The Gmail.com DMARC policy update you may not know about

While there has been a lot of talk about the new email sender requirements from Google, there's a small updates some may have missed.
new gmail.com dmarc requirement

Back in October 2023, Google and Yahoo jointly announced new email sender requirements for inbound mail to their domains that they would be putting in place early in 2024, requirements that, for now, are focused on bulk senders. 

This announcement and its subsequent updates have rightly gotten the full attention of the email industry. However, there was one other item buried in Google’s announcement that we don’t think people are talking about enough. One of the bullet items in Gmail’s guidelines for all senders reads as follows:

Don’t impersonate Gmail From: headers. Gmail will begin using a DMARC quarantine enforcement policy, and impersonating Gmail From: headers might impact your email delivery.

Long story short: If you have a small business, and you use an email sending service to email contacts, but your From address is NameOfSmallBusiness@gmail.com instead of something like hello@NameOfSmallBusiness.com, your email may be sent to the spam folder beginning in February 2024.

If you’re sending with a From address ending in gmail.com from any platform other than Google, you’re likely going to run into some issues.

What does it mean to impersonate Gmail From: headers?

Sending mail from any platform other than a Google platform with a From address in the gmail.com domain is impersonating Gmail From: headers. 

A typical example would be a small business sending from a platform like Mailchimp, Braze, or Klaviyo using a From address like: “NameOfSmallBusiness@gmail.com”.

This type of email could never pass DMARC authentication because the platform’s servers are not in the SPF record for gmail.com, and the platform cannot DKIM sign such messages using the domain gmail.com. 

By definition, a message that can’t pass DMARC authentication is deemed an impersonation of that domain, and so sending mail in such a manner is impersonating Gmail From: headers.

What action is Google taking here?

For years now, there has been a DMARC policy record for gmail.com, one that has had “p=none” as its policy statement. In DMARC jargon, this means “The domain owner requests that the DMARC validation results for any message using this domain do not influence the message’s disposition.” 

Because there has been a DMARC policy record in place for a long time, messages that impersonate Gmail From: headers have been failing DMARC for a long time; however, because the policy statement up until now has been p=none, these failures have had little to no impact on these messages.

Starting on February 1, 2024, Google will be changing this policy statement to “p=quarantine”, which means that they’re requesting that messages using gmail.com in From domain that fail DMARC be placed in the spam folder. What this means is that messages that impersonate Gmail From: headers are likely to end up in recipients’ spam folders, rather than their inboxes.

dmarc-policy-graphic

Am I affected by this?

If you’re in the habit of sending email from a platform that isn’t Gmail while using a From email address that ends in gmail.com, then you’re going to be affected by this.

In the above example, if you’re sending emails to contacts from an email platform using  “NameOfSmallBusiness@gmail.com”, any mail you send will likely be delivered to the spam folder at any mailbox provider that honors DMARC policies. 

I’m affected! What do I do?

The short answer here is that if you’re sending mail from a third-party platform, especially mail that’s related to your business, you should use a domain that can properly authenticate on that platform. 

The best choice for this would be a domain that you own. Many small businesses have their own domain for a website; they just never bothered setting up the domain for email. There are lots of small businesses out there sending email as “NameOfSmallBusiness@gmail.com” telling their customers to check out their website at www.NameOfSmallBusiness.com. Instead, you should use something like “hello@NameOfSmallBusiness.com.” 

If you don’t currently have your own domain for your business, you should get one. Registering a domain only costs a few dollars per year, and it’s industry best practice to send business-related emails using a domain name that is clearly and recognizably associated with the business. Your customers are much more likely to engage with your email if it’s sent from an email address using your own domain rather than Gmail’s.

Once you’ve decided on a domain to use, contact your ESP for help not only with setting up sending mail using your domain, but also making sure that you transition properly to doing so. 

They can advise you on how best to notify your customers to update their address books or email filters, how to make sure that your domain’s mail properly authenticates using DMARC (something Valimail can certainly help with), and how to warm up your domain for sending to get best results.

If you’re still unsure of what all this means and where to get started, check out our new eBook: The Email Marketer’s Guide to DMARC. Here, you’ll learn what DMARC is, what the benefits are, and how to implement it correctly.

Get started for free
with Monitor

Start your path to DMARC enforcement with a panoramic view of the traffic being sent on your behalf.
No trial offers, credit cards, or obligations.

Explore all Valimail
has to offer

Go one step further than visibility…Take action! Reach DMARC enforcement faster. Stay compliant with evolving sender requirements. All while protecting your brand.

Phishing and BEC protection starts with your domain — verify your DMARC status with the Valimail Domain Checker.