If your organisation sends high volumes of email to Gmail accounts and has been slow to meet Google’s bulk sending requirements, then your deliverability may soon be impacted. Google has announced they’ll begin stricter enforcement starting in November 2025. And they aren’t alone. Yahoo and Apple have already announced similar requirements, and Microsoft joined the effort earlier this year. So, you can’t delay any longer.
Background
At the end of 2023, in an effort to reduce the amount of unsolicited and fraudulent email reaching personal inboxes, Google, Yahoo and Apple each announced new authentication standards. These standards are designed to strengthen sender identity and message integrity.
However, the number of affected senders—particularly those delivering more than 5,000 messages per day to Gmail or Yahoo—was massive. To minimise disruption and prevent legitimate mail from being inadvertently blocked, providers chose a gradual, ‘soft enforcement’ period.
Then Microsoft joined the effort. In mid-2025, they announced a similar set of bulk email sender compliance rules to better protect their consumer mailbox users from unwanted email traffic.
With Google’s recent announcement about stricter enforcement starting November 2025, the soft enforcement period is coming to an end.
Figure 1. Recent update added to Google’s email sender guidelines FAQ.
Initial Google, Yahoo and Apple requirements
How can you ensure your organisation’s email is delivered? Here are the rules for compliance.
Applicable to all senders
- Email authentication. Implement SPF, DKIM and DMARC to prevent spoofing and protect message integrity.
- Low spam rates. Maintain spam complaint rates below 0.3% (ideally under 0.1%). If your rates exceed these levels, your mail will be rejected or routed to spam folders.
For senders of 5,000+ messages per day
- SPF and DKIM alignment. Both methods must be configured and pass for each of your sending domains.
- Domain alignment. The ‘From’ domain must align with either the SPF or DKIM domain.
- DMARC policy. Publish a DMARC record to build on SPF and DKIM protections, with at least a ‘p=none’ policy (ideally, ‘p=reject’).
- One-click unsubscribe. Promotional messages must include a visible one-click unsubscribe option. Requests must be honoured within two business days. Messages must also contain an unsubscribe link that’s visible in the message body.
Note: To find out if your mail to Gmail mailboxes meets Google’s stricter compliance requirements, you can use the Compliance status dashboard. It was added to the Google Postmaster Tools portal in mid-2024.
Figure 2. Results on Google’s Postmaster Tools dashboard.
Microsoft’s recent requirements
Microsoft has aligned closely with Google and Yahoo’s standards. It now recommends:
- SPF, DKIM and DMARC enforcement for all domains sending to Outlook.com or Microsoft 365
- TLS encryption for all outbound email
- Reputation management that maintains low complaint and bounce rates to protect sender trust.
- Bulk sender transparency that uses consistent sending identities and valid reverse DNS records
Microsoft has also begun to factor DMARC alignment into filtering decisions. And it encourages senders to publish at least a ‘p=none’ policy while preparing for stricter enforcement (‘p=quarantine’ or ‘p=reject’).
Updated enforcement timeline
- February 2024: The initial compliance period for Google, Yahoo and Apple.
- April 2024: Google begins rejecting some non-compliant traffic.
- June 2024: The original one-click unsubscribe deadline.
- 5 May 2025: Microsoft begins enforcing its bulk sender requirements on their consumer mailbox properties (live.com, hotmail.com and outlook.com).
- November 2025: Google initiates strict enforcement, with full rejection of messages expected for non-compliant senders.
Why compliance matters
If your organisation relies on email to reach customers, non-compliance will directly affect deliverability to Gmail, Yahoo, Apple and Microsoft users. Messages may be throttled, filtered to spam or blocked outright.
Beware of vendors claiming ‘instant’ or ‘one-click’ compliance. DMARC alignment isn’t easy to achieve. It often requires coordinated configuration across multiple systems, especially for organisations that use third-party or SaaS platforms for outbound email.
How Proofpoint can help
Proofpoint is a trusted industry leader in DMARC protection. We safeguard more Fortune 1000 organisations than the next five DMARC competitors combined. Proofpoint Prime Threat Protection delivers several solutions to help with stricter enforcement:
- Proofpoint Email Fraud Defense (EFD) streamlines the implementation of SPF, DKIM and DMARC. As a result, organisations can achieve compliance quickly and with confidence. Once a strong DMARC policy has been published, we can also help your organisation configure Brand Indicators for Message Identification (BIMI).
- Proofpoint Secure Email Relay (SER) provides complete DKIM signing and DMARC alignment for transactional messages. It ensures both strong authentication and optimal deliverability. It also provides one-click unsubscribe management to help meet additional requirements.
If you want to know the gaps in your email authentication as well as your next steps, Proofpoint offers a free Email Deliverability Assessment. Don’t wait—begin your DMARC journey today to stay ahead of the November 2025 enforcement date and strengthen your overall email security posture.
