Gmail Authentication Requirements & Best Practices

It is imperative that you implement the following email authentication methods for your domain. Authenticated messages serve several crucial purposes:

• They safeguard recipients from potentially harmful messages, including spoofing and phishing attempts.
• They protect both you and your organization from potential impersonation.
• They are less likely to be rejected or flagged as spam by Gmail.

To ensure proper email authentication, set up these methods for each of your sending domains at your domain provider. Additionally, consult your domain provider’s specific instructions alongside the guidance provided here.

Google conducts thorough checks on messages sent to Gmail accounts to verify their authentication. To enhance email delivery rates, we strongly recommend the consistent implementation of SPF, DKIM, and DMARC for your domains. Ensure that you meet the minimum authentication requirements outlined in the Sender Guidelines. Messages lacking proper authentication through these methods may be categorized as spam or face rejection with a 5.7.26 error.

For those utilizing an email service provider, it is crucial to confirm that they authenticate your domain’s email using both SPF and DKIM.

Furthermore, it is advisable to consistently utilize the same domain for email authentication as well as hosting your public website. This practice helps maintain a seamless and secure online presence.

SPF (Sender Policy Framework)

SPF serves as a protective measure against spammers attempting to send deceptive messages from your domain. Establish SPF by creating and publishing an SPF record on your domain. This record should encompass all email senders associated with your domain. Failing to include third-party senders in your SPF record may lead to their messages being flagged as spam. Learn how to define and implement your SPF record for optimal security.

DKIM (DomainKeys Identified Mail)

Activate DKIM for the domain responsible for sending your emails. Receiving servers rely on DKIM to verify that the sender’s domain indeed originated the message. Familiarize yourself with the process of enabling DKIM for your domain.

Note: Sending messages to personal Gmail accounts necessitates a DKIM key of 1024 bits or greater. For enhanced security, we recommend utilizing a 2048-bit key if supported by your domain provider. Learn more about DKIM key lengths for optimal protection.

DMARC (Domain-based Message Authentication, Reporting, and Conformance)

DMARC empowers you to instruct receiving servers on how to handle messages from your domain that do not pass SPF or DKIM authentication. Set up DMARC by issuing a DMARC record for your domain. To successfully authenticate through DMARC, messages must undergo validation via SPF and/or DKIM. The authenticating domain must align with the domain indicated in the message’s From: header. Familiarize yourself with the process of adding a DMARC record to your domain.

We strongly recommend configuring DMARC reporting so you can monitor emails dispatched from your domain or those that appear to be sent from it. DMARC reports offer valuable insights into potential domain impersonation. Learn more about the benefits of DMARC reports.

Upon establishing DMARC, consider optionally implementing BIMI to incorporate your brand logo into messages sent from your domain. Learn how to integrate your brand logo using BIMI for added brand visibility and authenticity.

ARC (Authenticated Received Chain)

ARC assesses the prior authentication status of forwarded messages. If a forwarded message successfully passes SPF or DKIM authentication, but ARC indicates a prior authentication failure, Gmail treats the message as unauthenticated.

We highly recommend employing ARC authentication, especially if you regularly forward emails. Gain further insights into the benefits and implementation of ARC authentication for enhanced email security.

Infrastructure Configuration

---

IP Addresses

To ensure smooth email delivery, your sending IP address must possess a PTR (Pointer) record. PTR records serve to confirm that the sending hostname is linked to the corresponding sending IP address. Each IP address should be mapped to a hostname in the PTR record. The hostname specified in the PTR record must have a forward DNS that points back to the sending IP address.

It’s imperative that the sending IP address perfectly aligns with the IP address indicated in the PTR record.

Shared IP Addresses

A shared IP address, as the term suggests, is an IP address utilized by multiple email senders. The activities of all senders utilizing a shared IP address influence the reputation of that particular IP for all users.

A negative reputation can significantly impact your email delivery rate.

If you rely on a shared IP address for sending emails, take the following steps:

• Ensure the shared IP address is not listed on any internet blocklists. Messages sent from IP addresses on a blocklist are more likely to be flagged as spam.
• If you use an email service provider for your shared IP, leverage Postmaster Tools to monitor the reputation of the shared IP address. This helps you stay proactive in maintaining a positive sender reputation.

Managing Subscriptions

It’s crucial to only send emails to individuals who have expressed interest in receiving messages from you. This not only reduces the likelihood of them reporting your emails as spam but also maintains a positive reputation for your domain. Continuous reports of spam can negatively impact your domain’s standing over time. You can keep track of your domain’s reputation using Postmaster Tools.

Facilitating Opt-Ins

To ensure your recipients are genuinely engaged:

• Require recipients to actively opt in to receive messages from you.
• Verify each recipient’s email address before adding them to your subscription list.
• Periodically send messages to confirm that recipients still want to remain subscribed.
• Consider removing recipients who haven’t been opening or reading your messages.

