As we progress into 2024, email continues to provide top-tier ROI for digital marketers. But avoiding the spam folder is becoming more difficult.
With the launch of new sender guidelines for 2024, Google reaffirms its commitment to creating a safer, less spammy inbox and improving email security for Gmail users.
With Google’s new guidelines going into effect during February, it’s important for senders to make sure they’ve updated their email settings to maintain compliance. This is especially true for any businesses sending over 5,000 messages a day to Gmail accounts.
Adhering to the latest Gmail security policies and focusing on email validation are the most direct routes to ensure your communications continue to make it to the inbox without being marked as unwanted messages.
This guide aims to clarify the requirements for bulk senders and provide actionable steps you can take to maintain a positive sender reputation and keep out of the spam folder.
Google’s 2024 Sender Guidelines: An Overview
February 2024 marks the beginning of a new era for Gmail’s security. Google has already begun enforcing updated sender guidelines with the goal of strengthening protections for personal Gmail accounts.
These changes are designed to reduce the influx of unauthenticated messages significantly and provide a safer email environment for all Gmail users.
If you regularly send emails to a list of 5,000 or more recipients with email addresses that end in @gmail.com, you’ll need to:
- Upgrade your email authentication to include TLS so that all outgoing emails to personal Gmail accounts are securely encrypted.
- Incorporate ARC headers in every forwarded email to maintain email integrity and security for forwarded messages.
- Use proper SPF, DKIM, and DMARC protocols for message verification.
- Make it easy for message recipients to unsubscribe with one click.
Understanding the 2024 Updates
Google’s algorithms for detecting bulk email senders are getting smarter. They’re much better at prioritizing emails that offer genuine value and relevance to their recipients than they were a couple of years ago.
This means marketers must fine-tune their content strategies and focus on the most relevant needs and interests of their audience to avoid being sidelined as spam.
Below is an explanation for each of the key aspects of Google’s updated sending requirements for bulk senders.
What are SPF, DKIM, and DMARC?
SPF, DKIM, and DMARC create the foundation for email security under the umbrella of Gmail’s security policies.
These three key email authentication methods play an important part in safeguarding email senders and recipients against spam, phishing, and a spectrum of other malicious email activities.
Configured within the DNS settings of your domain provider, your SPF, DMARC, and DKIM records ensure that emails sent to Gmail accounts are authenticated and in alignment with Gmail’s rigorous standards for outgoing email security.
When these records are properly configured, they close loopholes exploited by attackers and make it easier for legitimate senders to make sure fewer messages are rejected or marked as spam.
Note: Throughout this article, we focus on setting up DNS records for users who use Google Domains to manage their sending domains. If you’re using a different domain provider, most of the instructions remain the same, but you’ll have to locate the DNS settings in your provider’s platform to add new DNS records.
What Is An SPF Record?
An SPF record is an email authentication method used to prevent spammers from sending messages on behalf of your domain. In other words, it prevents other users from disguising their sending address as your own.
With SPF, a domain owner publishes a list of IP addresses that are authorized to send mail on behalf of the domain in the DNS records.
When receiving mail servers receive an email, they can check the SPF record to verify that the email comes from an authorized server. If the sending server is not listed in the SPF record, the email can be rejected or marked as spam.
What Is A DKIM Record?
DKIM is another validation method that Google and other providers use to prevent unsolicited emails and make it easier to keep your inbox spam-free.
DKIM authentication provides a way to validate a domain name identity that is associated with a message through cryptographic authentication – it’s a bit like creating a “secret handshake” that email servers can use to make sure they’re communicating securely.
Receiving mail servers use this signature to check that the email was not modified during transit and that the sending domain is authorized to send the email. This is achieved by comparing the signature against a public cryptographic key, published in the domain’s DNS records.
What Is A DMARC Record?
DMARC builds on SPF and DKIM by allowing domain owners to specify how email from their domain should be handled if it fails SPF or DKIM checks.
It adds reporting capabilities so domain owners can get feedback on the emails being sent (or spoofed) from their domain.
DMARC policies allow domain owners to specify whether failing emails should be rejected, quarantined (such as being placed in the spam folder), or have no specific action taken, which provides greater control over email delivery and security.
What Is TLS Authentication?
TLS (Transport Layer Security) authentication is a security protocol designed to provide communication security over a computer network.
It’s the successor to SSL (Secure Sockets Layer) and is widely used on the internet to secure web traffic, email delivery, and other data transfers. TLS authentication involves encrypting the data sent over the internet, ensuring that any data transmitted between the web server and browser remains private and secure.
What Are ARC Headers?
