The guidelines were the writing on the wall: authentication, alignment, and permission requirements were already moving from “best practice” to “mandatory.”
Now, with Google announcing that enforcement is ramping up, senders who fail to meet the standards are more likely than ever before to see their mail deferred, delayed, or rejected.
Here’s what you need to know to ensure your mail still gets delivered.
What changed?
Google quietly updated its bulk sender guidelines FAQ to note: “Starting November 2025, Gmail is ramping up its enforcement on non-compliant traffic. Messages that fail to meet the email sender requirements will experience disruptions, including temporary and permanent rejections.”
The requirements themselves haven’t changed, but they are signaling that enforcement is changing, increasing. Google is warning it will actively delay or reject inbound email that doesn’t comply, moving us a step beyond mere “recommendations.”
What this means for senders
Bulk email senders (those who send 5,000+ messages to Gmail addresses in a 24-hour period, including marketers, CRMs, SaaS platforms, and newsletters) are now much more likely to find messages delayed or rejected if not fully compliant with Google’s bulk sender requirements.
Expect temporary deferrals (4xx errors), slower delivery, and possibly outright rejections (5xx errors) for mail that fails authentication or violates their published policies.
Google’s looking for properly authenticated email messages, passing SPF, DKIM, and DMARC checks, including successful SPF or DKIM alignment. Your sending IPs, hostnames, and domains must resolve with proper rDNS in place, and a valid HELO/EHLO mail server configuration. Mail connections must be encrypted with TLS. You must make it easy to unsubscribe, with clear and easy opt-out options, including the one-click list-unsubscribe mechanism and respecting (ceasing to send mail to) preferences of those recipients who choose to opt-out.
Display names (friendly from) and subject lines must not be deceptive or confusing. Don’t mimic user interface elements (like implementing emoji checkboxes in the friendly from), and all email sent must comply with relevant RFCs (meaning no doubling up on headers like the from address or subject line).
And finally, Google wants you to keep the spam complaint rate (the percentage of email recipients indicating that your email is unwanted using the “report spam” button) below 0.1%.
Be sure to review the full list of requirements from Google, which you can find here.
What hasn’t changed
Google’s requirements were announced way back in October 2023, with initial enforcement steps from early 2024. Initial enforcement was characterized by a “light touch.” That has changed, and it is now time to be ready for more active enforcement. Think of it as moving from “warning mode” to “ticketing mode.” If you’ve ignored DNS alignment warnings, continue to send mail in light of an elevated spam complaint rate, or failed to fix unsubscribe links, those will now result in blocked mail.
It’s not just Google
Earlier in 2025, Microsoft rolled out its own bulk sender requirement guidelines, with a speedy enforcement timeline: updated requirements announced in April, and enforcement began in May. Microsoft moved quickly to begin rejecting non-compliant email messages, and this move from Google brings us even closer to parity in sender requirements (and enforcement of those sender requirements), with Google indicating that they’re increasing enforcement of their requirements.
The alignment helps level the playing field: bad actors and sloppy senders are more likely to be filtered out, while legitimate, authenticated senders are more likely to see better inbox placement. Together, this highlights the “new normal,” where authentication, DMARC, and good sending practices are no longer optional.
What senders should do right now
Are you fully compliant, and are you now more likely to see email messages delayed or rejected when sending to Gmail subscribers? It’s time to check your domain configuration and email send practices to ensure that you’re in the best position to avoid new deferrals and rejections, this month or in the future.
Verify your SPF, DKIM, and DMARC configurations to ensure proper authentication checks and alignment. Verify DNS and domain settings are correct, confirm that your unsubscribe mechanism is up to par, and review email marketing stats to ensure that complaint rates aren’t high enough to be negatively noticed. The Valimail Domain Checker is a great place to start; it’ll help you check your DMARC record and policy, SPF authentication settings, and more.
Check your
domain now
Enter your domain to see if it’s vulnerable to spoofing or if others are sending emails on your behalf. Instantly check your DMARC, SPF, and BIMI status with a detailed security report.
You’re not fully protected, learn more here.
Check your
domain now
Enter your domain to see if it’s vulnerable to spoofing or if others are sending emails on your behalf. Instantly check your DMARC, SPF, and BIMI status with a detailed security report.
You’re not fully protected, learn more here.
Check your
domain now
Enter your domain to see if it’s vulnerable to spoofing or if others are sending emails on your behalf. Instantly check your DMARC, SPF, and BIMI status with a detailed security report.
You’re not fully protected, learn more here.
Your Domain
Not protected AGAINST IMPERSONATION ATTACKS
DMARC NOT AT ENFORCEMENT
exampledomain1.com
Authentication Status for January 10, 2025
DMARC at Enforcement
SPF Record Configured
BIMI Ready
exampledomain1.com
Authentication Status for January 10, 2025
DMARC at Enforcement
SPF Record Configured
BIMI Ready
Look for SMTP deferrals and rejections related to sender compliance and authentication failures. Not only can these be found in mail server logs, but Google now incorporates a whole host of SMTP rejection information in DMARC aggregate reporting. This is especially handy for an organization-wide review for sender compliance, moving you beyond having to review multiple SMTP-level log streams individually.
Keeping trust in email
The reason for these requirements and enhanced enforcement is to help protect the email ecosystem. The goal is to keep email usable by making it easier to identify senders, both good and bad, to help improve efforts to identify problematic mail. To keep good mail in the inbox, and keep unwanted email messages away. If you’re a good sender, doing things right (your email messages authenticate correctly, you manage reputation, and respect user choice), you stand to benefit from these changes.
Between Microsoft’s enforcement wave earlier this year and Google’s latest crackdown, we’re watching the industry standardize around requirements focused on authenticated and wanted email. Compliance with email sender requirements is no longer optional.
And that compliance begins with visibility. Our free Valimail Monitor solution can help you see who is sending on behalf of your domains, track SPF/DKIM/DMARC pass/fail and alignment by sender, and help you catch configuration gaps before mailbox providers delay or block your email messages.
