Skip to content
Regulatory & Industry

The First Week of Gmail's New Rules: What We're Seeing in Production

Gmail started enforcing the February 2024 bulk sender requirements one week ago. The numbers from our customer base show a pattern very different from the noisy predictions. Specific deliverability data, error patterns, and what is working versus what is breaking.

· ASH Operations Team · 3,400 words
gmailyahoobulk-senderdeliverabilityenforcement

A week ago, on February 1st, Gmail began enforcing the bulk sender requirements announced in October. The announcements predicted some combination of outright rejections, increased spam folder placement, and tightened authentication checking. The first week of actual enforcement has produced a more mixed picture than the predictions suggested.

We have customer data across roughly 240 sending domains that pass through our infrastructure or where we provide deliverability support. The data covers transactional senders, B2C newsletter operators, ESP resellers, and cold email agencies. The pattern across these segments is informative and somewhat surprising.

The headline: Gmail’s enforcement has been measured rather than dramatic. The noisy predictions about “mass rejections” did not materialize in week one. What did materialize is a specific set of patterns affecting specific sender types, with reputation as the dominant factor in outcomes.

This post walks through what we have actually seen, segment by segment, with specific numbers where useful and operational implications where relevant.

The headline numbers

Across our customer base, week-one Gmail rejection rates by segment:

Transactional senders with established authentication and good reputation: roughly 0.1-0.3% rejection rate, essentially unchanged from pre-February baseline.

Transactional senders with broken or partial authentication: 5-15% rejection rate, dramatic increase from baseline of typically 1-3%.

B2C newsletter operators with proper SPF/DKIM/DMARC and consistent sending: 0.5-2% rejection rate, modest increase from baseline.

B2C newsletter operators with authentication issues: 8-25% rejection rate, significant increase.

Cold email agencies operating below complaint rate thresholds with proper authentication: 1-5% rejection rate, increase from baseline of typically 0.5-2%.

Cold email agencies with high complaint rates or weak authentication: 15-40% rejection rate, very significant increase.

The pattern is consistent: senders who already had their authentication in order and reasonable list hygiene see modest impact. Senders who had been getting by with partial compliance or borderline practices are seeing meaningful enforcement.

This is what Gmail said would happen. It is still notable to see it happening in real production data.

The error patterns we are observing

The specific SMTP error responses from Gmail tell us what is being enforced and how.

550 5.7.26 rejections for unauthenticated mail. This error appears when SPF and DKIM both fail authentication, which after February 1st triggers immediate rejection. The error message typically reads “This message does not have authentication information or fails to pass authentication checks (SPF or DKIM).” Pre-February, this was a soft penalty (mail might still be delivered to spam). Post-February, it is rejection.

550 5.7.1 rejections for DMARC alignment failures. When the customer publishes a DMARC policy of p=quarantine or p=reject and the mail fails alignment, Gmail enforces the policy. The error message references DMARC policy violation. We are seeing this for customers who set DMARC policy without ensuring their full sender ecosystem aligns properly.

421 4.7.28 temporary failures with throttling. Gmail is throttling senders who exceed acceptable complaint rate thresholds. The 4xx response means “try again later,” but the practical result is that mail backs up in the sender’s queue. Customers with complaint rates above 0.3% are seeing this throttling at higher volumes than before.

550 5.7.350 complaints about non-compliance with bulk sender requirements. We have seen this on a handful of high-volume senders (over 5K daily messages) who have not implemented the bulk sender requirements properly. This error indicates Gmail has classified the sender as a bulk sender and the sending domain does not meet the requirements (no DMARC, or DMARC at p=none, or no one-click unsubscribe header).

The errors are clear when they occur. The challenge is that they appear in operator logs but may not appear immediately in user-visible workflows. Senders who have not been monitoring their SMTP logs may not realize they are being rejected at meaningful volume.

