← Back to Learn Hub

Google and Yahoo Sender Requirements Explained

In February 2024, Google and Yahoo introduced sender requirements for email delivered to Gmail and Yahoo Mail. The requirements made email authentication — SPF, DKIM, and DMARC — a condition of reliable delivery, with stricter rules for senders above 5,000 messages per day.

The requirements affect most businesses, not only large senders, because a significant share of business email addresses are hosted on Google Workspace. This guide sets out what the rules require, who they apply to, and how to meet them.

Why the Requirements Were Introduced

Spam filtering has historically relied on analysing message content and sender behaviour, which involves a degree of guesswork. Authentication removes much of it: when senders prove which domain a message came from, forged and unwanted mail is easier to identify and block.

Google and Yahoo coordinated their announcements and enforce similar rules. Microsoft introduced closely matching requirements for Outlook, Hotmail, and Live recipients in 2025, which means the three largest inbox providers now apply broadly the same standard.

Requirements for All Senders

A baseline applies to every sender, regardless of volume:

  • Authenticate email with SPF or DKIM at minimum
  • Keep the spam complaint rate below 0.3% of delivered messages — Google recommends staying under 0.1%
  • Send from a domain with valid forward and reverse DNS records
  • Provide a clear way to unsubscribe from marketing email and honour requests promptly

Additional Requirements for Bulk Senders

Senders delivering 5,000 or more messages per day to Gmail addresses are classed as bulk senders and must also meet the following:

  • Pass both SPF and DKIM, not just one
  • Publish a DMARC record — a policy of p=none meets the minimum requirement
  • Ensure the domain in the From address aligns with the domain validated by SPF or DKIM
  • Support one-click unsubscribe (the list-unsubscribe header) in marketing messages and process requests within two days

Who counts as a bulk sender

The 5,000-message threshold counts all email from your domain to Gmail addresses within a 24-hour period — newsletters, invoices, notifications, and transactional messages combined. A single large campaign can cross it, and Google's guidance states that once a domain has been classed as a bulk sender, the classification is permanent.

What Happens to Non-Compliant Email

Mail that fails the requirements can be delivered to spam, deferred with temporary errors, or rejected. Rejection notices reference the sender guidelines in the bounce message.

Enforcement is graduated rather than immediate, so the effect typically appears as a decline in delivery rates over time rather than a single visible failure. Falling open rates, unanswered emails, and bounce messages mentioning authentication are the usual first signs.

Recovering from delivery problems takes longer than preventing them, because sender reputation rebuilds over weeks of consistent, authenticated sending.

Do the Requirements Apply to Small Businesses?

Yes, in three respects.

The baseline requirements — authentication, valid DNS, and low complaint rates — apply at every sending volume.

Delivery destination matters more than your own size. Google Workspace hosts email for millions of businesses, so messages sent to corporate addresses are frequently filtered by Gmail even when the address shows a company domain.

The requirements have also become the de facto industry standard. Microsoft applies matching rules, and other providers weigh the same signals in their filtering. Meeting the standard improves delivery everywhere, not only at Google and Yahoo.

How to Meet the Google and Yahoo Sender Requirements

Compliance is a defined checklist. For most businesses it takes a few weeks, much of which is monitoring time:

  • Publish a correct SPF record covering every service that sends email for your domain
  • Enable DKIM signing on each of those services — your mail provider, newsletter tool, CRM, and invoicing software
  • Publish a DMARC record, start in monitoring mode, and use the reports to confirm every legitimate sender passes
  • Move DMARC to enforcement once your senders are aligned, so forged mail is blocked as well
  • Confirm your marketing platform supports one-click unsubscribe — most major tools added it for these rules
  • Monitor your spam complaint rate in Google Postmaster Tools and keep your lists clean

Check your domain now

Enter your domain to see your current email security status.

Frequently Asked Questions

What are the Google and Yahoo sender requirements?

Rules enforced since February 2024 for email delivered to Gmail and Yahoo Mail. All senders must authenticate with SPF or DKIM and keep spam complaints low. Bulk senders — 5,000 or more messages a day — must pass both, publish a DMARC record, and offer one-click unsubscribe.

Do the requirements apply if I send fewer than 5,000 emails a day?

Yes. The strictest rules target bulk senders, but the baseline — authentication with SPF or DKIM, valid DNS, and low complaint rates — applies to everyone. Smaller senders without DMARC also see worse inbox placement in practice, so meeting the full standard is worthwhile at any volume.

Is p=none enough to satisfy the DMARC requirement?

Currently, yes — Google and Yahoo accept a DMARC record with a p=none policy. A p=none policy only monitors, however; it does not block anyone from spoofing your domain. Treat it as the starting point, then move to enforcement once your legitimate senders all pass authentication checks.

What happens if my emails fail the requirements?

Gmail and Yahoo may deliver your messages to spam, defer them, or reject them with an error referencing their sender guidelines. The effect usually builds gradually, so falling delivery rates, unanswered emails, and bounce notices mentioning authentication are the typical first symptoms.

Has Microsoft introduced the same requirements?

Yes. In 2025 Microsoft announced matching requirements for high-volume senders to Outlook, Hotmail, and Live addresses: SPF and DKIM must pass, a DMARC record must be published, and unsubscribing must be straightforward. The three largest inbox providers now enforce essentially the same standard.

The Google and Yahoo sender requirements made SPF, DKIM, and DMARC a standing condition of email delivery, and Microsoft has extended the same rules to its own inboxes. Compliance now determines whether business email reaches recipients at every major provider.

Enter your domain above to check your records against the requirements.

If anything is missing, readyDMARC handles it — full setup, a safe rollout to DMARC enforcement, and ongoing monitoring. See our managed email security services to book a call.

Related Articles

What Is DMARC? How It Protects Your Email

Learn what DMARC is, how it stops email spoofing and phishing, and why every domain needs a DMARC po...

Read more →

What Is SPF? How Sender Policy Framework Works

Learn what SPF is, how Sender Policy Framework stops email spoofing, protects your domain, and impro...

Read more →

What Is DKIM? How Email Signing Works

Learn what DKIM is, how DomainKeys Identified Mail protects your business emails from tampering, and...

Read more →

Need help setting this up?

We handle email security end to end. No technical knowledge required on your part.

Book a Call