be used to send emails from your domain. If you don’t set it up, others could impersonate you and send messages from your domain, potentially damaging your reputation.
- DKIM (DomainKeys Identified Mail) is a security standard that detects email spoofing by applying a digital signature to your emails. Think of it as a seal on your emails. If this seal is tampered with, it signals that your emails were altered in transit between sending and receiving email servers.
For the video below, users sending under 5,000 emails per day will only need to setup SPF and DKIM.
https://www.youtube.com/watch?v=fsZaEce18FE
2. Use a TLS (Transport Layer Security) connection for transmitting email.
TLS prevents unauthorized access to your email when it’s in transit over internet connections. Major providers like Gmail use TLS already but if you are using a custom SMTP you may want to check if they provide this protocol, as your email connection is safe only when both – the sender and the recipient use TLS.
https://support.google.com/a/answer/2520500
3. Keep spam rates below 0.3% by monitoring them in Postmaster Tools.
That’s the most difficult metric to keep. For instance, if you send 1 000 emails per day only 3 of them can be reported as spam. Ideally, the recommended spam rate is below 0.1%, to ensure your messages are delivered to the main inboxes. The Postmaster Tools shows you the spam rate which is calculated daily.
For those sending 5 000 or more messages daily, there are additional requirements:
4. Set up DMARC for your domain.
DMARC helps you set rules about what should happen with emails that fail SPF or DKIM verification. It also provides reports indicating which IP addresses are sending emails on your behalf, whether SPF or DKIM passed, and the total number of emails sent. Initially, when starting with DMARC, you can set your enforcement policy to ‘none’. (DMARC steps linked above in the video going over SPF and DKIM)
What are the consequences of breaking the rules?
Gmail has long prioritized user safety. Their AI defenses stop over 99.9% of spam, phishing, and malware, blocking close to 15 billion unwanted emails daily, as reported by Google. To the new rules, Gmail also reveals the consequences:
Might we get our businesses into trouble for not adhering to the rules? Let’s see:
If you do not meet the minimum authentication requirements (that is SPF and DKIM) your emails will most likely be marked as spam, blocked by Gmail, or rejected with a 550 5.7.26 error.
If emails from your domain are frequently marked as spam, every other email you send is more likely to face the same fate. Ongoing spam reports lower your domain’s reputation, negatively impact your inbox delivery, and prevent you from raising delivery issues to Gmail in the future.
For Outlook users
These new changes google is making will also affect Outlook users, anyone sending to google recipients is affected, below is a link for how to get SPF DKIM and DMARC setup for Outlook users.