Simplifying Unsubscribes

Always provide an easy way for recipients to opt out of receiving your messages. Allowing people to easily unsubscribe can lead to higher open rates, click-through rates, and overall sending efficiency. Implementing a one-click unsubscribe option simplifies the process. For those sending over 5,000 messages per day, it’s imperative that both marketing and subscribed messages support one-click unsubscribes.

To set up one-click unsubscribe, ensure that both of these headers are included in outgoing messages:

• List-Unsubscribe-Post: List-Unsubscribe=One-Click
• List-Unsubscribe: https://solarmora.com/unsubscribe/example

When a recipient chooses to unsubscribe using the one-click option, you will receive this POST request:

POST /unsubscribe/example HTTP/1.1

Host: solarmora.com

Content-Type: application/x-www-form-urlencoded

Content-Length: 26

List-Unsubscribe=One-Click

For further details on List-Unsubscribe headers, refer to RFC 2369 and RFC 8058.

Additionally, we recommend offering recipients the ability to review the specific mailing lists they are subscribed to. This gives them the option to unsubscribe from individual lists or from all lists at once. It’s also advisable to automatically unsubscribe recipients who have experienced multiple bounced messages.

Message Formatting Guidelines

To enhance the chances of your messages reaching the inbox in Gmail rather than the spam folder, it’s crucial to adhere to these message formatting recommendations:

• Format messages in accordance with the Internet Format Standard (RFC 5322).
• If your messages are in HTML, ensure they are formatted according to HTML standards.
• Avoid using HTML and CSS to conceal content in your messages, as this may lead to messages being flagged as spam.
• Ensure that the “From:” header includes only one email address, for instance:
  • From: notifications@solarmora.com
• Verify that every message contains a valid Message-ID (RFC 5322).
• Single-instance message headers (e.g., From, To, Subject, and Date as per RFC 5322 should only be included once in a message.
• Steer clear of excessively large message headers. You can find further details on Gmail’s message header limits here
• Web links within the message body should be visible and easily understandable. Recipients should have a clear idea of what to expect when they click a link.
• Ensure that sender information is prominently displayed and easy to discern.
• Message subjects should be accurate and free from misleading information.
• Format international domains (Authenticating domain, Envelope from domain, Payload domain, Reply-to domain, Sender domain) in accordance with the Highly Restrictive guidelines outlined in section 5.2 of Unicode Technical Standard #39.

Sending Best Practices

---

To increase the likelihood of your messages being delivered successfully and not ending up in spam or being blocked by Gmail, it’s important to follow these general best practices:

Recommended Sending Practices:

• Authenticate emails with SPF and DKIM, ensuring alignment. If you use an email provider, verify that your provider supports these authentication methods.
• Ideally, send all messages from the same IP address. If you need to send from multiple IP addresses, assign a different IP address for each type of message. For example, use one IP address for sending account notifications and a different one for sending promotional messages.
• Messages of the same category should bear the same “From:” email address. For instance, messages from a domain like solarmora.com might have “From:” addresses such as:
  • Sales receipt messages: sales@solarmora.com
  • Promotional messages: deals@solarmora.com
  • Account notification messages: alert@solarmora.com
• Messages sent from an address in the recipient’s contacts are less likely to be marked as spam.

Sending Practices to Avoid:

• Avoid combining different types of content in the same message. For example, refrain from including promotions in sales receipt messages.
• Do not impersonate other domains or senders without permission. This practice, known as spoofing, may lead to Gmail marking these messages as spam.
• Refrain from marking internal messages as spam, as this can adversely impact your domain’s reputation and result in future messages being marked as spam.
• Do not purchase email addresses from other companies.
• Only send messages to individuals who have explicitly signed up to receive messages from you. Sending to unverified recipients may lead to them marking your messages as spam, potentially affecting future deliverability.
• Be cautious with opt-in forms; ensure they are not pre-checked, and users should actively subscribe. Some regions have restrictions on automatic opt-ins, so it’s essential to be compliant with local laws.

Remember, even legitimate messages may occasionally be flagged as spam. Recipients can mark valid messages as “not spam,” which helps ensure future messages from the sender are delivered to their inbox.

Gradual Increase in Sending Volume:

When ramping up your email sending volume, keep the following in mind:

• Gradual increases are advised to avoid delivery issues. Use Postmaster Tools to monitor mail performance as you increase your sending volume.
• For work and school accounts, sending limits apply even when recipients are in different Google Workspace domains.
• If you use Google Workspace or Gmail for sending, when you reach the sending limit, Google Workspace limits the message sending rate for the sending IP address.
• If you send large volumes of email, it’s recommended to send at a consistent rate and start with a low sending volume to engaged users, gradually increasing it over time.
• As you increase the sending volume, keep a close eye on server responses, spam rates, and the reputation of the sending domain.
• Avoid sudden spikes in volume if you don’t have a history of sending large volumes.
• If there are changes in the format of bulk emails or significant changes in sending infrastructure, increase the volume gradually.
• Monitor for bounces or deferrals and adjust sending volume accordingly. If bounce rate is increasing, slow your sending volume until SMTP error rate decreases. Then gradually increase your volume. 
• Adhere to IP limits for sending and be mindful of the domain’s MX host.

