Blog

Google, Yahoo!, and Apple are introducing new email authentication measures to enhance communication security.

Starting February 2024, Gmail will require email authentication for every message sent to Gmail accounts.
For senders exceeding 5,000 emails per day, additional requirements will apply.

All companies sending emails to Gmail, Yahoo!, and Apple must implement the following measures:

• Implement email authentication via SPF or DKIM.
• Ensure that sender domains or IP addresses have valid DNS records, both forward and reverse (PTR).
• Use a TLS connection for email transmission.
• Maintain spam complaint rates in Google Postmaster Tools below 0.10% and avoid exceeding 0.30%.
• Format messages according to the Internet Message Format standard (RFC 5322).
• Do not spoof Gmail "From:" addresses, as Gmail will enforce a DMARC policy with quarantine, which could impact email deliverability.
• For regular email forwarding, including distribution lists, add ARC headers to outgoing emails. ARC headers indicate the message was forwarded and identify the forwarder as responsible. Emails sent via distribution lists must also include a "List-id:" header specifying the distribution list.

For companies sending over 5,000 emails per day to Google, additional requirements include implementing DMARC policy and DMARC alignment:

• Configure DMARC email authentication for the sending domain. The DMARC enforcement policy can be set to "none."
• For direct emails, the "From:" address must align with the SPF or DKIM domain. This is essential to pass DMARC alignment.
• Marketing emails and subscription emails must support one-click unsubscribe and include a clearly visible unsubscribe link in the message body, in compliance with RFC 2369 and 8058.