Effective April 1, Google will enforce new authentication requirements for bulk email senders, rejecting emails that do not meet these criteria.
This stringent measure aims to mitigate the volume of spam reaching Gmail inboxes and bolster the security of Gmail users. By imposing these requirements, Google seeks to thwart malicious actors from exploiting unauthenticated or compromised domains to disseminate harmful content and reduce the influx of unwanted spam.
Google defines a bulk sender as an entity sending approximately 5,000 or more messages to personal Gmail accounts within a 24-hour period. Notably, this encompasses all emails originating from the same primary domain, irrespective of any subdomains utilized.
Once categorized as a bulk sender, this status is permanent, with no expiration date. While the bulk sender guidelines specifically target emails sent to personal Gmail accounts, all senders, including those utilizing Google Workspace accounts, must adhere to the new regulations.
In an October 2023 Gmail product update notice, Neil Kumaran, Gmail’s group product manager, highlights that many bulk senders fail to adequately secure and configure their systems, thereby facilitating attackers to conceal their activities. Validating the identity of email senders, particularly those transmitting large volumes, is crucial for email security.
Hence, effective April 1, all bulk senders must authenticate their emails using established best practices, such as Domain-based Message Authentication, Reporting & Conformance DomainKeys Identified Mail, and Sender Policy Framework. This initiative aims to close loopholes exploited by attackers and enhance email security for all users.
While these authentication measures reduce the risk of spoofing or hijacking by malicious senders, they do not eliminate all potential vulnerabilities.
However, Gmail employs multiple layers of protection and continually enhances its defenses against such threats, including the SubdoMailing technique.
Additionally, starting June 1, bulk senders must include a one-click unsubscribe option in their emails. This requirement aims to simplify the unsubscribe process for Gmail users, ensuring a quicker and more straightforward experience. Bulk senders must also promptly process unsubscribe requests within 48 hours, further enhancing user convenience and satisfaction.