The Gmail.com DMARC policy update you may not know about

Feb. 5, 2024
Gmail will begin using a DMARC quarantine enforcement policy, and impersonating Gmail From: headers might impact your email delivery.

Back in October 2023, Google and Yahoo jointly announced new email sender requirements for inbound mail to their domains that they would be putting in place early in 2024, requirements that, for now, are focused on bulk senders.

This announcement and its subsequent updates have rightly gotten the full attention of the email industry. However, there was one other item buried in Google’s announcement that we don’t think people are talking about enough. One of the bullet items in Gmail’s guidelines for all senders reads as follows:

Don’t impersonate Gmail From: headers. Gmail will begin using a DMARC quarantine enforcement policy, and impersonating Gmail From: headers might impact your email delivery.

Long story short: If you have a small business, and you use an email sending service to email contacts, but your From address is [email protected] instead of something like [email protected], your email may be sent to the spam folder beginning in February 2024.

If you’re sending with a From address ending in gmail.com from any platform other than Google, you’re likely going to run into some issues.

What Does It Mean to Impersonate Gmail From: Headers?

Sending mail from any platform other than a Google platform with a From address in the gmail.com domain is impersonating Gmail From: headers. 

A typical example would be a small business sending from a platform like Mailchimp, Braze, or Klaviyo using a From address like: “[email protected]”.

This type of email could never pass DMARC authentication because the platform’s servers are not in the SPF record for gmail.com, and the platform cannot DKIM sign such messages using the domain gmail.com. 

By definition, a message that can’t pass DMARC authentication is deemed an impersonation of that domain, and so sending mail in such a manner is impersonating Gmail From: headers.

What Action Is Google Taking Here?

For years now, there has been a DMARC policy record for gmail.com, one that has had “p=none” as its policy statement. In DMARC jargon, this means “The domain owner requests that the DMARC validation results for any message using this domain do not influence the message’s disposition.” 

Because there has been a DMARC policy record in place for a long time, messages that impersonate Gmail From: headers have been failing DMARC for a long time; however, because the policy statement up until now has been p=none, these failures have had little to no impact on these messages.

Starting on February 1, 2024, Google will be changing this policy statement to “p=quarantine”, which means that they’re requesting that messages using gmail.com in From domain that fail DMARC be placed in the spam folder. What this means is that messages that impersonate Gmail From: headers are likely to end up in recipients’ spam folders, rather than their inboxes.

Am I Affected By This?

If you’re in the habit of sending email from a platform that isn’t Gmail while using a From email address that ends in gmail.com, then you’re going to be affected by this.

In the above example, if you’re sending emails to contacts from an email platform using  “[email protected]”, any mail you send will likely be delivered to the spam folder at any mailbox provider that honors DMARC policies. 

I’m Affected! What Do I Do?

The short answer here is that if you’re sending mail from a third-party platform, especially mail that’s related to your business, you should use a domain that can properly authenticate on that platform. 

The best choice for this would be a domain that you own. Many small businesses have their own domain for a website; they just never bothered setting up the domain for email. There are lots of small businesses out there sending email as “[email protected]” telling their customers to check out their website at www.NameOfSmallBusiness.com. Instead, you should use something like “[email protected].

If you don’t currently have your own domain for your business, you should get one. Registering a domain only costs a few dollars per year, and it’s industry best practice to send business-related emails using a domain name that is clearly and recognizably associated with the business. Your customers are much more likely to engage with your email if it’s sent from an email address using your own domain rather than Gmail’s.

Once you’ve decided on a domain to use, contact your ESP for help not only with setting up sending mail using your domain, but also making sure that you transition properly to doing so. 

They can advise you on how best to notify your customers to update their address books or email filters, how to make sure that your domain’s mail properly authenticates using DMARC (something Valimail can certainly help with), and how to warm up your domain for sending to get best results.

If you’re still unsure of what all this means and where to get started, check out our new eBook: The Email Marketer’s Guide to DMARC. Here you’ll learn what DMARC is, what the benefits are, and how to implement it correctly.

LEARN MORE ABOUT DMARC

Blog post originally hosted on Valimail.