ARC (Authenticated Received Chain) is an email authentication system designed to improve email security and deliverability, especially in scenarios where emails are forwarded or go through several intermediaries before reaching the final recipient.
How Do ARC Headers Work?
ARC headers ensure your emails reach their intended destination without a hitch by maintaining a record of each intermediary your emails pass through on the way to the recipient’s inbox.
Think of ARC headers like digital passports. Every time an email makes a stop on the way to the recipient’s inbox, the header is “stamped.” Each stamp records the email’s journey, making it easier to authenticate checks against SPF, DKIM, and DMARC protocols.
Why does this matter for the final leg of the email’s journey?
When an email arrives at its destination, the receiving server looks at these ARC headers to understand the email’s path and make sure it goes from Point A to Point B without any tampering along the way.
How To Configure SPF, DKIM, And DMARC For Your Domain
Setting up each of these records requires editing access for your domain’s DNS settings. Editing DNS records is fairly straightforward, but small mistakes can lead to big issues with deliverability. If you’re not comfortable editing your DNS settings, consider working with a web developer to avoid costly mistakes.
If you are comfortable making DNS edits yourself, you’ll find instructions on how to configure your SPF, DKIM, and DMARC records below.
How To Configure An SPF Record For Your Sending Domain
Step 1: Log in to your domain provider and locate the DNS settings panel for your sending domain.
Step 2: Next, locate and select the option to add a new DNS record.
Step 3: Under record type, choose “TXT.”
Step 4: For the “Host” field, use the “@” symbol (without quotation marks) to specify the root domain. If you’re adding a subdomain, enter the prefix of the subdomain with no quotations.
Step 5: In the “Value” field, enter the following text:
- v=spf1 include:_spf.google.com ~all
Note: If you’re using another mail provider besides Gmail, replace spf.google.com with your provider’s domain. For example, when using a provider like Microsoft, you should use spf.protection.outlook.com instead of spf.google.com
The TXT record must include IP addresses of all your mail servers and all domains controlled by your organization. If you’re using multiple IPs or domains, add additional include statements to your SPF record.
In the example below, we’ve included two sending domains: Google, and another domain. Simply replace the name of the second domain with your own.
- v=spf1 include:_spf.google.com include:_www.yourdomain.com ~all
How To Configure DKIM Records For Your Sending Domain
How you configure your DKIM records largely depends on your email provider. Since this article is focused on Google’s sending guidelines in 2024, we’ll walk you through how to set up DKIM using Google Domains.
If you use another provider, you’ll need to locate the DKIM settings panel within your provider’s admin console.
Step 1: Log in to your Google Workspace Admin Console.
Step 2: In the search bar, type “DKIM.” and select “DKIM authentication” from the dropdown list.
Step 3: On the next page, locate “selected domain” and ensure the right sending domain is selected. If it’s not, click the downward-facing arrow to open the dropdown menu and select the correct domain.
Step 4: Click “Generate New Record,” then “Generate.”
Note: We recommend setting up your DKIM record with a key bit length of 2048. However, some domain hosts like Hover.com restrict the length of the key to 1024 bits. If you can’t use a key with a bit length of 2048 due to restrictions from your domain host, generate a key with a bit length of 1024 instead.
Step 5: Without closing your Google Workspace Admin Console, log in to your domain host and access your domain’s DNS settings panel.
Step 6: Click “Create New Record”.
- For the record type, select TXT
- Use google._domainkey for the “Host” field.
- Copy and paste the DKIM key into the value field (do this by copying and pasting the entire block of text found below “TXT record value” on the Google Workspace Admin DKIM Authentication page.
Step 7: Click “Save” to add the record to your DNS settings.
Step 8: Return to the Google Workspace Admin DKIM Authentication page and click “Start Authentication.”
Step 9: Refresh the Google Workspace Admin DKIM Authentication page and check the DKIM status. If the button that said “Start Authentication” now says “Stop Authentication,” you’ve completed the process successfully.
For added peace of mind, use a DKIM checker like this tool from MXToolbox to identify any errors in your DKIM setup.
How To Configure A DMARC Record For Your Sending Domain
DMARC configuration is largely the same, no matter which domain provider you use. In order to configure a DMARC record for your sending domain, log in to your provider’s platform and locate the DNS settings panel. Then, follow the steps outlined below.
Step 1: Log in with your domain provider and open the DNS settings panel.
Step 2: Click “Add Record.”
Step 3: For the record type, select TXT.
Step 4: Use _dmarc for the host name.
Step 5: Copy and paste the text below into the value or content field.
- v=DMARC1; p=none; rua=mailto:firstname.lastname@example.org
Step 6: Replace email@example.com with the email address where you’d like to send DMARC reports.
