Sahand Seifi
Engineer & Founder

The Developer's Guide to Google Bulk Sender Requirements

A step-by-step technical guide for developers and SaaS companies that want their email notifications to comply with Google's and Yahoo's new bulk sender policies.

Engineering
 — 
12
 Min read
 — 
February 5, 2024

Context

Starting in February 2024, Google enforces new requirements for sending emails to its users.

Does this apply to me?

Yes. The requirements can be split into 3 levels:

  1. Basic requirements for any sender
  2. Bolder new requirements for domains that send more than 5000 emails per day
  3. One additional requirement for domains that send marketing emails
Since it is unclear how Google recognizes your emails as transactional vs. marketing, we recommend that anyone sending more than 5k emails/day follow all the requirements.

Does NotificationAPI help with compliance?

NotificationAPI users are automatically compliant.

Level 1 Requirements:
Any Sender

1. SPF & DKIM

You probably have one or both of these DNS records already setup:

  • AWS SES: Verified domains use DKIM by default, you may need to verify SPF
  • SendGrid: DKIM & SPF verified by default
  • Mailgun: you need to check the "DKIM" option when configuring your domain

How to test: 

Send an email to yourself in Gmail. Check your domain's verifications using the "Show Original" option.

Test SPF/DKIM/DMARC verification in Google

2. Spam rate < 0.1% - 0.3%

This refers to how many of your outgoing emails are reported as spam by recipients. Google suggests keeping this below 0.1% (1 in 1000 emails) and avoiding 0.3%.

We recommend signing up for Google Postmaster Tools, which reports on your domain's email reputation and spam rates.

3. Generic requirements: PTR Record, TLS Connection, RFC 5322 Email Formatting

If you use any modern email service, you shouldn't worry about these requirements.

Level 2 Requirements:
Senders with 5000+ emails/day

4. DMARC record

DMARC is a TXT record that has many configurations. Simply, it tells recipients how to treat emails from your domain that don't pass SPF/DKIM verification.

Setting a strict DMARC configuration could block your emails. So be careful!

We recommend that you start with a loose DMARC record, such as:

Record Name: _dmarc

Record Value: v=DMARC1; p=none;

This record tells recipients that you want to follow DMARC standard v1 (recommended) but not to do anything (p=none) when they encounter an email from your domain that doesn't pass SPF/DKIM.

Over time, you want to change the DMARC record to:

  1. Report back emails with faulty SPF/DKIM using the rua option,
  2. Fix the issues,
  3. And make the DMARC record more strict using the p option

5. DMARC Alignment

There are two "from" addresses for every email:

  1. Header From: the regular From address you see on an email, e.g. John Smith <john@smith.com>
  2. Envelope From: refers to the source of the email. For example, an email from john@smith.com may have an envelope header sendegrid.com.

DMARC Alignment means Header From matching your Envelope From.

Alignment could be 1) relaxed, where one From is the subdomain of the other from, or 2) strict, where the domains exactly match. Google is ok with either.

In the image below, you see a spam email where the Header From differs from the Envelope From, and Gmail is bringing attention to it with the "via" keyword.


Level 3 Requirements:
Marketing emails
Recommended for Transactional Too!

There is no way to know how Google categorizes your emails (marketing vs transactional), so we recommend doing this anyway.

6. One-Click Unsubscribe

First, create an API end-point like the one below. The method must be POST, but the URL can be anything.

  • Method: POST
  • URL: https://app.yourdomain.com/unsubscribe?email=user@gmail.com
  • Body: none

You should unsubscribe the user from your email when this end-point is hit. For example, Google will call this end-point when the user hits the "Unsubscribe" button in Gmail's interface.

The One-Click Unsubscribe mechanism in action

Then, add the following headers to your outgoing emails:

  • List-Unsubscribe-Post: List-Unsubscribe=One-Click
  • List-Unsubscribe: <https://app.yourdomain.com/unsubscribe?email=user@gmail.com>

Remember to replace it with actual values.

Compliance through NotificationAPI

NotificationAPI provides the one-click unsubscribe option at no cost without writing a single line of code. Our account setup process also ensures your emails comply with SPF, DKIM, DMARC, and DMARC Alignment.

So, all NotificationAPI users are compliant without additional effort.

Sources

Like the article? Spread the word

Next articles

Guides
 — 
6
 Min read

Knock Alternatives - Top 3 Competitors (With Comparisons)

In this article, we discuss three respectable alternatives to Knock as your 3rd party notification service, along with a high-level comparison table.

Dennis Kean
Developer Relations
Guides
 — 
6
 Min read

Courier Alternatives - Top 3 Competitors (With Comparisons)

In this article, we discuss three respectable alternatives to Courier as your 3rd party notification service to weigh against, along with a comparison table.

Dennis Kean
Developer Relations
Case Study
 — 
5
 Min read

How TeeBox assists golfers in finding their next course using NotificationAPI

We spoke with TeeBox founder, Kelly Gold to learn about TeeBox’s need for notifications and the impact of NotificationAPI as a solution.

Dennis Kean
Developer Relations

Notifications in 5 minutes

your team will thank you.

start building
Talk to us
Resources
Documentation
Engineering Blog
API Status
Support
Product
Pricing
Template Editors
Logic & Workflows
Monitoring
All-in-One Solution
Security & Support
Channels
Emails
In-App
SMS & Calls
Mobile Push
Web Push
© NotificationAPI. All rights reserved.