2025 produced three significant enforcement events in the email deliverability landscape: Microsoft’s bulk sender enforcement in May, Postmaster Tools v1 retirement in September, and Gmail’s SMTP-level rejection enforcement in November. Each event individually was meaningful. Cumulatively, they redefined what email infrastructure operation looks like for senders at any meaningful scale.
The year started with senders still adjusting to Gmail’s February 2024 enforcement. The year ended with senders adjusting to a fundamentally different operating environment: authentication is not optional, compliance is binary, and the consequences of non-compliance are immediate.
This post is the year in review: what happened, what changed, what we observed across our customer base, and what we expect for 2026.
The year in chronological order
Q1 2025: continued Gmail enforcement maturation
January and February brought continued refinement of Gmail’s enforcement following the February 2024 baseline. Bounce rates for non-compliant senders continued elevated. Compliance Status dashboard refinements made specific failures clearer.
Senders who had completed their authentication work were operating normally. Senders with marginal compliance saw continued attrition. Cold email operators faced ongoing pressure.
The first quarter was relatively quiet in terms of new announcements. The work was operational refinement of existing requirements rather than introducing new ones.
Q2 2025: Microsoft announces and enforces
April brought the Microsoft announcement. The April 2 blog post from Microsoft’s Defender for Office 365 team specified bulk sender requirements paralleling Gmail’s February 2024 enforcement. The 5,000 messages per day threshold, SPF/DKIM/DMARC requirements, functional unsubscribe links.
The enforcement timeline was tight: announced April 2, enforced May 5. Thirty-three days of preparation time for senders to come into compliance.
The May 5 enforcement began with 550 5.7.515 SMTP-level rejection. Non-compliant mail to Microsoft consumer domains was rejected outright, not filtered to junk folder. The enforcement was harder than Gmail’s February 2024 enforcement had been.
The Microsoft enforcement pattern in May:
- Properly authenticated senders saw no impact
- Partially compliant senders saw 2-8% rejection rates
- Marginally compliant senders saw 8-25% rejection rates
- Cold email operators saw 35-65% rejection rates
The customers we work with were positioned well for the Microsoft enforcement because the same authentication work that satisfied Gmail’s February 2024 enforcement satisfied Microsoft. The compliance pattern transferred cleanly.
Q3 2025: Postmaster Tools v1 retirement
September 30 marked Postmaster Tools v1 retirement. Google had announced the retirement earlier in the month. The Domain Reputation and IP Reputation dashboards were eliminated permanently. Senders moved to v2-primary monitoring with the Compliance Status dashboard as the central reference.
The retirement was less operationally dramatic than the enforcement events but conceptually significant. Reputation as a visible metric was being replaced by compliance as a binary state. The mental model shift required adaptation from senders who had relied heavily on the reputation graphs.
The replacement model: rather than monitoring reputation scores, monitor compliance status, complaint rates, engagement metrics, and inbox placement testing. Multiple signals combined provide more actionable visibility than a single reputation label.
Q4 2025: Gmail SMTP-level rejection
November 3, Google added a paragraph to their Bulk Sender Guidelines FAQ announcing that enforcement was “ramping up” starting November 2025. The previously soft enforcement (non-compliant mail to spam folder) became hard enforcement (non-compliant mail rejected at SMTP).
The error codes Gmail uses post-November:
550 5.7.26: authentication failure550 5.7.25: PTR record issues550 5.7.28: high complaint rate550 5.7.29: TLS issues421 4.7.x: temporary rate limiting
The November enforcement closed the gap between Gmail and Microsoft enforcement intensity. Both major receivers now operate at comparable enforcement levels. Senders compliant with one are typically compliant with the other.
The customers we work with experienced minimal impact because the compliance work was already done. The customers facing the November impact were those who had delayed compliance work despite the warnings throughout 2024 and 2025.
Year-end 2025 stabilization
December brought stabilization of the new enforcement model. Senders who needed to remediate had identified their issues and were working through them. The acute pressure of the November transition had passed; the chronic discipline of maintaining compliance continued.
Cumulative changes from 2024 to year-end 2025
Looking at the cumulative landscape change:
February 2024 baseline
Gmail and Yahoo bulk sender requirements were new. Authentication enforcement was developing. Postmaster Tools v1 still active. Many senders had not completed authentication work.
The enforcement intensity at major receivers varied. Gmail was strictest. Yahoo aligned with Gmail. Microsoft had not announced specific requirements. Other receivers were lighter on enforcement.
