Google DMARC requirements: Ensuring compliance
From February 2024, Google introduced new email authentication rules for organizations sending 5 000 or more emails daily to Gmail users. To comply, businesses must have SPF, DKIM, and DMARC in place.
Failure to meet these requirements, fully enforced in November 2025, can lead to temporary or permanent rejections, messages landing in recipients’ Spam folders, or a lack of delivery support. We will break down exactly what’s required to maintain deliverability and protect your company’s domain.
Google DMARC requirements explained
The grace period is over – Gmail has started strictly enforcing its bulk sender requirements. Senders who don’t comply will experience disruptions.
Compliance requirements
To ensure successful delivery to Gmail recipients, ensure your domain meets the following technical standards:
- SPF: All outgoing emails must pass SPF validation.
- DKIM: Outbound messages must pass DKIM checks.
- DMARC: Your domain must have a valid DMARC record with a policy of at least p=none.
- Header alignment: The “From” header must align with authenticated domains (SPF and DKIM).
- TLS encryption: All messages must be sent using a TLS connection.
- DNS configuration: Your domain must have valid forward and reverse DNS records.
- RFC 5322 compliance: Messages must follow the RFC 5322 email format standards.
- One-click unsubscribe: Emails must include a one-click unsubscribe option, and requests must be processed within 48 hours.
- Spam rate: You should maintain a spam complaint rate below 0.3%.
Who must comply with the Google DMARC requirements?
Any organization sending 5 000 or more emails per day to Gmail accounts must meet these requirements.
- Internal and hosted email systems
- CRM, ERP, and e-commerce services
- Email marketing platforms
- Transactional emails
- Third-party senders
Failure to comply can result in:
- Messages sent to recipients’ Spam or Junk folders
- Messages rejected outright by Gmail servers
- Unavailability of delivery support
Sendmarc makes DMARC compliance easy, providing the tools needed to meet evolving requirements.
Book a demo or explore our platform to find out how we simplify DMARC adoption.
Google DMARC requirements: Expert insights
“The idea is that authentication gives you confidence of the source of the message, and then you can start to do a better job of classification and actually providing protections to users.”– Neil Kumaran, Group Product Manager at Google
“Since the creation and wide-scale adoption of DMARC, the percentage and number of phishing emails claiming to be from a particular legitimate domain are significantly less, perhaps just a few percent of what they used to be.”
– Roger Grimes, Data-Driven Defense Evangelist at KnowBe4
Google DMARC requirements FAQs
Is Google requiring DMARC?
What are Google’s new requirements for email senders?
Google’s new requirements for bulk email senders include valid SPF, DKIM, and DMARC records, DMARC alignment with SPF and DKIM, TLS encryption, valid DNS records, RFC 5322 compliance, a one-click unsubscribe option processed within 48 hours, and a spam rate below 0.3%.
Why has Google introduced stricter DMARC and email authentication requirements?
Google introduced stricter DMARC sender and authentication requirements in November 2025 to reduce email abuse, such as phishing and spoofing. These measures help protect users and improve the overall security and trustworthiness of the email environment.
Do Google’s DMARC requirements apply to all email senders?
No, the Google DMARC requirements apply specifically to bulk email senders, defined as those sending 5 000 or more emails per day to Gmail addresses. Google does recommend that all senders implement SPF, DKIM, and DMARC to improve deliverability and email protection.
What happens if I don’t meet Google’s DMARC requirements?
If your domain doesn’t comply with Google’s authentication requirements, messages may be temporarily or permanently rejected, routed to Spam, or lose delivery support. Non-compliance can also reduce your ability to reach Gmail users.