Gmail and Yahoo require bulk senders (5,000+ messages/day to their users) to: 1) authenticate with SPF and DKIM, 2) publish a DMARC record (at minimum p=none), 3) include one-click unsubscribe (List-Unsubscribe header with RFC 8058), 4) keep spam complaint rate below 0.3% (target under 0.1%), and 5) use a From: domain that aligns with SPF or DKIM. Non-compliance results in throttling, spam placement, or rejection.
Gmail and Yahoo 2024 Bulk Sender Requirements: Full Compliance Checklist
What Changed
In October 2023, Gmail and Yahoo jointly announced new requirements for bulk email senders. These are not suggestions. They are enforced requirements. Non-compliance means your email doesn't reach the inbox.
The Requirements
1. Email Authentication (All Senders)
SPF: Publish an SPF record that includes your sending service. Must pass. See our email authentication guide for full setup instructions.
DKIM: Sign all outgoing email with DKIM. Must pass.
DMARC: Publish a DMARC DNS record for your sending domain. Minimum policy: p=none.
Alignment: Your From: header domain must align with either the SPF domain (envelope sender) or DKIM domain (d= value). At least one must align.
2. One-Click Unsubscribe (Bulk Senders: 5,000+/day)
Include both headers in every marketing email:
List-Unsubscribe: <https://yourdomain.com/unsubscribe?id=USER_ID>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
The unsubscribe must work with a single POST request — no confirmation pages, no login required.
Most ESPs add these headers automatically. If you're using custom SMTP, you must implement this yourself.
3. Spam Complaint Rate (Bulk Senders)
Hard requirement: Spam complaint rate must stay below 0.3%.
Target: Google recommends keeping it below 0.1%.
Monitor your spam rate in Google Postmaster Tools. If you exceed 0.3%, Gmail will start rejecting or spam-filtering your mail.
4. Other Requirements
- Valid forward and reverse DNS (PTR record) for sending IPs
- TLS encryption for SMTP transmission
- RFC 5321/5322 compliance for message formatting
- Don't impersonate Gmail in your From: headers
- Visible unsubscribe link in the email body
The Compliance Checklist
- SPF record published and includes all sending services
- DKIM configured and signing for all sending services
- DMARC record published (at minimum v=DMARC1; p=none; rua=mailto:...)
- From: domain aligns with SPF or DKIM
- List-Unsubscribe and List-Unsubscribe-Post headers present on marketing email
- Unsubscribe link visible in email body
- Spam complaint rate below 0.3% (check Google Postmaster Tools)
- PTR record set for sending IP
- TLS enabled on SMTP connections
- Google Postmaster Tools configured for monitoring
Common Compliance Failures
Using a free email (gmail.com, yahoo.com) as your From: address: Gmail's DMARC policy is p=reject. If you send bulk email "from" a @gmail.com address through your ESP, DMARC fails and messages are rejected. Use your own domain.
Multiple ESPs without unified SPF: If you use Klaviyo for marketing and SendGrid for transactional but only have Klaviyo in your SPF record, SendGrid emails fail SPF. Include all senders.
Third-party forms and CRMs: Services that send email "on your behalf" (GoHighLevel, HubSpot, etc.) must be included in your authentication records. Many people forget these.
Practitioner note: The one-click unsubscribe requirement catches the most people off guard. If you're using a custom SMTP setup or a lesser-known ESP, verify the headers are actually present by viewing the raw message source. Many setups are missing the List-Unsubscribe-Post header specifically.
Practitioner note: Google Postmaster Tools is the single most important monitoring tool now. If you haven't set it up, do it today. It's the only way to see your actual spam complaint rate at Gmail, which is the metric that triggers enforcement.
If you're not sure whether your setup complies, schedule an audit — I'll verify every requirement and fix what's missing.
Sources
- Google: Email sender guidelines
- Yahoo: Sender Requirements
- RFC 8058: Signaling One-Click Functionality for List Email Headers
v1.0 · March 2026
Frequently Asked Questions
When did the Gmail and Yahoo bulk sender requirements take effect?
Requirements were announced in October 2023. Enforcement began in February 2024 with gradual rollout. As of mid-2024, enforcement is fully active. All senders above 5,000 messages/day must comply.
Do these requirements apply to me if I send less than 5,000 emails per day?
The strictest requirements (DMARC, one-click unsubscribe) are mandatory for 5,000+/day bulk senders. However, SPF and DKIM are effectively required for all senders — without them, your email is significantly more likely to be spam-filtered regardless of volume.
What happens if I don't comply?
Gmail will temporarily reject messages with error codes, throttle delivery, or send messages directly to spam. Yahoo similarly rejects or spam-filters non-compliant senders. The enforcement is automated and gets stricter over time.
Does DMARC need to be at p=reject?
No. The minimum requirement is p=none (monitor only). However, p=none provides no protection against spoofing. Google recommends advancing to p=quarantine or p=reject. For deliverability purposes, having DMARC at any policy level satisfies the requirement.
What is one-click unsubscribe and how do I implement it?
One-click unsubscribe uses the List-Unsubscribe and List-Unsubscribe-Post email headers (per RFC 8058) to let recipients unsubscribe without visiting a webpage. Most major ESPs (Klaviyo, Mailchimp, SendGrid, etc.) handle this automatically. If you're sending via custom SMTP, you must add these headers yourself.
Want this handled for you?
Free 30-minute strategy call. Walk away with a plan either way.