Blogs

The Developer's Guide to Google Bulk Sender Requirements

The Developer's Guide to Google Bulk Sender Requirements

The Developer's Guide to Google Bulk Sender Requirements

Feb 5, 2024

A step-by-step technical guide for developers and SaaS companies that want their email notifications to comply with Google's and Yahoo's new bulk sender policies.

Context

Starting in February 2024, Google enforces new requirements for sending emails to its users.

Does this apply to me?

Yes. The requirements can be split into 3 levels:

  1. Basic requirements for any sender

  2. Bolder new requirements for domains that send more than 5000 emails per day

  3. One additional requirement for domains that send marketing emails

Since it is unclear how Google recognizes your emails as transactional vs. marketing, we recommend that anyone sending more than 5k emails/day follow all the requirements.

Does NotificationAPI help with compliance?

NotificationAPI users are automatically compliant.

Level 1 Requirements:
Any Sender

1. SPF & DKIM

You probably have one or both of these DNS records already setup:

  • AWS SES: Verified domains use DKIM by default, you may need to verify SPF

  • SendGrid: DKIM & SPF verified by default

  • Mailgun: you need to check the "DKIM" option when configuring your domain

How to test: 

Send an email to yourself in Gmail. Check your domain's verifications using the "Show Original" option.

Test SPF/DKIM/DMARC verification in Google

2. Spam rate < 0.1% - 0.3%

This refers to how many of your outgoing emails are reported as spam by recipients. Google suggests keeping this below 0.1% (1 in 1000 emails) and avoiding 0.3%.

We recommend signing up for Google Postmaster Tools, which reports on your domain's email reputation and spam rates.

3. Generic requirements: PTR Record, TLS Connection, RFC 5322 Email Formatting

If you use any modern email service, you shouldn't worry about these requirements.

Level 2 Requirements:
Senders with 5000+ emails/day

4. DMARC record

DMARC is a TXT record that has many configurations. Simply, it tells recipients how to treat emails from your domain that don't pass SPF/DKIM verification.

Setting a strict DMARC configuration could block your emails. So be careful!

We recommend that you start with a loose DMARC record, such as:

Record Name: _dmarc

Record Value: v=DMARC1; p=none;

This record tells recipients that you want to follow DMARC standard v1 (recommended) but not to do anything (p=none) when they encounter an email from your domain that doesn't pass SPF/DKIM.

Over time, you want to change the DMARC record to:

  1. Report back emails with faulty SPF/DKIM using the rua option,

  2. Fix the issues,

  3. And make the DMARC record more strict using the p option

5. DMARC Alignment

There are two "from" addresses for every email:

  1. Header From: the regular From address you see on an email, e.g. John Smith <john@smith.com>

  2. Envelope From: refers to the source of the email. For example, an email from john@smith.com may have an envelope header sendegrid.com.

DMARC Alignment means Header From matching your Envelope From.

Alignment could be 1) relaxed, where one From is the subdomain of the other from, or 2) strict, where the domains exactly match. Google is ok with either.

In the image below, you see a spam email where the Header From differs from the Envelope From, and Gmail is bringing attention to it with the "via" keyword.


Level 3 Requirements:
For marketing emails, BUT…

There is no way to know how Google categorizes your emails (marketing vs transactional), so we recommend doing this anyway.


6. One-Click Unsubscribe

First, create an API end-point like the one below. The method must be POST, but the URL can be anything.

  • Method: POST

  • URL: https://app.yourdomain.com/unsubscribe?email=user@gmail.com

  • Body: none

You should unsubscribe the user from your email when this end-point is hit. For example, Google will call this end-point when the user hits the "Unsubscribe" button in Gmail's interface.


The One-Click Unsubscribe mechanism in action

Then, add the following headers to your outgoing emails:

  • List-Unsubscribe-Post: List-Unsubscribe=One-Click

  • List-Unsubscribe: <https://app.yourdomain.com/unsubscribe?email=user@gmail.com>

Remember to replace it with actual values.

Compliance through NotificationAPI

NotificationAPI provides the one-click unsubscribe option at no cost without writing a single line of code. Our account setup process also ensures your emails comply with SPF, DKIM, DMARC, and DMARC Alignment.

So, all NotificationAPI users are compliant without additional effort.

Sources