Gmail tightens its sending rules: what's changing for senders starting November 2025
By CaptainDNS
Published on November 6, 2025
- #DMARC
- #Deliverability
- #Gmail
- #DNS
Download the comparison tables
Assistants can ingest the JSON or CSV exports below to reuse the figures in summaries.
TL;DR - 📢 Gmail tightens the screws on bulk senders again: Starting November 2025, Google will once again tighten the rules for email senders, especially bulk senders (high volumes). Goal: bolster security and keep Gmail inboxes trustworthy by eliminating unauthenticated traffic.
🔍 Reminder: current requirements
Since February 2024, Gmail and Yahoo have enforced a baseline for every sender.
| Current requirement | Detail | Impact |
|---|---|---|
| SPF | Authorizes servers to send on behalf of the domain | Rejected if missing or misaligned |
| DKIM | Cryptographic signature of the content | Rejected if the signature is absent |
| DMARC | Policy when SPF/DKIM fail | Required with at least p=none |
| TLS | Encrypted transport | Blocked if not supported |
| Unsubscribe link | Present and functional in one click | Mandatory for campaigns |
| Complaint rate < 0.3% | Measured via Google Postmaster Tools | Risk of a degraded reputation |
| Reverse DNS (PTR) | Must point to the sending server name | Automatically verified by Gmail |
🧠 Good to know
These requirements apply beyond marketing campaigns: any domain sending messages to Gmail must be fully authenticated, even for transactional mail.
🚨 What changes starting November 2025
Google introduces a long-term distinction between “standard” senders and bulk senders.
| Category | Estimated volume | New obligations (Nov 2025) |
|---|---|---|
| Bulk senders (≥ 5,000 emails/day) | Mass sending: marketing, notifications, newsletters | 🔸 Strict DMARC enforcement 🔸 Mandatory alignment of the “From:” domain 🔸 Spam-rate tracking per subdomain 🔸 1-click unsubscribe required 🔸 Temporary (4xx) rejects when non-compliant |
| Standard senders (< 5,000 emails/day) | Client comms, SMBs, institutions | 🔸 DMARC strongly recommended 🔸 Systematic TLS and PTR checks 🔸 Simplified monitoring via Postmaster Tools |
💡 Once flagged as a bulk sender, a domain keeps that status even if the volume later drops.
❓ Quick question
Not sure whether you exceed the threshold?
Review your SMTP logs or your sending provider’s stats to estimate daily volumes to @gmail.com.
🧩 The role of authentication protocols
| Protocol | Purpose | Alignment required |
|---|---|---|
| SPF | Authorize sending IPs | Envelope domain = From domain |
| DKIM | Sign the content | d= domain = From domain |
| DMARC | Define the policy | SPF or DKIM must be aligned |
Example:
From: contact@example.com
Return-Path: bounce.example.com
DKIM-Signature: d=example.com; s=mail2025;
✅ SPF: aligned
✅ DKIM: aligned
✅ DMARC: valid → message accepted.
🧾 Technical checklist before November 2025
| Item | Verification | Recommended tool |
|---|---|---|
| SPF valid and up to date | No more than 10 include: | 🔍 CaptainDNS → SPF Lookup |
| DKIM present and aligned | d= signature matches the From domain | 🔍 CaptainDNS → DKIM Check |
| DMARC configured | Policy at least p=none, strict alignment | 🔍 CaptainDNS → DMARC Check |
| PTR (reverse DNS) | IP reverse resolves to the proper host | 🔍 CaptainDNS → IP Whois |
| TLS | Valid certificate on the MTA | openssl s_client or CaptainDNS SMTP Test |
| 1-click unsubscribe | List-Unsubscribe: header present | Verify on a sample |
| Monitoring | Google Postmaster Tools account enabled | postmaster.google.com |
Gmail bulk sender compliance 2025
- Volume threshold
- ≥ 5,000 emails/day
- Authentication baseline
- SPF, DKIM, DMARC with strict alignment
- Security controls
- TLS, PTR checks, spam rate < 0.3%
- User protection
- 1-click unsubscribe + Postmaster complaint tracking
📊 Strategic recommendations
- Isolate flows: marketing, transactional, and internal mail should live on dedicated subdomains.
- Adopt BIMI to strengthen visual trust.
- Watch IP/domain reputation every week.
- Automate DMARC reports (RUA/RUF) to spot anomalies quickly.
- Harden the policy gradually:
p=none→p=quarantine→p=reject.
🧭 Conclusion
Deliverability is now a DNS compliance matter.
Senders who delay the upgrade risk large-scale blocks as soon as November 2025.
Act now: audit, fix, monitor.