What is working: properly authenticated transactional senders

The senders we are not worried about are properly authenticated transactional senders sending to opted-in lists at typical SaaS volumes.

A customer running a B2C SaaS with about 800K monthly transactional sends to their userbase: 0.08% bounce rate for the first week, down from 0.11% the prior week. Gmail is actually treating their mail slightly better than before. Their authentication is clean (SPF aligned, DKIM signing matches the From domain, DMARC at p=reject with no aggregate report failures), their list is opt-in based on user actions in the application, and their content is transactional (password resets, payment receipts, notifications).

For this customer, Gmail’s enforcement is working in their favor. Other senders’ mail is being rejected, leaving more legitimate sending capacity for properly authenticated mail. The reputation signal is being amplified.

This pattern across our properly authenticated transactional customer base is consistent. The customers who did the engineering work for authentication compliance before February 1st are now benefiting from the cleaner sender ecosystem.

What is breaking: the partial-authentication middle

The group seeing the most impact is the middle: senders who have some authentication but not complete authentication.

A customer running a niche B2B newsletter to about 350K subscribers across multiple sending domains. They have SPF for all sending domains. They have DKIM for most. They do not have DMARC published. They sent about 1.4M emails the first week of February. Gmail rejection rate jumped from 0.4% to 3.8%.

The DKIM signing is the issue. Some of their sending domains have proper DKIM, others use the marketing automation platform’s default DKIM with a domain that does not align with their From header. The non-aligned DKIM combined with no DMARC policy meant Gmail was already treating their mail with skepticism. Post-February, the skepticism became rejection.

Their remediation: publish DKIM for all sending domains, configure the marketing automation platform to sign with their own domain, publish DMARC at p=none initially to monitor, then progress to p=quarantine over 4-6 weeks. The remediation is straightforward but takes weeks to fully roll out.

The cost of the partial-authentication state during remediation: roughly 50K emails per week not reaching inbox. For a B2C newsletter with ad revenue tied to opens, this represents meaningful revenue loss during remediation.

What is breaking dramatically: cold email and edge senders

The segment seeing the most dramatic enforcement is cold email operators and senders who were operating with marginal compliance.

A cold email agency customer of ours operating multiple sending domains for client outreach. The agency had been getting by with partial authentication, mostly opt-in lists from sales tools, complaint rates between 0.2-0.5% (above Gmail’s 0.3% threshold). They sent about 280K cold outreach emails to Gmail addresses in the first week of February. Gmail rejection rate jumped from 4% to 22%.

The pattern in their rejection logs: SPF and DKIM are passing for some domains, failing for others. Where they pass, the messages still get rejected because complaint rates triggered Gmail’s bulk sender enforcement. Where they fail, immediate rejection.

The remediation for this customer is harder. The authentication issues are fixable in days. The complaint rate issue requires improving list quality (removing high-complaint segments, more careful targeting, better content matching) which takes weeks to demonstrate effect. The structural challenge for cold email operations remains: complaint rates inherent to cold outreach are higher than opt-in marketing, and Gmail’s new thresholds are tight.

Some of these customers are moving sending to non-Gmail recipients (the rejection patterns are most pronounced at Gmail; Microsoft, Yahoo, and others are not enforcing as strictly yet). This is a workaround rather than a solution. Microsoft is announcing similar requirements for later 2024-2025, and Yahoo is aligned with Gmail on the February 2024 requirements.

The DMARC alignment surprise

The pattern that caught us by surprise: DMARC alignment failures producing rejection even with publishing p=none.

The standard understanding of DMARC: at p=none, no enforcement action is taken on failed alignment. The receiver logs the failure and reports it in aggregate reports, but mail is delivered normally.

What we are seeing in practice: Gmail appears to be using DMARC alignment as input to other classification systems even at p=none. Mail that fails alignment is more likely to be classified as suspicious by other Gmail systems, even though the p=none policy itself does not trigger rejection.