Remember, recipient feedback and email subscription practices play a vital role in determining how quickly you can increase your sending volume. Following these best practices will likely resolve any deliverability issues that may arise.

Special Considerations

---

Using Email Service Providers

Google and Gmail do not accept allowlist requests from email providers. Therefore, we cannot guarantee that messages sent by email providers will bypass Gmail’s spam filters.

If you utilize a third-party email provider to send emails on behalf of your domain, here are some steps to consider:

• Ensure that the provider adheres to the guidelines outlined in this article. Larger providers like Google, AOL, and Yahoo typically comply with these standards.
• Confirm that the SPF record for your domain includes references to all email senders associated with your domain. Messages sent from these providers are more likely to be marked as spam if third-party senders are not included in your SPF record. Learn how to configure your SPF record.

For those who manage their own email while using a domain provider, we recommend the following:

• Review and implement the best practices outlined in this article for sending email to Gmail accounts.
• Utilize Postmaster Tools to keep track of information regarding messages sent from your domain to Gmail accounts.

Third-Party Email Providers
If clients use your service to send emails, you bear responsibility for their sending practices. To effectively manage your clients’ sending activity, consider these steps:

• Provide an email address dedicated to reporting email abuse, such as: abuse@mail-provider.com.
• Ensure that your contact information in your WHOIS record and on abuse.net is up to date.
• Take immediate action to remove any client who utilizes your service for sending spam.

Affiliate Marketing

Affiliate marketing programs offer incentives to companies or individuals who direct traffic to your website. However, it’s important to be aware that these programs can be exploited by spammers. If your brand becomes associated with marketing spam, it may lead to other messages sent by you being flagged as spam.

We strongly advise that you regularly monitor your affiliates and promptly remove any affiliates found engaging in spammy practices.

Phishing Exercises

Avoid sending test phishing messages or test campaigns from your domain. Doing so may have a negative impact on your domain’s reputation and could result in your domain being added to internet blocklists.

Monitoring and Troubleshooting

Postmaster Tools

Make use of Postmaster Tools to gain insights into the emails you send to Gmail users. This includes information on:

• Recipients marking your messages as spam.
• Possible reasons for non-delivery of your messages.
• Authentication status of your messages.
• Your domain or IP reputation and how it affects message delivery rates.

Spam Rate

• Regularly monitor your domain’s spam rate within Postmaster Tools.
• Aim to maintain a spam rate below 0.10%.
• Avoid sustaining a spam rate of 0.30% or higher, as it can have adverse effects.
• Keeping a low spam rate helps in handling occasional spikes in user feedback.
• It’s important to note that improvements in spam rate may take some time to positively impact spam classification.

Open Rate

• Google does not explicitly track open rates.
• Google cannot verify the accuracy of open rates reported by third-party sources.
• Low open rates may not necessarily indicate deliverability or spam classification issues accurately.

Troubleshooting

Warning Banners

• Regularly ensure that your domain is not flagged as unsafe by Google Safe Browsing.
• To check your domain status, simply enter your domain in the Safe Browsing site status page.
• Don’t forget to also check any other domains linked to yours.

Delivery Issues with Email Service Providers

If you’re encountering delivery problems with email sent via a service provider, make sure they adhere to the recommended practices outlined in this article.

Using the Google Admin Toolbox for Domain Settings

Utilize the Google Admin Toolbox to review and rectify settings for your domain.

Resolving Rejected Emails

If your messages are being rejected, you may receive an error message. Understanding the error message can help you identify and fix the problem. Here are some common error messages:

• 421, “4.7.0”: Messages are rejected due to the sending server’s IP address not being on the allowed list for the recipient’s domain.
• 550, “5.7.1”: Messages are rejected because the sending server’s IP address is on a suspended list. You might encounter this error when sending mail using a shared IP with a poor reputation.

For more information on email and SMTP error messages, refer to the SMTP error reference.

• Resolving Bounced or Rejected Emails

Address IPv6 authorization errors which could indicate that the PTR record for the sending server is not utilizing IPv6. If you use an email service provider, verify that they employ an IPv6 PTR record.

Example of an IPv6 authorization error:

550-5.7.1: Message does not comply with IPv6 sending guidelines regarding PTR records and authentication.

Using the Troubleshooting Tool

If you’re still experiencing mail delivery issues despite following the guidelines in this article, consider using the Troubleshooting for senders with email delivery issues.