We are running in a testing phase — please be patient and share your feedback.
Google and Yahoo Email Sender Requirements

Google and Yahoo Email Sender Requirements

· 7 min read · Tomas Hojgr · Email Security
Email Authentication Email Deliverability SPF DKIM DMARC

What Google and Yahoo Require From Email Senders

Since February 2024, Google and Yahoo enforce stricter rules for email senders. The requirements cover authentication (SPF, DKIM, DMARC), spam complaint rates, and unsubscribe mechanisms. Non-compliant emails face temporary deferrals, permanent rejections, or spam folder placement.

The requirements are split into two tiers: rules for all senders and additional rules for bulk senders who send 5,000 or more messages per day to Gmail addresses.

Requirements for All Senders

These rules apply regardless of sending volume.

SPF or DKIM Authentication

Every email must pass at least one authentication protocol — SPF or DKIM. Google and Yahoo require a valid authentication record in DNS for the sending domain.

  • SPF: A TXT record on the envelope sender domain must authorize the sending server's IP address.
  • DKIM: The email must carry a valid DKIM signature matching the public key published in DNS.

If you haven't configured either protocol yet, set up an SPF record and configure DKIM signing as your first step.

Valid PTR Record for Sending IP

The sending IP address must have a valid PTR (reverse DNS) record. This means the reverse DNS lookup of the IP must return a hostname, and the forward DNS lookup of that hostname must resolve back to the same IP.

Verification:

dig -x 198.51.100.25 +short

If the command returns a hostname (e.g., mail.example.com), verify the forward record:

dig mail.example.com A +short

The result must match the original IP address. If the PTR record is missing, contact your hosting provider or IP range owner — PTR records are managed by the IP address owner, not the domain owner.

TLS Encryption

Emails must be transmitted over an encrypted TLS connection. The sending server must support STARTTLS and establish an encrypted connection with the receiving server.

Most modern mail servers and services (Google Workspace, Microsoft 365, Mailgun, SendGrid) support TLS by default. If you run your own server, verify your configuration — in Postfix, set smtp_tls_security_level = may (or higher).

Spam Complaint Rate Below 0.3%

Google measures spam complaint rates through Google Postmaster Tools. The requirement is to keep complaints below 0.3%. Google recommends targeting a rate below 0.1%.

Exceeding 0.3% leads to deliverability issues. Since June 2024, bulk senders with a complaint rate above 0.3% are ineligible for mitigation requests.

Requirements for Bulk Senders

A bulk sender is anyone who sends 5,000 or more messages per day to personal Gmail addresses. Once a domain reaches this threshold, Google permanently classifies it as a bulk sender — the status is never removed.

In addition to all-sender requirements, bulk senders must also meet:

Both SPF and DKIM

While regular senders need SPF or DKIM, bulk senders must have both. One is not enough — both protocols must be properly configured and emails must pass both checks.

DMARC With at Least p=none

The domain in the From header must have a published DMARC record with a policy of at least p=none. At least one protocol (SPF or DKIM) must be in alignment with the From header domain.

Example of a minimal DMARC record:

v=DMARC1; p=none; rua=mailto:example.com@rua.spfmonitor.com

p=none is the minimum — Google and Yahoo accept it, but for real protection against spoofing, we recommend gradually moving to p=quarantine and then p=reject. The complete DMARC setup guide covers the process step by step.

Adding a rua= address to the record provides DMARC reports showing who sends from your domain and how authentication results look. SPF Monitor processes and visualizes these reports automatically — no manual XML parsing required.

One-Click Unsubscribe

Marketing and bulk emails must support one-click unsubscribe. Technically this means:

  • A List-Unsubscribe header with an HTTPS URL and optionally a mailto address
  • A List-Unsubscribe-Post: List-Unsubscribe=One-Click header
  • Both headers must be covered by a valid DKIM signature (RFC 8058)
  • A visible unsubscribe link in the message body

Processing requirement: unsubscribe requests must be honored within 2 days.

Example headers:

List-Unsubscribe: <https://example.com/unsubscribe?id=abc123>, <mailto:unsubscribe@example.com>
List-Unsubscribe-Post: List-Unsubscribe=One-Click

Transactional emails (order confirmations, password resets) are exempt from this requirement.

From Header Domain Alignment

The From header domain must align with either the SPF domain (envelope sender) or the DKIM signing domain (d=). Alignment means the domains match — either exactly (strict) or at the organizational domain level (relaxed).

