Google DMARC requirements: Ensuring compliance
From February 2024, Google began enforcing new email authentication rules for organizations sending 5 000 or more emails daily to Gmail users. To comply, businesses must have SPF, DKIM, and DMARC in place.
Failure to meet these requirements could lead to rejected emails or messages landing in recipients’ Spam or Junk folders. Our guide breaks down exactly what’s required to maintain deliverability and protect your company’s domain.
Google DMARC requirements explained
DMARC
A DMARC record must be in place for the domain, with at least a policy of p=none. This informs receiving email servers how to treat messages that fail SPF or DKIM checks.
SPF
All outgoing emails must pass SPF validation. SPF confirms that the sending server is authorized to send emails on behalf of the domain.
DKIM
Outbound messages must pass DKIM checks. DKIM adds a digital signature to each message, helping to ensure it hasn’t been tampered with during transit.
One-click unsubscribe
Emails must include a one-click unsubscribe option. Any unsubscribe requests must be met within 48 hours.
Spam rate below 0.3%
Senders are required to keep Spam complaint rates under 0.3%, in line with Google’s policy.
Who must comply with the Google DMARC requirements?
Any organization sending 5 000 or more emails per day to Gmail accounts must meet these requirements.
- Internal and hosted email systems
- CRM, ERP, and e-commerce services
- Email marketing platforms
- Transactional emails
- Third-party senders
Failure to comply may result in:
- Increased risk of email-based threats
- Messages being sent to recipients’ Spam or Junk folders
- Messages being rejected outright by Gmail servers
Sendmarc makes DMARC compliance easy, providing the tools needed to meet evolving requirements.
Book a demo or explore our platform to find out how we simplify DMARC adoption.
Want a copy of the Google DMARC requirements?
Complete the form below to get this free guide.
Expert insights
“The idea is that authentication gives you confidence of the source of the message, and then you can start to do a better job of classification and actually providing protections to users.”– Neil Kumaran, Group Product Manager at Google
“Since the creation and wide-scale adoption of DMARC, the percentage and number of phishing emails claiming to be from a particular legitimate domain are significantly less, perhaps just a few percent of what they used to be.”
– Roger Grimes, Data-Driven Defense Evangelist at KnowBe4
Google DMARC requirements FAQs
Is Google requiring DMARC?
What are Google’s new requirements for email senders?
Google’s new requirements for email senders include publishing valid SPF, DKIM, and DMARC records, aligning DMARC with either SPF or DKIM, keeping Spam complaint rates below 0.3%, and including one-click unsubscribe functionality in messages. These rules apply to domains sending more than 5 000 emails per day to Gmail recipients.
Why has Google introduced stricter DMARC and email authentication requirements?
Do Google’s DMARC requirements apply to all email senders?
What happens if I don’t meet Google’s DMARC requirements?
If your business’s domain doesn’t meet Google’s DMARC and authentication requirements, its messages might be rejected or sent to Spam or Junk folder. This could negatively affect your company’s ability to reach Gmail users and damage its sender reputation.
