Google's 2024 Bulk Sender Requirements: What Cold Email Senders Must Do
In February 2024, Google implemented new requirements for bulk email senders. These rules apply to anyone sending 5,000+ messages per day to Gmail addresses. For cold email senders, these requirements are not optional. Fail to comply and your emails will be throttled, deprioritized, or rejected by Gmail entirely.
At Alchemail, we implemented these requirements across 100+ sending domains before the deadline. This guide breaks down each requirement, explains how it affects cold email specifically, and shows you exactly how to comply.
The Requirements at a Glance
| Requirement | What Google Demands | Cold Email Impact |
|---|---|---|
| SPF authentication | Must pass SPF for every email | Configure on all sending domains |
| DKIM authentication | Must pass DKIM for every email | Generate and publish keys on all domains |
| DMARC authentication | Must have a DMARC record (minimum p=none) | Add DMARC to every sending domain |
| DMARC alignment | From domain must align with SPF or DKIM domain | Ensure proper configuration |
| Spam rate | Must stay below 0.3% | Clean lists, relevant targeting |
| One-click unsubscribe | Must include easy unsubscribe mechanism | Add to email headers or content |
| Valid forward and reverse DNS | Sending IPs must have proper DNS | Handled by Google Workspace/M365 |
| TLS connection | Must use TLS for email transmission | Handled by email providers |
Who These Requirements Apply To
The 5,000 Message Threshold
Google defines a "bulk sender" as any entity sending 5,000+ messages per day to Gmail addresses. Important details:
- The count is per domain, not per email account
- All email types count: cold email, warm-up, transactional, marketing
- Gmail includes: @gmail.com AND Google Workspace addresses
- The threshold applies to messages, not recipients (one email to one person is one message)
Does This Apply to Cold Email?
Yes, absolutely. If you send from multiple accounts on the same domain and the total exceeds 5,000 per day to Gmail recipients, you are a bulk sender under Google's rules.
Example calculation:
- 3 accounts on trywithacme.com
- Each sends 30 cold emails + 20 warm-up emails per day
- Total from trywithacme.com: 150 emails per day
- If 60% of recipients have Gmail: 90 Gmail messages per day
A single domain typically stays under 5,000. But if you have multiple domains and Google aggregates reputation (which they do for linked domains), compliance matters regardless of per-domain volume.
Bottom line: Comply with all requirements on every sending domain, regardless of your daily volume. The requirements represent best practices, and non-compliance hurts deliverability even below the 5,000 threshold.
Requirement 1: SPF Authentication
What Google Requires
Every email you send must pass SPF authentication. The sending server's IP must be authorized in your domain's SPF record.
How to Comply
For Google Workspace domains:
TXT record at @: v=spf1 include:_spf.google.com ~all
For Microsoft 365 domains:
TXT record at @: v=spf1 include:spf.protection.outlook.com ~all
Verification
- Send an email to a Gmail account
- Open it, click "Show Original"
- Confirm "SPF: PASS" appears
If you see SOFTFAIL or FAIL, your SPF record is misconfigured.
For complete SPF setup, see our SPF, DKIM, DMARC guide.
Requirement 2: DKIM Authentication
What Google Requires
Every email must be signed with a valid DKIM signature. The signature must pass verification.
How to Comply
Google Workspace:
- Go to Admin Console > Apps > Google Workspace > Gmail > Authenticate Email
- Generate DKIM key for your domain
- Publish the provided TXT record in DNS
- Enable DKIM signing
Microsoft 365:
- Go to Exchange Admin > DKIM
- Enable DKIM for your domain
- Add the two CNAME records to DNS
- Verify propagation
Verification
In the same "Show Original" view in Gmail, confirm "DKIM: PASS" appears.
Requirement 3: DMARC Record
What Google Requires
Your sending domain must have a DMARC DNS record. The minimum acceptable policy is p=none (monitoring only).
How to Comply
Add this TXT record at _dmarc.yourdomain.com:
Minimum (monitoring only):
v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com
Recommended (enforcement):
v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com; pct=100
Our Recommendation
Start with p=none to collect data for 2-4 weeks. Then upgrade to p=quarantine. Google explicitly states that p=none meets the requirement, but enforcement policies (quarantine or reject) signal stronger legitimacy and improve deliverability.
For full DMARC guidance, see our DMARC guide.
Requirement 4: DMARC Alignment
What Google Requires
The domain in the "From" header must align with the domain authenticated by either SPF or DKIM. This is DMARC alignment.
How to Comply
When using Google Workspace or Microsoft 365 directly:
- SPF alignment: The return-path domain matches the From domain (automatic with standard setup)
- DKIM alignment: The DKIM signing domain matches the From domain (automatic when DKIM is configured correctly)
When Alignment Breaks
Alignment can fail when:
- You use a third-party sending service that changes the return-path
- DKIM is signed by a different domain than your From domain
- Email forwarding breaks SPF (DKIM survives if message is not modified)
For cold email through SmartLead using Google Workspace or Microsoft 365 accounts, alignment should work automatically as long as SPF and DKIM are properly configured.
Requirement 5: Spam Rate Below 0.3%
What Google Requires
Your reported spam rate in Google Postmaster Tools must stay below 0.3%. Google recommends targeting below 0.1%.