If you send emails through a third-party service (ESP — email service provider), verify that the service signs DKIM with your domain, or that the envelope sender uses your domain.

Enforcement Timeline

Date Event
February 2024 Google and Yahoo begin enforcement — temporary errors (4xx) for a percentage of non-compliant bulk sender traffic
April 2024 Google starts permanently rejecting a percentage of non-compliant bulk sender emails
June 2024 One-click unsubscribe becomes mandatory for Gmail bulk senders
November 2025 Gmail significantly tightens enforcement — increased rate of temporary (4xx) and permanent (5xx) rejections

Yahoo has been enforcing requirements since February 2024 with gradual tightening. Microsoft (Outlook.com, Hotmail, Live.com) announced similar SPF, DKIM, and DMARC requirements with enforcement starting May 2025.

The trend is clear: requirements will only get stricter, not looser.

How to Verify Compliance

Authentication Check

Full domain analysis on SPF Monitor checks:

  • SPF record validity and correctness
  • DKIM existence and configuration
  • DMARC record presence and policy settings
  • Protocol alignment

Alternatively, check individual records:

dig example.com TXT +short | grep spf
dig _dmarc.example.com TXT +short
dig selector._domainkey.example.com TXT +short

Google Postmaster Tools

For monitoring sender reputation and spam complaint rates, use Google Postmaster Tools. The tool shows:

  • Spam complaint rate
  • IP and domain reputation
  • Percentage of authenticated emails
  • Delivery errors

Ongoing Monitoring

A one-time check is not enough. DNS records can change, sending services may alter their configuration, a new marketing tool may start sending without proper authentication. DMARC reports provide ongoing visibility into how your emails pass authentication at receiving servers.

Common Problems and Solutions

Third-Party Emails Failing Authentication

If you send through an ESP (Mailchimp, SendGrid, Mailgun) and emails fail SPF or DKIM:

  1. SPF: Add the provider's include: mechanism to your SPF record. Example for SendGrid: include:sendgrid.net.
  2. DKIM: Configure DKIM signing with your domain at the provider — typically by adding a CNAME record to DNS.
  3. Alignment: Verify that the envelope sender or DKIM domain matches the From header domain.

For Google Workspace setup, see SPF/DKIM for Google Workspace. For Microsoft 365, see SPF/DKIM for Microsoft 365.

Missing DMARC Record

If you don't have a DMARC record, start with a p=none policy and a reporting address:

v=DMARC1; p=none; rua=mailto:example.com@rua.spfmonitor.com

This meets Google and Yahoo's minimum requirement while collecting data about who sends from your domain. Based on reports, you can then safely tighten your policy.

High Spam Complaint Rate

If your complaint rate exceeds 0.1%:

  • Only send to recipients who opted in
  • Make unsubscribing easy — visible link in every email
  • Reduce frequency and segment lists by recipient activity
  • Monitor for spam traps in your recipient lists
  • Remove inactive recipients who haven't engaged in over 6 months

Consequences of Non-Compliance

The impact is graduated but lasting in terms of reputation:

  • Temporary rejection (4xx) — the sending server retries, but repeated failures damage sender reputation
  • Permanent rejection (5xx) — the email is not delivered and the sender receives a bounce message
  • Spam placement — the email is delivered but lands in the spam folder
  • Domain reputation damage — prolonged non-compliance reduces reputation, affecting deliverability even after fixes are applied

Reputation recovery takes weeks to months. Prevention is far simpler than damage control.

Full domain analysis identifies unmet requirements before they cause deliverability problems.

Related articles

How to Set Up a DMARC Record for Your Domain
DMARC

How to Set Up a DMARC Record for Your Domain

Step-by-step guide to setting up a DMARC record. From your first p=none record through report analysis to full protection with p=reject.

· 8 min read
Sender Reputation — What It Is and How to Improve It
Email Security

Sender Reputation — What It Is and How to Improve It

Sender reputation determines whether your emails reach the inbox or land in spam. Learn what affects it, how to check it, and how to systematically…

· 5 min read
SPF, DKIM, and DMARC — Complete Email Authentication Guide
Email Security

SPF, DKIM, and DMARC — Complete Email Authentication Guide

SPF, DKIM, and DMARC form three layers of email authentication. Learn how they work together, the correct deployment order, and common mistakes to…

· 11 min read