Gmail & Yahoo bulk sender requirements: the working checklist
In February 2024, Gmail and Yahoo stopped treating email authentication as a best practice and started treating it as an entry requirement. Microsoft followed with equivalent rules for high-volume senders in 2025. The rules bind "bulk senders" — 5,000+ messages/day to Gmail — but the baseline items now affect everyone, and failing them produces 550 5.7.26 bounces at any volume.
Updated July 13, 2026
Requirements for every sender
- SPF or DKIM passing (at least one; both strongly recommended) — verify with the SPF checker and DKIM checker.
- Valid forward and reverse DNS (PTR) on sending IPs — handled by your provider unless you self-host.
- TLS for message transmission — every major provider does this by default.
- Spam rate kept under 0.3% in Google Postmaster Tools.
Additional requirements for bulk senders (5,000+/day)
- Both SPF and DKIM passing.
- A DMARC record — p=none satisfies the requirement, enforcement protects you.
- DMARC alignment: the From domain must align with SPF or DKIM — see alignment explained.
- One-click unsubscribe (RFC 8058 List-Unsubscribe-Post headers) on marketing/subscribed mail, honored within 2 days.
- No impersonating Gmail From addresses (sending 'from' @gmail.com through your own infrastructure fails DMARC — Gmail enforces p=quarantine on gmail.com).
Checking yourself in one pass
Our compliance checker evaluates the DNS-verifiable requirements — SPF validity, DKIM presence, DMARC record and policy — against Google's, Yahoo's, and Microsoft's rulesets in one run. The parts DNS can't see (spam rate, unsubscribe headers on actual sends) need Postmaster Tools and a look at your ESP settings; HealthCheck Email monitors the observable set continuously and re-checks daily.
What happens if you don't comply
Enforcement is graduated: first a rising percentage of your mail gets rejected or spam-foldered, then — for persistent authentication failures — outright 550 blocks. The practical translation: these aren't guidelines you optimize for, they're the cost of entry. The good news is the checklist is finite, and most of it is a one-time DNS setup.