Gmail introduces new requirements to fight spam

It’s clear that email has become an essential part of daily communication. And whether you’re submitting a job application or staying in touch with a loved one, your emails should be safe and secure.

Gmail’s AI-powered defenses stop more than 99.9% of spam, phishing and malware from reaching inboxes and block nearly 15 billion unwanted emails every day. But now, nearly 20 years after Gmail launched, the threats we face are more complex and pressing than ever.

So today, we’re introducing new requirements for bulk senders — those who send more than 5,000 messages to Gmail addresses in one day — to keep your inbox even safer and more spam-free.

Focus on email validation

Many bulk senders don’t appropriately secure and configure their systems, allowing attackers to easily hide in their midst. To help fix that, we’ve focused on a crucial aspect of email security: the validation that a sender is who they claim to be. As basic as it sounds, it’s still sometimes impossible to verify who an email is from given the web of antiquated and inconsistent systems on the internet.

Last year we started requiring that emails sent to a Gmail address must have some form of authentication. And we’ve seen the number of unauthenticated messages Gmail users receive plummet by 75%, which has helped declutter inboxes while blocking billions of malicious messages with higher precision.

That’s great progress, but there’s much more we need to do — starting with new requirements for large senders.

New requirements for bulk senders

By February 2024, Gmail will start to require that bulk senders:

1. Authenticate their email: You shouldn’t need to worry about the intricacies of email security standards, but you should be able to confidently rely on an email’s source. So we're requiring those who send significant volumes to strongly authenticate their emails following well-established best practices. Ultimately, this will close loopholes exploited by attackers that threaten everyone who uses email.
   
2. Enable easy unsubscription: You shouldn’t have to jump through hoops to stop receiving unwanted messages from a particular email sender. It should take one click. So we’re requiring that large senders give Gmail recipients the ability to unsubscribe from commercial email in one click, and that they process unsubscription requests within two days. We’ve built these requirements on open standards so that once senders implement them, everyone who uses email benefits.
   
3. Ensure they’re sending wanted email: Nobody likes spam, and Gmail already includes many tools that keep unwanted messages out of your inbox. To add yet another protection, moving forward, we’ll enforce a clear spam rate threshold that senders must stay under to ensure Gmail recipients aren’t bombarded with unwanted messages. This is an industry first, and as a result, you should see even less spam in your inbox.

We aren’t the only ones pushing for these changes. Our industry partners also see the pressing need to institute them: "No matter who their email provider is, all users deserve the safest, most secure experience possible,” says Marcel Becker, Sr. Dir. Product at Yahoo. “In the interconnected world of email, that takes all of us working together. Yahoo looks forward to working with Google and the rest of the email community to make these common sense, high-impact changes the new industry standard."

These practices should be considered basic email hygiene, and many senders already meet most of these requirements. For those who need help to improve their systems, we’re sharing clear guidance before enforcement begins in February 2024.

These changes are like a tune-up for the email world, and by fixing a few things under the hood, we can keep email running smoothly. But just like a tune-up, this is not a one-time exercise. Keeping email more secure, user friendly and spam-free requires constant collaboration and vigilance from the entire email community. And we'll keep working together to make sure your inbox stays safe.