Are you a Gmail ‘bulk sender’? If so, you should be aware of the sender validation changes being introduced by Google this month, which it says will make for a 'safer, less spammy inbox'. Chris Pepper, director of building and interiors marketing specialist Time54, explains.
Q: Why have the new Gmail rules been introduced?
A: Gmail wants to augment its protection of user email accounts by converting existing sender ‘best practices’ into rules to combat the increasingly complex and pressing security threats it now faces. In fairness, Gmail has always had a reputation for prioritising user safety, proudly claiming 99.9% of spam, malware and phishing messages in around 15 billion emails a day are blocked from penetrating Gmail accounts. By increasing authentication requirements in 2022, there was a 75% drop in unauthenticated messages being received by Gmail users. Gmail knows, however, that it constantly needs to review its guidelines and introduce new rules to keep users safe. While the new 2024 rules are for all senders to follow, we’re focusing on the consequences of non-compliance for bulk senders.
Q: What are the new Gmail rules for bulk senders in 2024?
A: The main focus of the new Gmail protections is on validating that the sender is who they claim to be. For recipients to trust an email’s source, the sender must authenticate emails from all sending domains following the best practices that have been established for some time:
DomainKeys Identified Mail (DKIM)
You should set up DKIM to protect your domain against ‘spoofing’ and prevent emails from being identified as spam. Spoofing is when an attacker forges the ‘from’ address to make it look like an email has been sent from a particular domain or organisation. DKIM applies a digital signature to authenticate the sender and detects when a message has been modified.
Sender Policy Framework (SPF)
This standard email authentication method protects your domain from spoofing by specifying the mail servers that are permitted to send emails from your domain. Without SPF, hackers can impersonate you and send their own emails from your domain which can result in catastrophic reputation damage.
Q: Does this mean anything else for senders?
A: Senders must now save Gmail recipients the inconvenience and frustration of having to repeatedly make requests to unsubscribe from mailing lists. This should now be executed with just one click, and the request to be processed within two days. Also, under the new rules, spam rates, which are calculated daily, must be below 0.3% to ensure messages are delivered as expected. The recommended daily spam rate is below 0.1%. Senders should always work towards this. Spam rates greater than 0.1% negatively impact inbox delivery for bulk senders. Under the new rules, messages from bulk senders with a spam rate higher than 0.3% are likely to be sent to spam. Postmaster Tools from Google Workspace can be used to track daily spam rates and take appropriate actions.
An additional requirement of bulk senders, that doesn’t apply to senders of fewer than 5,000 Gmail messages a day, is the use of DMARC (domain-based message authentication, reporting and conformance). DMARC tells receiving servers how to deal with messages that don’t pass SPF or DKIM verification. DMARC also allows you to request reports from email servers that receive messages from your domain to identify any authentication issues or malicious content.
Q: What happens if you don’t stick to the new Gmail rules?
A: If you don’t meet the minimum requirements of SPF and DKIM authentication, your emails will most probably be identified as spam and blocked by Gmail. If your emails continue to be identified as spam, the reputation of your domain will be compromised, and you will send more emails to spam. You will also come up against some resistance when raising delivery issues with Gmail going forward.
If you want advice about your marketing strategy, get in touch with Chris Pepper at Time54: time54.co.uk.