TL;DR: Since February 2024, Google and Yahoo require every domain that sends them email to pass SPF and DKIM, and bulk senders (roughly 5,000+ messages a day) must also publish a DMARC record, offer one-click unsubscribe, and keep spam complaints low. Fail these and your mail gets filtered to spam or rejected outright. Scan your domain free to see in seconds whether you meet the authentication requirements.
What changed
In late 2023 Google and Yahoo jointly announced new sender rules that took effect in 2024 and have tightened since. The goal is to cut spam and spoofing by requiring senders to prove who they are. What used to be "best practice" — SPF, DKIM and DMARC — is now a delivery requirement. Domains that don't comply increasingly see their mail bounced or sent straight to junk, regardless of how legitimate it is.
The requirements, in plain English
| Requirement | Who it applies to | What it means |
|---|---|---|
| SPF + DKIM | Everyone sending to Gmail/Yahoo | Your domain must authenticate mail with both a valid SPF record and a DKIM signature |
| DMARC | Bulk senders (~5,000+/day) | Publish at least a p=none DMARC record, aligned with SPF/DKIM |
| One-click unsubscribe | Bulk/marketing senders | Include a List-Unsubscribe header so recipients can opt out in one click |
| Low spam rate | Bulk senders | Keep spam complaints under ~0.3% (ideally below 0.1%) |
| Valid forward/reverse DNS | Sending servers | Your sending IPs need matching PTR records |
Even if you send only a handful of emails a day, the SPF + DKIM part already applies to you — and a DMARC record is strongly recommended for everyone.
How to check if you're compliant
- Run a free scan of your domain — it instantly shows whether SPF, DKIM and DMARC are present and valid, which is the part most domains fail.
- Send a test to Gmail, open "Show original", and confirm
SPF: PASS,DKIM: PASSandDMARC: PASS. - If you send marketing email, confirm your platform includes a one-click unsubscribe header.
Scan your domain now — you'll get an A+→F grade and see exactly which requirement is letting you down, no signup to view it.
How to fix it
- Publish a valid SPF record covering every sending service (under the 10-lookup limit).
- Enable DKIM at your mail provider and publish the key.
- Add a DMARC record — start at
p=none, then raise it toquarantine/reject. - Make sure your bulk/marketing tool sends a List-Unsubscribe header and you keep your list clean to hold the spam rate down.
FAQ
Do these rules apply if I only send a few emails a day?
Yes — the SPF and DKIM requirements apply to all senders. The DMARC, one-click-unsubscribe and spam-rate rules are aimed at bulk senders, but DMARC is recommended for everyone.
What counts as a "bulk sender"?
Google's threshold is roughly 5,000 messages to Gmail in a day, but the safest approach is to meet the requirements regardless of volume.
What happens if I don't comply?
Your mail to Gmail and Yahoo is increasingly filtered to spam or rejected with an error. Fixing authentication is the fastest way to restore delivery.
Not sure if you pass? Scan your domain, then reply to your report — we're developers and can make your domain fully compliant (SPF, DKIM, DMARC) so your mail reaches the inbox.