Google fundamentally changed its approach to bulk email in late 2023, announcing requirements that became the new industry standard. If you send email at scale, meeting these requirements is not optional. This guide covers everything you need to know about Gmail's current sender requirements.
Who Is a Bulk Sender?
Gmail defines bulk senders as anyone who sends approximately 5,000 or more messages to personal Gmail accounts (@gmail.com, @googlemail.com) within a 24-hour period.
Bulk Sender Status Is Permanent
Once you reach the 5,000 message threshold, Google permanently categorizes you as a bulk sender. You cannot lose this status by reducing volume. The requirements apply indefinitely.
Authentication Requirements
SPF (Required)
Publish an SPF record that authorizes all servers sending email as your domain. The Return-Path domain must pass SPF validation.
DKIM (Required)
Sign all outgoing messages with DKIM using at least a 1024-bit key (2048-bit recommended). The DKIM signature must validate successfully.
DMARC (Required)
Publish a DMARC record for your domain. The minimum acceptable policy is p=none. Either SPF or DKIM must pass with alignment to the From header domain.
Alignment Requirement
DMARC alignment is mandatory. The domain in your visible From header must align with either your SPF domain (Return-Path) or your DKIM signing domain.
Spam Rate Requirements
Gmail monitors spam complaint rates through Google Postmaster Tools:
| Spam Rate | Status | Impact |
|---|---|---|
| Below 0.1% | Recommended | Good deliverability |
| 0.1% - 0.3% | Warning zone | Increased filtering possible |
| Above 0.3% | Non-compliant | Enforcement actions, rejection |
The 0.3% threshold is not a target. Stay below 0.1% for reliable inbox placement. Exceeding 0.3% triggers enforcement actions that affect all your email, not just marketing messages.
One-Click Unsubscribe
Marketing and promotional emails must support one-click unsubscribe per RFC 8058. Requirements:
- Include List-Unsubscribe header with HTTPS URL
- Include List-Unsubscribe-Post header with value "List-Unsubscribe=One-Click"
- Both headers must be covered by your DKIM signature
- Process unsubscribe requests within 48 hours
- No login or confirmation required for unsubscribe
Transactional emails (order confirmations, password resets, etc.) are exempt from this requirement.
Technical Infrastructure
Valid PTR Records
Every sending IP must have a valid reverse DNS (PTR) record. The PTR hostname must resolve back to the sending IP (forward-confirmed reverse DNS).
TLS Encryption
All connections must use TLS encryption. Unencrypted connections are rejected.
RFC 5322 Compliance
Messages must comply with the Internet Message Format standard. Malformed messages may be rejected.
Enforcement Timeline
- October 2023: Requirements announced
- February 2024: Soft enforcement began (warnings, temporary errors)
- June 2024: One-click unsubscribe requirement active
- November 2025: Full enforcement with message rejection
As of November 2025, non-compliant messages receive immediate rejection or temporary deferral rather than just spam folder placement.
Checking Your Compliance
- Register for Google Postmaster Tools: Monitor your domain and IP reputation, spam rates, and authentication success
- Verify authentication: Send test emails and check Authentication-Results headers for SPF, DKIM, and DMARC pass
- Monitor spam rates: Keep complaint rates well below 0.3%
- Audit unsubscribe: Confirm one-click unsubscribe works for marketing emails
Google Workspace Recipients
Gmail's bulk sender requirements apply specifically to personal Gmail accounts (@gmail.com). Messages to Google Workspace accounts (business email on Google) are subject to the recipient organization's policies, which may be more or less strict.
However, Google Workspace administrators often configure similar requirements, and authentication best practices should be followed regardless of recipient type.