Gmail and Yahoo's 2024 Sender Requirements: Is Your Domain Compliant?
In February 2024, Gmail and Yahoo began enforcing new rules for all email senders. The requirements differ by sending volume. This guide separates the baseline rules from the stricter obligations for domains sending roughly 5,000 messages per day.
What changed in February 2024?
Google and Yahoo announced these changes in October 2023, giving senders roughly four months to comply. Starting February 1, 2024, they began enforcing a set of requirements for anyone sending email to Gmail or Yahoo Mail addresses.
The stated goal was to reduce spam, phishing, and email-based scams. The practical effect was that many legitimate businesses — particularly small ones that had never configured email authentication — started seeing their emails fail delivery or land in spam.
Who does this affect?
Google describes two categories of senders: bulk senders (those sending 5,000 or more emails per day to Gmail addresses) and all other senders. Bulk senders face the strictest requirements, but the guidelines apply in some form to everyone.
If you send email from a custom domain — you@yourcompany.com rather than a free Gmail or Yahoo address — these requirements apply to you.
The three core requirements
1. Email authentication must be set up
All senders must have valid SPF or DKIM records. Bulk senders must have both. And DMARC is also required for bulk senders sending to personal Gmail accounts.
Google's official guidance is the source of truth and should be checked before a large send: Email sender guidelines.
2. The spam complaint rate must stay below 0.3%
Google uses feedback loop data from Gmail users. When someone clicks "Report spam" on your email, that's recorded against your domain. Google recommends keeping the rate below 0.10% and avoiding 0.30% or higher. Placement and rejection are not determined by this metric alone.
You can monitor your spam complaint rate using Google Postmaster Tools — a free tool that shows your domain reputation and spam rate. If you're not already using it, set it up now.
3. Bulk senders must support one-click unsubscribe
If you send marketing or newsletter emails to 5,000+ Gmail addresses per day, your emails must include a one-click unsubscribe mechanism — specifically, the List-Unsubscribe and List-Unsubscribe-Post headers. Gmail surfaces this as a visible "Unsubscribe" link next to your sender name in the inbox.
Most modern email marketing platforms (Mailchimp, Klaviyo, HubSpot, etc.) handle this automatically. If you're sending bulk email through a custom solution or a less common provider, check that these headers are being set.
What Yahoo requires
Yahoo's published bulk-sender requirements closely mirror Google's. Review Yahoo's sender best practices for current details:
- SPF and DKIM must be set up for the sending domain
- DMARC policy must be present (even
p=nonecounts) - Valid forward and reverse DNS records for sending IPs
- Low spam complaint rate (monitored via Yahoo's Complaint Feedback Loop)
- One-click unsubscribe for bulk senders
The compliance checklist
Use this checklist to verify your domain meets the requirements:
- SPF record exists and is configured with the right mail servers
- DKIM is enabled in your email provider's admin panel with a valid DNS record
- DMARC record exists (at minimum
p=nonewith anrua=address) - Your domain has been verified in Google Postmaster Tools
- Spam complaint rate is ideally below 0.10% and does not reach 0.30% in Google Postmaster Tools
- Marketing emails include one-click unsubscribe headers (if sending in bulk)
What happens if you ignore this?
Noncompliant bulk mail may be rate-limited, temporarily rejected with a 4xx response, permanently rejected with a 5xx response, or routed to spam. The response depends on the provider, requirement, and enforcement stage.
Lower-volume senders still need baseline authentication, but a DNS scan alone cannot predict spam placement, open rates, or reputation.
The frustrating part is that these failures are often invisible. Your email client shows "Sent." The bounce may go to a no-reply address you don't monitor. The recipient never tells you they didn't receive your email. Weeks can pass before you realise there's a problem.
How to check your status right now
The fastest way to know whether your domain is compliant is to run a live DNS audit. InboxShield Mini checks your SPF, DKIM, DMARC, BIMI, and MTA-STS records in under 30 seconds — no account required — and identifies public DNS findings and scan limitations.
Find out if you're compliant
Enter your domain and get a compliance check in 30 seconds. The free scan shows which records pass and which need review. The paid plan labels safe values, provider-generated keys, and changes that require a sender inventory.
Check my domain — free