In a continuing effort to strengthen email security and improve the user experience, Gmail has recently implemented a significant change affecting email senders. This change aims to make email authentication mandatory for all incoming emails. Specifically, Gmail now requires that all emails sent to its platform be authenticated using DKIM (Domain Keys Identified Mail) or SPF (Sender Policy Framework). Note the "or"! It's one or the other (but ideally both).
If you are trying to send emails to Gmail subscribers and your email is not authenticated correctly, it will be rejected with an error message like this:
550-5.7.26 This mail is unauthenticated, which poses a security risk to the sender and Gmail users, and has been blocked. The sender must authenticate with at least one of SPF or DKIM. For this message, DKIM checks did not pass and SPF check for [domain] did not pass with ip: [IP address]. The sender should visit for instructions on setting up authentication. x-y.z - gsmtp
In other words, for your emails to reach Gmail subscribers, you need to ensure that DKIM or SPF authentication is in place.
Need help? Consult a deliverability expert!
If you're experiencing email authentication problems and don't know where to start, it's advisable to call in a deliverability consultant. Our experts specialize in email management and can guide you through the correct configuration of DKIM and SPF, as well as solving any problems related to email authentication. If you have any questions or concerns, don't hesitate to contact Badsender.
The implications of Gmail's new policy
This new Gmail policy marks a turning point in the way emails are managed on the platform. Previously, Gmail strongly encouraged email senders to follow best practices in email authenticationBut now, these authentication checks have become mandatory. This ensures that only emails authenticated by DKIM or SPF have access to Gmail users' inboxes.
It's worth noting that this obligation was already in place for emails sent in IPv6, Gmail has simply generalized the practice to emails sent in IPv4 (and sorry if I've just lost you, the techies will understand, the others need to remember that the practice is now generalized).
If you think your emails are authenticating correctly, but you keep seeing error messages, it's highly likely that there's a problem preventing your emails from authenticating correctly. It's time to review your settings, or contact your email marketing tool or email support (or a specialist consultant) for help.
It's essential to note that Gmail isn't doing this to annoy senders, but to strengthen security and protect its users from unauthenticated and potentially dangerous emails.
SPF and DKIM: Two pillars of authentication
With DMARC (and to a lesser extent BIMI), SPF and DKIM are two of the pillars of authentication. SPF prevents spammers from sending unauthorized messages in your domain's name, while DKIM verifies that the domain owner actually sent the message.
Find out more about authentication rules in Gmail, feel free to consult the dedicated documentation on their support site.