New Gmail security rules to be enforced in seven OPA IMAGES/LIGHTROCKET VIA GETTY IMAGESStarting from April 1, Google will reject emails from bulk senders unless they meet new authentication requirements. This strict rule is aimed at reducing the amount of spam that lands in Gmail inboxes and enhancing the security of Gmail users. By implementing these new requirements, Google is aiming to prevent malicious actors from using unauthenticated or compromised domains to deliver their dangerous payloads and reduce unwanted spam.
New Bulk Sender Rules To Protect Gmail Users From Spam And MoreLet’s face it: Gmail users get as much spam as anyone else, but most of it thankfully lands in the dedicated spam folder. That folder must be checked regularly for important emails wrongly flagged as spam. But what if I were to tell you that, starting in just five days, a whole bunch of spam will be blocked before it even has a chance to hit your inbox? Furthermore, the same new rules requiring proper domain authentication from bulk senders will increase email security for Gmail users. Here’s everything you need to know about Google’s new security rules for anyone sending email in large volumes to Gmail users.
Google’s Bulk Sender DefinitionGoogle defines a bulk sender as anyone sending “close to 5,000 messages or more to personal Gmail accounts within 24 hours.” It should be noted that this includes all emails sent from the same primary domain, regardless of how many subdomains may be used. Meeting that bulk sender status once marks you as a bulk sender permanently as there is no expiration date to the categorization. As already noted, the bulk sender guidelines only apply to emails sent to personal Gmail accounts. However, all senders must abide by the new regulations and that includes those using Google Workspace accounts to send email.
Strict Domain Authentication Rules To Start April 1In a Gmail product update notice posted in October 2023, Gmail’s group product manager, Neil Kumaran, explains that “many bulk senders don’t appropriately secure and configure their systems, allowing attackers to easily hide in their midst.” Validation that someone sending email is who they claim to be, particularly when we are talking about those sending large volumes, is a critical requirement as far as email security is concerned.
That’s why, beginning April 1, all bulk senders will be required to authenticate their email using “well-established best practices.” Best practices like Domain-based Message Authentication, Reporting & Conformance, DomainKeys Identified Mail and Sender Policy Framework. “Ultimately, this will close loopholes exploited by attackers that threaten everyone who uses email,” Kumaran says.
This type of email authentication should be a given for any professional marketer seeing as how it diminishes the risk of spoofing or hijacking by malicious or unethical senders. You will have noted I said diminish and not eradicate as, unfortunately, there are still ways around such measures including SubdoMailing. However, a Google spokesperson told me that “Gmail has multiple layers of protections, and we’re constantly adding more to defend against this attack vector.”
Click To Unsubscribe Will Become Mandatory On June 1Starting June 1, all bulk senders will have to include a one-click unsubscribe option. Anyone who has tried to unsubscribe from a mailing list will appreciate how convoluted a process it can be. Kudos to Google for trying to make this process not only easier for Gmail account holders but also quicker. The June 1 regulations will also require those bulk senders to process unsubscribe requests within 48 hours.
03/27 update: And talking of one-click unsubscribe options, a feature you would think that nobody could take issue with, a claim that Google is indulging in election interference by asking Gmail users to unsubscribe from emails sent by the Donald Trump campaign has gone semi-viral on X (formerly known as Twitter.)
The claim has been made by accounts from some of the most significant Trump-friendly accounts to the most petite, many of the latter looking very much like disinformation bot accounts with a handful of followers. The posts on X are not templated and appear to be posted in good faith by many of the posters. However, they typically claim election interference and suggest that Google is actively trying to steal the 2024 Presidential election by asking Gmail users to unsubscribe from Trump newsletters.
Those that include screenshots of the supposed political interference intervention from Google reveal that what is actually happening is Google is offering Gmail users the opportunity to unsubscribe from a mailing list where that user has not opened any emails to read them for a month or more.
There is even a community note added to some of the more prominent account postings on X, which provides the facts of the matter: “Google rolled out an ‘inbox tip’ feature in 2017 that identifies senders whose emails have not been interacted with over a long period of time. This feature is not unique to emails from President Trump or any other political mailing.”
The fact-checking site Snopes has also investigated the Trump unsubscribe claim and concluded that it is false: “…social media influencers misrepresented a feature Google introduced in 2017.”
ABC 10 News has also debunked the claim in its Fact or Fiction segment. The description of the segment video posted to YouTube goes one step further than most fact checkers, twisting the election interference claim around and suggesting “some conservative social media influencers are claiming Google is trying to interfere with the election by suggesting Gmail users unsubscribe from Donald Trump's emails.”
source