Year-end 2025 reality
Major receivers operate at comparable enforcement levels. Gmail, Yahoo, Microsoft all enforce similar requirements. Apple iCloud continues tightening but at slower pace.
Compliance is operationally binary. Either senders meet the requirements or they face rejection at SMTP level.
Reputation graphs are gone. Compliance Status replaces reputation dashboards as the central monitoring reference.
The cold email segment is structurally different. Direct SMTP cold outreach is largely unviable at meaningful scale. Multi-mailbox approaches have emerged as the working alternative.
The mainstream ESP versus self-hosted economics have shifted. Mainstream ESP suspensions and policy decisions create operational risk that self-hosted alternatives address.
The gap between compliant and non-compliant senders has widened dramatically. Compliant senders see clean delivery. Non-compliant senders see significant rejection.
What we observed across our customer base
Our customer base provides specific visibility into the year’s impact.
Onboarding patterns
New customer signups increased throughout 2025. The pattern accelerated after Microsoft’s May 2025 enforcement and Gmail’s November 2025 hardening. Customers leaving mainstream ESPs sought alternatives that could maintain compliance independent of ESP policy decisions.
Common reasons cited by new customers:
- Mainstream ESP suspended their account
- Mainstream ESP costs unsustainable at their scale
- Mainstream ESP terms restricted their legitimate operations
- Concerns about future ESP policy decisions affecting business
The self-hosted positioning resonated more in 2025 than in prior years. The structural risks of mainstream ESP dependence became more visible as ESPs continued tightening policies.
Migration scale
Customer migrations to our infrastructure throughout 2025 were larger and more numerous than 2024. Several customers migrated from various mainstream ESPs (SendGrid, Mailgun, Postmark, Amazon SES) at scales ranging from 100K to 5M monthly messages.
The migrations typically completed in 8-12 weeks. The standard timeline absorbs IP warmup and operational transition. Faster migrations (the 72-hour emergency migration we did in October) were exceptions rather than typical.
Compliance discipline maturation
Customers who had been on our infrastructure since 2023-2024 saw their operational discipline mature throughout 2025. Authentication management, complaint rate monitoring, engagement-quality focus all improved as the customer teams gained experience.
The mature customers handled the year’s enforcement events smoothly. The Microsoft May enforcement was a non-event. The Gmail November hardening was a non-event. The operational discipline produced predictable outcomes.
New customer mistakes
New customers entering 2025 sometimes made mistakes that mature customers had learned past. Common patterns:
- Insufficient IP warmup
- Marginal list quality
- Authentication setup gaps
- Inadequate monitoring
We worked through these issues with new customers throughout the year. The learning curve is real but bounded.
Specific incident patterns
Several specific incident patterns appeared more frequently than in 2024:
ARC implementation requests increased after enforcement events made DMARC compliance more critical. Mailing list operators faced specific pressure that ARC addresses.
Emergency migration requests came in periodic clusters following mainstream ESP enforcement actions or policy changes.
Deliverability triage requests for senders crossing enforcement thresholds. The Gmail November enforcement produced a spike in these requests.
Cold email strategy consultations as customers tried to determine sustainable approaches in the new environment.
What did not happen in 2025
Several predicted developments did not materialize as expected.
Apple iCloud bulk sender enforcement
Apple did not announce specific bulk sender requirements with hard enforcement parallel to Google/Microsoft. Apple’s filtering continues to operate but without the visible enforcement events that the other major providers had.
We expect Apple to eventually align with industry direction but the timing remains uncertain.
Smaller receiver enforcement waves
Smaller mailbox providers and corporate mail filters did not collectively announce or implement enforcement waves parallel to the major receivers. Some individual providers tightened independently but no coordinated industry action emerged.
IPv6 enforcement changes
Some industry discussion in 2024 had suggested IPv6-specific enforcement changes. These did not materialize in 2025. IPv6 handling remains as it was.
BIMI requirement changes
BIMI continues to be voluntary for senders. No requirement-level enforcement appeared. The senders adopting BIMI did so for engagement benefits rather than compliance pressure.
DNSSEC requirements
DNSSEC-related requirements for mail authentication did not materialize. The technical complexity may be a factor in the lack of progress.
The trajectory into 2026
Looking forward, several patterns suggest the 2026 trajectory.
Continued tightening from major receivers
Each major receiver has demonstrated willingness to tighten enforcement. We expect periodic tightening events throughout 2026.