How to Comply for Cold Email
This is the most challenging requirement for cold email senders. Here is how we maintain spam rates under 0.3% at Alchemail:
List quality:
- Verify every email before sending (LeadMagic)
- Target the right ICP (irrelevant emails get spam complaints)
- Never use purchased email lists
- Remove bounced and complained addresses immediately
Content quality:
- Write personalized, relevant emails
- Keep emails short and conversational
- Avoid spam trigger words and excessive links
- Use plain text formatting (no heavy HTML)
Volume management:
- Limit to 25-35 cold emails per account per day
- Use 100+ domains to distribute volume
- Rotate domains to prevent reputation concentration
- Monitor complaint rates daily
Easy opt-out:
- Include an unsubscribe link or clear opt-out language
- Honor opt-outs immediately
- Remove opted-out addresses from all future campaigns
Monitoring Spam Rate
Google Postmaster Tools shows your spam rate per domain:
| Spam Rate | Status | Action |
|---|---|---|
| Under 0.1% | Excellent | Continue current practices |
| 0.1-0.2% | Good | Monitor, minor adjustments |
| 0.2-0.3% | Warning | Improve targeting and content |
| Above 0.3% | Non-compliant | Immediate action required |
Requirement 6: One-Click Unsubscribe
What Google Requires
Messages must include a one-click unsubscribe mechanism through the List-Unsubscribe header and support for RFC 8058 (List-Unsubscribe-Post).
How to Comply for Cold Email
Most cold email platforms (SmartLead, Instantly) handle unsubscribe headers automatically. Verify that:
- Your emails include a List-Unsubscribe header (check via "Show Original" in Gmail)
- Recipients can unsubscribe without multiple steps
- Unsubscribes are processed within 2 days (Google's requirement)
Alternative for Low-Volume Senders
If your per-domain volume is below 5,000/day and you are not technically classified as a bulk sender, you can instead:
- Include unsubscribe language in the email body (e.g., "Reply STOP to opt out")
- Process opt-outs manually but promptly
However, we recommend implementing proper unsubscribe headers regardless.
Requirement 7: Valid DNS Records
What Google Requires
Sending IPs must have valid forward and reverse DNS (PTR) records. The sending IP must resolve to a hostname, and that hostname must resolve back to the same IP.
How to Comply
If you use Google Workspace or Microsoft 365, this is handled automatically. Google and Microsoft configure proper DNS for their mail servers. You do not need to do anything for this requirement.
If you use a dedicated sending infrastructure, verify PTR records for your sending IPs.
Requirement 8: TLS Encryption
What Google Requires
Email connections must use TLS (Transport Layer Security) encryption.
How to Comply
Google Workspace and Microsoft 365 use TLS by default. SmartLead and other sending platforms connect via TLS. No action needed for standard cold email setups.
Implementation Checklist for Cold Email
Per-Domain Checklist
For every sending domain in your infrastructure:
- SPF record published and passing
- DKIM key generated and DNS record added
- DKIM verified as passing
- DMARC record published (minimum p=none, recommended p=quarantine)
- DMARC alignment verified
- Unsubscribe mechanism in place
- Google Postmaster Tools set up for monitoring
- Spam rate monitored and below 0.3%
Ongoing Compliance
- Weekly: Check Google Postmaster Tools for spam rates and reputation
- Weekly: Verify authentication is passing on sample emails
- Monthly: Audit all domains for correct DNS records
- Monthly: Review DMARC reports for authentication failures
- Quarterly: Full compliance audit across all domains
Impact of Non-Compliance
What Happens If You Do Not Comply
| Non-Compliance Area | Consequence |
|---|---|
| Missing SPF | Emails may be rejected or flagged |
| Missing DKIM | Reduced inbox placement |
| No DMARC record | Deprioritized by Gmail |
| Spam rate above 0.3% | Throttling, then potential blocking |
| No unsubscribe | Warnings, then delivery restrictions |
| Multiple violations | Progressive enforcement up to blocking |
Google enforces progressively. First comes throttling (slower delivery). Then deprioritization (emails go to spam). Finally, blocking (emails rejected outright). The timeline depends on severity.
Our Results With Full Compliance
At Alchemail, full compliance across all domains produces:
- Open rates: 40-60% (indicating strong inbox placement)
- Bounce rates: Under 2%
- Spam rates: Under 0.3%
- Positive reply rates: 2-5%
Compliance is not just about avoiding penalties. It is about building the trust signals that get your emails into the inbox.
Frequently Asked Questions
Do these requirements apply to Microsoft/Outlook too?
Google's specific requirements apply to Gmail delivery. However, Microsoft has similar (less publicly documented) standards. Proper authentication (SPF, DKIM, DMARC), low spam rates, and good sending practices are universal best practices that improve delivery across all providers.
I send fewer than 5,000 emails per day. Do I still need to comply?
Technically, the bulk sender requirements apply at 5,000+ messages per day to Gmail. Practically, you should comply regardless. Non-compliant emails have lower deliverability even below the threshold. These are best practices, not just rules for high-volume senders.
What counts toward the 5,000 message daily limit?
Everything sent from your domain to Gmail addresses: cold emails, warm-up emails, transactional emails, newsletters, internal communication with Gmail users, and auto-replies. The count is per domain, aggregated across all accounts on that domain.
Can Google see my DMARC report data?
Google sends you DMARC reports (to the address in your rua tag). They also use DMARC pass/fail data in their own filtering decisions. They do not publish your DMARC data externally.
How quickly does Google enforce these requirements?
Enforcement started in February 2024 and has been progressive. Some senders experienced immediate throttling. Others saw gradual enforcement over months. As of 2025, enforcement is fully active. New domains that do not comply from the start face immediate deliverability penalties.
Stay Compliant, Stay in the Inbox
Compliance with Google's sender requirements is table stakes for cold email in 2025. At Alchemail, we build compliance into every domain from day one, managing 100+ domains per client with full authentication and deliverability monitoring. Our approach generates $55M+ in pipeline by keeping emails where they belong.
Book a call with us to ensure your cold email infrastructure meets all sender requirements.