The result: customers at DMARC p=none who have alignment issues see meaningful spam folder placement increase, even without outright rejection. The effect is more subtle than direct rejection but produces similar deliverability degradation.

The implication: DMARC at p=none is not zero-impact in terms of deliverability. The alignment matters for inbox placement even when the policy is monitor-only. Customers should treat alignment failures as actionable items even before moving to p=quarantine.

The one-click unsubscribe enforcement

The new requirement for bulk senders (5K+ daily messages to Gmail recipients) is implementing the List-Unsubscribe-Post header per RFC 8058 for one-click unsubscribe.

The implementation is straightforward: include both the List-Unsubscribe header (existing standard) and List-Unsubscribe-Post header (new). The List-Unsubscribe-Post header tells Gmail the sender supports HTTP POST-based unsubscribe, allowing Gmail to invoke the unsubscribe automatically when a user clicks “Unsubscribe” in the Gmail UI.

The deadline for this requirement was originally June 2024, but we are seeing Gmail flag senders for this issue earlier. The flagging is not currently triggering rejection but is appearing in aggregate reports and (we suspect) factoring into reputation scoring.

The customers we have seen flagged are those whose unsubscribe infrastructure does not support HTTP POST or whose List-Unsubscribe header points only to a mailto: link without the corresponding HTTP URL.

The remediation: implement both header variations correctly. For customers using major ESPs or marketing platforms (MailWizz, Acelle, mainstream ESPs), this is typically a platform setting. For customers with custom email systems, it requires application-level changes to include the new header and implement the unsubscribe endpoint.

The reputation building question

A consistent question from customers: “If I have been not great on Gmail before, can I rebuild reputation now that the rules are clearer?”

The answer based on first-week data: yes, but slowly.

Gmail’s new enforcement is based on rolling reputation scores. A sender with poor reputation now has clearer rules about what produces good reputation. The path is: authenticate properly, send to engaged subscribers, manage complaint rates, comply with the bulk sender requirements consistently. Over weeks, the reputation score should improve.

The challenge is the volume question. Reputation improvement requires sending. But sending with poor reputation produces high rejection rates which prevent reputation improvement. The bootstrap problem.

The workaround we are using with customers: aggressive list pruning to remove low-engagement segments (one-time openers from years ago, never-openers, hard bounces, soft bounces beyond threshold). Reduce the sending volume to the engaged segment. Maintain consistent sending to the engaged segment. Watch reputation recover.

The recovery timeline varies by sender. A sender with reputation slightly below acceptable threshold can recover in 4-6 weeks with proper practice. A sender with significantly damaged reputation may need 3-6 months.

What we did not see (yet) but expected

Several predicted patterns have not materialized in week one but may emerge later.

Mass rejection of small senders. The pre-February predictions suggested that small senders without full compliance would be rejected at scale. We are not seeing this. Gmail’s enforcement appears focused on bulk senders (5K+ daily) and senders with active reputation issues. Small senders with reasonable practices are not seeing significant impact.

Cascade failures. The predictions suggested that small authentication failures would cascade into larger reputation damage. We are seeing this slightly but not at the scale predicted. Single failures within a properly authenticated sender’s history do not appear to be triggering cascading damage.

Microsoft and Yahoo alignment. Gmail’s enforcement appears to be at expected pace; Microsoft and Yahoo have not announced equivalent enforcement timelines yet. We expect alignment over the next 6-12 months but it has not materialized yet. Senders with Gmail-only issues may have a window to remediate before Microsoft/Yahoo also enforce.

The Postmaster Tools data quality complaints. Some senders are complaining that Gmail Postmaster Tools data is showing different patterns than what enforcement is producing in actual SMTP responses. We have not yet seen this pattern in our customer data but it is being reported in deliverability community forums.

The Postmaster Tools indicator

Gmail Postmaster Tools is currently the v1 dashboard. The v2 dashboard is rumored to be released later in 2024 to add new dashboard elements that map to the new enforcement model. We expect any v2 changes to provide better visibility into what Gmail is actually enforcing.