Step 7: Save the record in your DNS settings.
Like with your DKIM records, you can use a dedicated tool to check the status of your DMARC record.
How To Set Up TLS Authentication For Bulk Senders
Like DKIM records, how you configure TLS authentication largely depends on your email provider. Since this article is focused on Google’s sending guidelines in 2024, we’ll walk you through how to set up TLS for accounts on Google Workspace. Instructions may differ for other providers.
Step 1: Log in to your Google Workspace Admin Console
Step 2: In the left menu panel, click Apps > Google Workspace > Gmail > Compliance
Step 3: Select the organizational unit you want to configure TLS Authentication for.
Step 4: Then select Secure transport (TLS) compliance and click on Configure.
Step 5: In the Add setting box, enter a name for the setting like Organizational Unit – TLS and do the following:
- Click the options to affect both inbound and outbound mail
- Click create a list and add the inboxes for which you’d like to enable TLS authentication.
- Select the list after creation to apply TLS authentication
- Select Require CA Signed Certificate.
- Select Validate Certificate Hostname.
Step 6: Test your TLS connection by clicking Test TLS Connection to check and verify the connection to the receiving email server.
Step 7: Click Save.
Step 8: Send an email from one of your TLS-authenticated inboxes to any other inbox, then check to make sure the email is delivered.
Note that it can take up to 24 hours for your TLS settings to update, although changes usually occur quite fast.
How To Enable One-Click Unsubscribe
If you’re using a third-party sending service, you should make sure it complies with the new Gmail protections by checking the settings for a one-click unsubscribe option. Enabling it is usually as simple as clicking a button.
The location of the unsubscribe option will vary according to which email sender you’re using. It’s usually located in the settings panel of whichever sending service you’re using.
As of February 2024, Gmail requires all bulk messages to Gmail addresses to include unsubscribe options when sending unwanted or unsolicited emails to lists of 5000 or more people.
Google Sender Guidelines 2024: Frequently Asked Questions
As the digital landscape evolves, so do the rules of engagement. If you’ve got questions, you’re not alone. Here are answers to common questions we hear about how to ensure your email practices are up to snuff.
Can I Use A @gmail.com Or @yahoo.com Inbox To Send Bulk Messages For My Custom Domain?
Using a @gmail.com or @yahoo.com address to send bulk messages for a custom domain is not recommended.
These email services are not designed for high-volume sending from personal email accounts and could lead to deliverability issues.
Instead, it’s better to use a professional email address that matches your domain and is authenticated with SPF, DKIM, and DMARC records to improve deliverability and trust with your recipients.
What Happens If I Don’t Update My Email Settings To Meet The New Google Guidelines?
Failing to comply with Google’s updated guidelines can have several consequences. Your emails might start landing in the spam folder, or worse, Google could block your messages altogether.
This will harm your sender reputation and impact the overall effectiveness of your email marketing campaigns. It’s crucial to follow these guidelines closely to ensure your emails reach your audience.
How Do I Configure ARC Headers For Forwarded Mail?
Configuring ARC headers requires support from your email service provider or email infrastructure. If you’re using a third-party service for email forwarding, check if they support ARC.
For direct mail server configuration, you may need to update your server’s settings to include ARC authentication for forwarded emails.
It’s best to consult with your provider’s documentation or support team for specific instructions tailored to your setup.
What Is Google’s Spam Policy In 2024?
Google’s spam policy continues to focus on protecting users from unwanted, harmful, or deceptive messages.
In 2024, the policy emphasizes stricter authentication requirements, lower tolerance for high spam rates, and the need for clear, straightforward unsubscribe mechanisms.
Making sure that your emails are authenticated, wanted by your recipients, and easily opt-outable is more critical than ever to comply with Google’s spam policy.
Does Google Block Mass Emails Now?
Google may block mass emails that fail to meet its guidelines, exhibit patterns typical of spam, or receive a high volume of complaints from users. Especially for senders who are dispatching bulk mail using antiquated and inconsistent systems for email authentication.
To prevent your emails from being blocked, ensure they are properly authenticated, relevant, and engaging to your audience, and maintain a low spam complaint rate.
Regular monitoring of your email performance and adherence to best practices in email marketing will help keep your mass email campaigns running smoothly.
Google’s 2024 email sender guidelines may seem confusing at first, but proper configuration is the only way to maintain a strong sender reputation and ensure your emails continue to reach your audience effectively.
If you’re having trouble configuring your email settings to meet the requirements for bulk senders who send 5,000 or more messages per day, speak with a ClearBrand marketing specialist to learn how we can keep your messages landing in the inbox.