Possible enforcement events:
- Microsoft additional enforcement (the original April 2025 announcement mentioned “future” enforcement beyond the May 2025 baseline)
- Gmail further enforcement refinements
- Yahoo specific enforcement announcements
- Apple eventually announcing specific enforcement
- Smaller providers following the major providers
The pattern is established. The specific timing is uncertain. Senders should expect continued evolution rather than stable plateau.
Authentication mechanism evolution
The basic authentication mechanisms (SPF, DKIM, DMARC, ARC) continue to evolve. New mechanisms may emerge for specific scenarios. Existing mechanisms may receive updates.
Areas where evolution seems likely:
- DKIM key length recommendations may move from 2048-bit to higher
- DMARC alignment refinements for specific edge cases
- ARC adoption expansion to more receivers
- Specific new mechanisms for forwarding scenarios
Operational practice maturation
The discipline of email infrastructure operations continues maturing. Tools improve. Documentation expands. Operator community knowledge accumulates.
For customers, the implication: getting professional operational support is more important than ever. The operational complexity exceeds what most non-specialized teams can maintain.
Self-hosted infrastructure growth
The self-hosted alternative continues attracting customers from mainstream ESPs. The cost advantages at scale plus the structural independence from ESP policies make self-hosted compelling for an expanding set of operators.
We expect continued growth in customer migrations from mainstream ESPs throughout 2026. The trajectory is established.
Cold email segment evolution
The cold email segment will continue evolving toward multi-mailbox approaches and away from direct SMTP. Some operators will exit the segment as the operational complexity exceeds their business model viability. Others will scale up to the operational discipline required.
The total cold outreach volume may stabilize or decrease. The volume per operator typically increases as smaller operators exit.
Regulatory developments
Various jurisdictions may introduce additional email-related regulations. GDPR enforcement continues. CASL enforcement continues. New regulations may emerge in specific countries.
The trajectory is toward more regulation rather than less. Compliance discipline matters more than ever.
AI-related developments
AI integration in email infrastructure continues. Both senders (using AI for personalization, content generation) and receivers (using AI for content classification, anomaly detection) are deploying more sophisticated AI capabilities.
The implications for senders: content quality matters more, pattern detection becomes more sophisticated, the gap between legitimate engaging content and pattern-detectable content shrinks.
What we tell customers heading into 2026
Based on our observation of 2025:
Maintain operational discipline
The compliance work is not one-time. Receiver requirements evolve. Authentication setups need ongoing maintenance. Content quality needs ongoing attention. Engagement focus needs ongoing investment.
The customers who treat this as ongoing operational discipline continue to deliver successfully. The customers who treat it as periodic crisis response see deteriorating outcomes.
Plan for continued evolution
Receiver requirements will continue tightening. Build infrastructure and practices that can adapt to evolution. Avoid optimizing for current requirements at the expense of future flexibility.
Invest in operational expertise
The operational complexity exceeds what most non-specialized teams can maintain. Working with specialists (us or other providers) is increasingly cost-effective relative to in-house development.
Diversify infrastructure dependencies
Mainstream ESP dependence creates operational risk. Diversifying with alternative infrastructure (or self-hosted alternatives) reduces this risk. The diversification is bounded engineering but produces meaningful risk reduction.
Focus on engagement quality
Volume matters less than engagement quality. Sending to more recipients with worse engagement produces worse outcomes than sending to fewer recipients with better engagement.
Document operational practices
The operational discipline that produces good outcomes is documentable. Documented practices survive team transitions and produce consistent execution. Tribal knowledge of “good email practices” is less reliable than written procedures.
Prepare for unexpected events
ESP suspensions, mailbox provider outages, regulatory changes, infrastructure issues all happen. Preparation for these events is bounded but valuable. Customers prepared for the unexpected handle the unexpected better than customers who hope nothing unexpected will happen.
Our own organizational learning
The year produced learning for our team as well as our customers.
Pre-flight discipline value
The 14-check pre-flight on every IP before customer assignment proved valuable repeatedly during 2025. The few IPs that we rejected from customer service avoided being assigned to customers who would have faced problems. The discipline was operationally validated.
Emergency capacity matters
Our capacity to handle emergency migrations (like the 72-hour SendGrid migration) was tested and validated. The infrastructure and procedural readiness justified maintaining the capacity even when not actively in use.
Customer communication during incidents
Proactive customer communication during external incidents (like the July 2025 mailbox provider outage) produced positive customer relationships. The communication practice is operationally important and we have invested in templates and standardized procedures.
Documentation as operational asset
Our internal documentation (runbooks, procedures, customer-facing guides) proved valuable repeatedly. The investment in documentation paid off in faster incident response and more consistent execution.
