Google to enforce new security rules April 1, 2024

Since October of 2023, Google has been warning customers about new email verification rules for Bulk Senders (those sending 5,000+ emails in a 24-hour period). Those who don’t comply will find their emails rejected from Gmail’s systems.

Messages that aren’t authenticated with these methods might be marked as spam or rejected with a 5.7.26 error.

These rules require bulk senders to adhere to a number of best practices, like:

1. Authenticating email with Domain-based Message Authentication
2. DomainKeys Identified Mail (DKIM)
3. Sender Policy Framework (SPF)

Most third-party senders have presumably long been on top of this as the specific measures aren’t new - Google has just set the date of April 1st, 2024 as the day they’ll start rejecting emails sent from unsecured domains. However, companies sending their own email will want to double-check that they’ve got everything in place, because it won’t be easy to get un-banned.

SPF and DKIM

Though most companies have already implemented both, we recommend clients implement DKIM over SPF, as SPF is a bit dated and is subject to SPF-hijacking attacks like SubdoMailing.

Sharing is caring!