Since early 2024, Google and Yahoo require senders to authenticate their mail, and Microsoft has followed with similar rules. If you send in any volume and do not meet them, your mail is throttled or rejected. Here is what the requirements actually ask for and how to comply.
The core requirements
- Authenticate with SPF and DKIM. Both must be set up and passing for your domain.
- Publish a DMARC record. A policy of
p=nonemeets the baseline, though enforcement is stronger. See how to set up DMARC. - Align your From domain. The visible From address must align with SPF or DKIM. See how to fix DKIM alignment.
- Keep spam complaints low. Stay under a 0.3 percent complaint rate.
- Support one-click unsubscribe for bulk marketing mail, and honor it quickly.
- Use TLS for the connection when sending.
Who has to comply
The strictest rules apply to bulk senders, generally those sending thousands of messages a day to consumer mailboxes. But the authentication basics, SPF, DKIM and DMARC, are now expected of every sender. Meeting them is the price of the inbox.
How to get compliant
- Publish and verify SPF and DKIM.
- Publish DMARC, starting at
p=none. - Confirm your From domain aligns.
- Add one-click unsubscribe to bulk mail.
Check your status
Scan your domain to confirm SPF, DKIM and DMARC are in place and passing, which covers the authentication side of the requirements.
Reads public DNS only. Nothing is stored unless you save the domain to an account.