Self-hosted infrastructure for ourselves
Operating our own infrastructure (crypto rate aggregator, monitoring tools, payment processing) aligned with what we tell customers. The alignment produced operational benefits beyond strategic positioning.
Customer relationships through difficulties
Customers who experienced our team’s work during difficulties (incidents, migrations, enforcement events) typically developed stronger relationships with us. The customer trust accumulates through difficult moments more than through smooth periods.
What we plan for 2026
Looking at our team’s 2026 plans:
Continued capacity scaling
Customer base growth continues. Infrastructure capacity scales accordingly. Operational team capacity grows to maintain customer service quality.
New service offerings
We are developing specific service offerings based on customer needs that emerged during 2025:
- Emergency migration capability with formal SLAs
- ARC implementation as managed service
- Multi-mailbox cold outreach infrastructure (for customers in that segment)
- Compliance verification and certification services
Tooling improvements
Our internal tooling continues evolving. Specific 2026 priorities:
- Improved monitoring dashboards for customer-facing visibility
- Automation of routine operational tasks
- Better customer self-service capabilities
- Integration with customer-side monitoring
Geographic expansion
Specific geographic expansion plans for 2026 to serve customers in additional jurisdictions. The expansion includes both physical infrastructure and operational support presence.
Customer education
Customer-facing education content continues. Blog posts, customer documentation, training materials all expand. The investment in customer education produces better operational outcomes for the customers and reduces support load for our team.
The honest assessment of 2025
2025 was operationally difficult for senders who had not done their authentication work. The year was operationally smooth for senders who had completed the work.
The gap between compliant and non-compliant senders is wider at year-end 2025 than at year-start. The gap will continue widening through 2026 as enforcement tightens further.
For senders considering whether to invest in compliance: the cost of compliance is bounded; the cost of non-compliance accelerates over time. The investment pays back in operational sustainability.
For senders considering whether to invest in self-hosted infrastructure: the case strengthened through 2025. ESP risks became more visible. Self-hosted economics became more favorable. The decision tilts toward self-hosted for more operator profiles than in prior years.
For senders considering whether to invest in operational discipline: the year demonstrated that discipline is the differentiator. Senders with discipline operate sustainably. Senders without discipline face periodic crises that compound over time.
The year’s events validated the strategic positioning we have been recommending for years. Authentication matters. Operational discipline matters. Self-hosted infrastructure matters. ESPs are convenient but introduce dependency risks. The customers who have been listening have been doing well. The customers who have been catching up have been catching up.
What we expect to publish through 2026
Our blog will continue documenting operational reality through 2026. The topics we expect to cover:
Specific enforcement events as they happen. Microsoft additional enforcement. Gmail refinements. Yahoo announcements. Apple eventual announcements. Each will produce timely operational analysis.
Post-mortems of operational incidents. Customer-affecting incidents anonymized produce learning for the broader operator community. We will continue publishing these as appropriate.
Deep-dive technical content. Authentication mechanisms, infrastructure patterns, operational practices all warrant detailed technical content. We will continue producing these.
Use case analyses. Specific customer profiles and their operational requirements produce useful content. Newsletter publishers, B2B SaaS, ESP resellers, cold outreach operators all have distinct operational needs.
Industry trend analyses. As major events happen, we will analyze and contextualize them for our customer base and the broader operator community.
The publication cadence will continue at roughly two posts per month. The total content will continue accumulating into a comprehensive reference for email infrastructure operations.
The longer-term trajectory
Looking beyond 2026:
The trajectory toward authenticated, accountable email continues. Senders who treat email infrastructure as ongoing operational discipline produce sustainable operations. Senders who treat it as set-and-forget face accumulating problems.
The mainstream ESP model continues but with increased customer awareness of the trade-offs. Self-hosted alternatives capture growing share of the operator segment that prioritizes independence.
The cold outreach segment continues evolving. The viable operations migrate to multi-mailbox approaches. The non-viable operations exit the segment.
The regulatory environment continues tightening. Compliance work becomes more sophisticated.
The operational tooling continues maturing. Specialist providers (us and others) become more important for customers without in-house operational capacity.
For our team, the trajectory aligns with our strategic positioning. We continue serving customers who value our specific combination of self-hosted infrastructure, operational discipline, and independent jurisdictional positioning. The customer base grows. The team grows. The operational maturity grows.
2025 was the year email authentication became table stakes. 2026 will be the year senders adjust to the table stakes being a permanent condition rather than a transition. The work continues. The discipline matters. The outcomes follow from the work.