Gmail Sender Requirements 2025: What Changed and How to Comply

In February 2024, Google and Yahoo announced enforcement of new bulk sender requirements that had been in voluntary guidelines for years. The rules apply to anyone sending more than 5,000 emails per day to Gmail addresses — and in practice, many of the requirements affect cold email senders at much lower volumes. Here's exactly what changed, what you need to do, and how to verify compliance.

What Changed in February 2024

Google and Yahoo began enforcing the following requirements for bulk senders. Senders who don't comply face messages being rejected or sent to spam:

• SPF or DKIM authentication required: Every email must pass at least one of SPF or DKIM. Failing both means rejection.
• DMARC required: A DMARC record at p=none minimum is now mandatory for bulk senders. Previously recommended, now enforced.
• Spam rate threshold: Google enforces a 0.10% spam rate cap. Above 0.30% triggers aggressive filtering and eventual domain-level blocking. Yahoo has similar thresholds.
• One-click unsubscribe required: Marketing and subscribed emails must include a List-Unsubscribe header and honor unsubscribe requests within 2 days.
• Valid reverse DNS: Your sending IP must have a PTR record that resolves correctly. Most major ESPs handle this automatically; custom SMTP senders need to verify.

Does This Affect Cold Email?

The "5,000 emails per day" threshold for full enforcement is often cited as a reason cold email senders don't need to worry. This is partially true but misleading in two important ways:

• Authentication requirements apply to all senders. SPF, DKIM, and DMARC are not just for bulk senders — failing authentication triggers spam filters at any volume. You've always needed these; now Google officially enforces them.
• Spam rate thresholds apply to all senders. Even a small cold email campaign that generates too many spam complaints from Gmail recipients will hit the 0.10% threshold. 10 complaints out of 1,000 sends is already over the limit.

How to Check Your Compliance

1. Verify SPF, DKIM, and DMARC

Use MXToolbox to check all three records:

• SPF: MXToolbox SPF Lookup → your domain should show "SPF Record Found" with no syntax errors
• DKIM: Send a test email → check headers for dkim=pass in Authentication-Results
• DMARC: MXToolbox DMARC Lookup → should show a valid record starting with v=DMARC1

2. Monitor spam rates in Google Postmaster Tools

Register your sending domain at postmaster.google.com. The Spam Rate dashboard shows your rolling spam complaint percentage. Keep it below 0.08% to stay safely under Google's 0.10% enforcement threshold.

3. Check your List-Unsubscribe implementation

If you send any newsletter, promotional, or subscription-based email, add a List-Unsubscribe header and List-Unsubscribe-Post: List-Unsubscribe=One-Click header to all emails. Most modern ESPs (Mailchimp, Klaviyo, SendGrid) add this automatically. Check with your provider if you're unsure.

What Happens If You Don't Comply

Google began enforcement in February 2024 with a phased approach: initial warnings, then increasing spam filtering, then temporary and permanent blocks for persistent non-compliance. As of mid-2024, unauthenticated bulk email is being rejected outright. Yahoo's enforcement timeline mirrors Google's.

The practical impact: cold email campaigns from domains without SPF, DKIM, and DMARC are seeing significantly higher spam rates in 2025 than in previous years. Authentication is no longer optional — it's the cost of entry for any sender.

MailPilot automatically checks SPF, DKIM, and DMARC on every connected mailbox and flags misconfigured or missing records before warmup begins. It also monitors your spam rate in real time and alerts you before you cross Google's 0.10% threshold.

Send like the inbox is yours.

Join the waitlist and lock in founding-member pricing.