For now, in early February, the v1 Postmaster Tools data is informative but lags actual enforcement by 24-48 hours. Customers monitoring Postmaster Tools see indicators of reputation issues but may not see the specific rejection patterns until two days after the patterns started in production.

The practical advice: monitor both SMTP-level logs (immediate) and Postmaster Tools (lagging). The combination gives a more complete picture than either alone.

What we are recommending to customers this week

The week of February 1-7 produced enough operational signal that we are giving customers updated recommendations.

For transactional senders with authentication in order: nothing changes. Continue current operations. Monitor Postmaster Tools weekly. Address any new sender additions with proper authentication before they ship.

For senders with partial authentication: prioritize completing authentication this month. The pattern of partial rejection is going to compound over time. Customers who delay completing authentication will see deliverability degrade further.

For senders with reputation issues: prune lists aggressively before sending. The high-complaint segments are now driving more enforcement than they were before. Better to send to fewer recipients with positive engagement than to maintain large lists with mixed engagement.

For cold email operators: the operational pressure is real. The combination of complaint rate enforcement and authentication enforcement is squeezing the segment. Operators need to either improve list quality dramatically (which most cannot do quickly), shift sending volume away from Gmail (which limits market reach), or move to infrastructure that handles cold email differently (which is what brings them to us).

For ESP resellers: end customers are going to be confused. They will see deliverability changes without understanding the cause. Build customer-facing communication about what is changing and what the customer needs to do. Position your service as the experienced operator helping them navigate the new rules.

What we expect over the next 90 days

Several patterns we expect to develop over the next 90 days.

Gmail enforcement tightens further. The current enforcement is the soft launch. Gmail typically ramps enforcement over months as they gather data on the impact and confirm enforcement is operating as intended. We expect rejection thresholds to tighten and additional checks to be added.

Microsoft announces specific enforcement timeline. Microsoft has signaled they will align with Gmail’s bulk sender requirements. The timeline has not been announced but we expect April-June 2024 for the specific Microsoft enforcement details.

Yahoo announces additional checks. Yahoo aligned with Gmail on February 2024 but the specific enforcement details have been less aggressive than Gmail. We expect Yahoo to tighten over the next 90 days.

The deliverability consulting market expands. Senders who have been managing deliverability internally are increasingly turning to specialists. The complexity of the new rules combined with the impact of getting things wrong is producing demand for expertise that did not exist at the same scale a year ago.

The cold email segment fragments. Cold email operators who can pivot to opt-in based marketing will. Those who cannot will either accept lower deliverability or move to infrastructure outside the mainstream ESP/receiver ecosystem.

The honest assessment

Week one of enforcement was less dramatic than predicted but more impactful than skeptics suggested. The senders who had been ignoring authentication requirements are now feeling consequences. The senders who had been doing the work are benefiting from the cleaner ecosystem.

For the operators who have been preparing through 2023, the new rules are validation that the preparation work mattered. For the operators who were hoping the rules would not really be enforced, the first week confirms that hope was misplaced.

The work that mattered before February 1st still matters. The work to remediate after February 1st is more urgent than before. We are spending more time with customers on authentication and reputation remediation in February 2024 than we did in all of Q4 2023.

The pattern is going to continue. Email authentication is no longer optional. The threshold for “good enough” continues to rise. Senders who treat this as a one-time fix will face new challenges in 6 months. Senders who treat this as ongoing operational discipline will continue to be in the smaller group of senders whose deliverability improves over time.

For customers reading this in early February 2024: the work to do is the work that was already on your list before February 1st. The urgency just increased.

Operating email infrastructure at scale?

We run anonymous server hosting for email operators across seven jurisdictions. Crypto-paid, no-KYC, PowerMTA-tuned. Look at the catalog or talk to us.

View services Talk to an operator