The Gmail.com DMARC policy update SMEs may not know about

The Gmail.com DMARC policy update SMEs may not know about

Valimail CTO, Seth Blank, explains below about an item in Gmail’s new guidelines which will affect SMEs:

Back in October 2023, Google and Yahoo jointly announced new email sender requirements for inbound mail to their domains that they would be putting in place early in 2024, requirements that, for now, are focused on bulk senders. 

This announcement and its subsequent updates have rightly gotten the full attention of the email industry. However, there was one other item buried in Google’s announcement that we don’t think people are talking about enough. One of the bullet items in Gmail’s guidelines for all senders reads as follows:

Don’t impersonate Gmail From: headers. Gmail will begin using a DMARC quarantine enforcement policy, and impersonating Gmail From: headers might impact your email delivery.

Long story short: If you have a small business and you use an email sending service to email contacts, but your From address is [email protected] instead of something like [email protected], your email may be sent to the spam folder beginning in February 2024.

If you’re sending with a From address ending in gmail.com from any platform other than Google, you’re likely going to run into some issues.

What does it mean to impersonate Gmail From: headers?

Sending mail from any platform other than a Google platform with a From address in the gmail.com domain is impersonating Gmail From: headers. 

A typical example would be a small business sending from a platform like Mailchimp, Braze or Klaviyo using a From address like: [email protected].

This type of email could never pass DMARC authentication because the platform’s servers are not in the SPF record for gmail.com, and the platform cannot DKIM sign such messages using the domain gmail.com. 

By definition, a message that can’t pass DMARC authentication is deemed an impersonation of that domain, and so sending mail in such a manner is impersonating Gmail From: headers.

What action is Google taking here?

Because there has been a DMARC policy record in place for a long time, messages that impersonate Gmail From: headers have been failing DMARC for a long time; however, because the policy statement up until now has been p=none, these failures have had little to no impact on these messages.

From February 1, 2024, Google will be changing this policy statement to “p=quarantine”, which means that they’re requesting that messages using gmail.com in From domain that fail DMARC be placed in the spam folder.

I’m affected! What do I do?

The short answer here is that if you’re sending mail from a third party platform, especially mail that’s related to your business, you should use a domain that can properly authenticate on that platform. 

The best choice for this would be a domain that you own. Many small businesses have their own domain for a website; they just never bothered setting up the domain for email. There are lots of small businesses out there sending email as [email protected] telling their customers to check out their website at www.NameOfSmallBusiness.com. Instead, you should use something like [email protected].

Browse our latest issue

Intelligent SME.tech

View Magazine Archive