PlainDMARC
Flat-price DMARC monitoring · a plain-English weekly pass/fail verdict for every domain

Gmail Bulk Sender Requirements: The 2026 Google, Yahoo & Microsoft Checklist

Google and Yahoo made email authentication mandatory in 2024. As of November 2025, Gmail has moved from quietly spam-foldering non-compliant mail to outright rejecting it. Here is exactly what you need in place — and how to verify each item today.

Not sure if your domain passes? Check it in 30 seconds — no signup.
Run the free DMARC checker

1. The timeline: how we got to rejections

2. The compliance checklist

Every row must be a Pass before you send bulk mail to Gmail, Yahoo or Microsoft.

RequirementWhat it meansStatus you need
SPF A TXT record listing which servers may send for your domain. Published & passing
DKIM A cryptographic signature on every message, verified via a public key in DNS. Signed & valid
DMARC published A _dmarc TXT record with at least p=none (move toward p=quarantine/p=reject). Record present
Aligned From domain The visible From domain matches the domain that passed SPF or DKIM. Alignment passes
One-click unsubscribe List-Unsubscribe header + List-Unsubscribe-Post for marketing/bulk mail, honoured within 2 days. Header present
Spam rate < 0.3% Your reported spam rate in Google Postmaster Tools, ideally kept under 0.1%. Below 0.3%

3. What happens if you fail

Failing the checklist is no longer a soft penalty. Depending on how far you fall short, you'll see:

Hard rejection — messages bounce with 550-5.7.26 This mail has been blocked because the sender is unauthenticated. Recipients never receive them, and your bounce rate spikes. This is the most common symptom of a missing or misaligned DMARC setup.

Spam foldering — borderline mail that authenticates but has a poor reputation or high spam rate lands in Junk instead of the inbox.

Rate limiting — providers temporarily defer (4xx) your mail, delaying delivery for hours.

Seeing the rejection error already? Read the step-by-step fix: How to fix Gmail 550-5.7.26 rejections.

4. How to verify each item today

SPF, DKIM & DMARC records

Run the free DMARC checker — it queries your live DNS from your browser and reports whether SPF, DKIM selectors and your DMARC record are present and syntactically valid, in plain English.

Aligned From domain

Send a test message to yourself, open it, and view the original/headers. Confirm that the Authentication-Results line shows dmarc=pass — that only happens when SPF or DKIM passes and aligns with your From domain.

One-click unsubscribe

In the same raw headers, look for a List-Unsubscribe header and a List-Unsubscribe-Post: List-Unsubscribe=One-Click line on any bulk or marketing message. Most reputable ESPs add these automatically once enabled.

Spam rate

Register your domain in Google Postmaster Tools and watch the Spam Rate chart. Keep it under 0.3% at all times; treat anything over 0.1% as a warning sign.

Stop checking by hand. PlainDMARC watches every domain's DMARC reports and emails you one plain-English pass/fail verdict a week — flat price, no per-domain surprises.
Get a weekly pass/fail verdict for every domain — join the waitlist

Frequently asked questions

What are the Gmail bulk sender requirements for 2026?

Authenticate mail with SPF and DKIM, publish a DMARC record on your From domain, keep the From domain aligned, offer one-click unsubscribe on marketing mail, and keep your Postmaster Tools spam rate below 0.3%. Since November 2025 Gmail rejects non-compliant bulk mail with a 550-5.7.26 error instead of just spam-foldering it.

Why is Gmail rejecting my emails with a DMARC error?

A 550-5.7.26 rejection means Gmail could not verify that your message passed DMARC — usually because there is no DMARC record, SPF or DKIM fails, or the authenticated domain does not align with the visible From domain. Publish a DMARC record and make sure at least one of SPF or DKIM passes and aligns. See the 550-5.7.26 fix guide.

Do the Google and Yahoo requirements apply to small senders?

The bulk-sender thresholds (about 5,000 messages a day to Gmail) trigger the strictest enforcement, but SPF, DKIM and DMARC are now expected from every sender. Yahoo, Microsoft and Gmail all treat unauthenticated mail as suspicious, so small senders and agencies should meet the same checklist.