Google and Yahoo Bulk Sender Requirements: The Complete Compliance Checklist

Best Practices

In February 2024, Google and Yahoo introduced bulk sender requirements that changed email deliverability permanently. If you send more than 5,000 emails per day to Gmail or Yahoo addresses, you must meet specific authentication, unsubscribe, and spam rate requirements — or your emails get blocked.

These requirements started with soft enforcement (warnings and spam folder placement) and have since escalated to outright rejection. Microsoft followed with similar rules in May 2025. This isn't optional anymore.

Here's your compliance checklist.

Who Counts as a Bulk Sender?

You're a bulk sender if you send approximately 5,000 or more messages in a single day to Gmail or Yahoo addresses. Google counts messages per sending domain, not per IP address.

Important: this threshold is cumulative across all email types — marketing, transactional, and automated. If your marketing platform sends 3,000 and your application sends 2,000, you've hit 5,000.

Even if you're below the threshold, meeting these requirements improves deliverability for all senders.

The Compliance Checklist

1. SPF Authentication — Required

Your domain must have a valid SPF record that authorizes your sending servers.

RequirementStatus Check SPF record existsTXT record at your domain starting with v=spf1 Includes all sendersEvery service that sends email for you is listed Record is validUnder 10 DNS lookups, no syntax errors SPF passesSending IP matches an authorized source

Check your SPF record — if it shows any warnings or failures, fix those first.

2. DKIM Authentication — Required

Your emails must be signed with a valid DKIM key of at least 1,024 bits (2,048 recommended).

RequirementStatus Check DKIM record in DNSTXT record at selector._domainkey.yourdomain.com Key is 1024+ bits2048-bit recommended for security Signatures validateReceiving servers can verify the signature Domain alignsDKIM signing domain matches or is a subdomain of your From address

Your email service provider typically handles DKIM signing — you need to add their DNS record. Check your ESP's documentation for the specific record to add.

3. DMARC Record — Required

You must publish a DMARC record at minimum p=none.

RequirementStatus Check DMARC record existsTXT record at _dmarc.yourdomain.com Policy is setAt minimum p=none (p=quarantine or p=reject preferred) Alignment passesSPF or DKIM domain aligns with your From domain

A p=none policy satisfies the minimum requirement, but Google and Yahoo are increasingly favoring senders with p=quarantine or p=reject. Plan to progress your DMARC policy.

4. Spam Complaint Rate — Below 0.3%

This is the requirement that catches most senders off guard.

ThresholdConsequence Below 0.1%Good — this is the recommended target 0.1% – 0.3%Warning zone — take action to reduce Above 0.3%Emails will be filtered or rejected

You can only monitor Gmail complaint rates through Google Postmaster Tools (postmaster.google.com). Your ESP's complaint data won't show Gmail-specific rates because Gmail doesn't participate in traditional feedback loops.

5. One-Click Unsubscribe — Required for Marketing Email

Marketing and promotional emails must include:

• A List-Unsubscribe header (both mailto: and HTTPS URL)
• A List-Unsubscribe-Post header for one-click functionality
• A visible unsubscribe link in the email body

When a user clicks unsubscribe, you must process the request within 2 business days.

6. TLS Encryption — Required

Your sending servers must support TLS (Transport Layer Security) for SMTP connections. Most modern email service providers handle this automatically, but verify with your ESP if you're unsure.

7. Valid Forward and Reverse DNS — Required

Your sending IP addresses must have:

• Forward DNS (A record): Hostname resolves to the IP address
• Reverse DNS (PTR record): IP address resolves back to the hostname

If you're using a shared email service provider, they handle this. If you're sending from your own infrastructure, verify PTR records are configured.

8. RFC 5322 Compliance — Required

Your emails must follow internet message format standards. In practice, this means:

• Valid From header with a real domain you control
• Don't impersonate Gmail or other provider addresses in your From field
• Properly formatted message headers

Quick Compliance Audit

Use this quick checklist to verify your status:

What Happens If You Don't Comply

Google and Yahoo enforce these requirements progressively:

1. Temporary errors — Emails get deferred with a 4xx error, prompting retry
2. Spam folder placement — Non-compliant emails are filtered to spam
3. Rejection — Emails are bounced with a 5xx error (permanent failure)

Since late 2024, Google has been at stage 3 for many non-compliant senders. If your bounce rates have increased with Gmail, non-compliance is the likely cause.

Microsoft's Requirements (May 2025)

Microsoft joined with similar requirements for Outlook.com, Hotmail, and Live.com:

• SPF, DKIM, and DMARC all required for 5,000+ daily senders
• Non-compliant messages go to Junk first, then get blocked with error 550 5.7.515

The same authentication setup that satisfies Google and Yahoo also satisfies Microsoft. Fix once, comply everywhere.

Beyond the Basics

Meeting the minimum requirements is necessary but not sufficient for great deliverability. Senders who perform best also:

• Maintain complaint rates below 0.05% (not just 0.3%)
• Use p=reject DMARC policy (not just p=none)
• Separate transactional and marketing email on different subdomains
• Clean their lists regularly to remove disengaged subscribers
• Warm up new domains and IPs gradually

The requirements set a floor. The best senders aim much higher.