Gmail and Yahoo Bulk Sender Requirements

What Gmail and Yahoo require from bulk senders

If you send more than 5,000 messages a day to Gmail accounts, Google treats that traffic as bulk sending. Yahoo began enforcing similar sender standards in 2024. The practical answer is simple: authenticate every sending path, keep complaints low, make unsubscribing easy, and keep your DNS clean.

• Publish SPF and DKIM for the domain you send from. Gmail requires both for bulk senders, and Yahoo requires both for bulk senders.
• Publish a valid DMARC record for the visible From domain. The minimum policy can be p=none, but DMARC still needs an aligned SPF pass or an aligned DKIM pass.
• Keep spam complaints low. Google and Yahoo both name 0.30% as a limit to stay below. Google also recommends keeping Postmaster Tools spam rates below 0.10% and avoiding any spike to 0.30% or higher.
• Add one-click unsubscribe headers for marketing and subscribed mail, plus a clear unsubscribe link in the message body.
• Use valid forward and reverse DNS for sending IPs, send over TLS, follow RFC 5322 message formatting, and do not impersonate Gmail or another brand.

Use the official Google sender guidelines and Yahoo Sender Hub as the source of truth, because enforcement details can change. For the technical standards, SPF is defined in RFC 7208, DKIM in RFC 6376, and DMARC in RFC 7489. Microsoft also documents SPF, DKIM, and DMARC in its email authentication guidance.

You can check your live domain setup with the free InboxRadar domain scorecard. It reads your DNS records, grades SPF, DKIM, DMARC, and MX, and shows the highest impact fix first.

The authentication checklist that actually matters

Passing the sender rules is not about adding three DNS records and moving on. Gmail, Yahoo, Outlook, and Microsoft 365 look at whether the message they receive can be tied back to the domain the recipient sees in the From header.

• SPF: publish one SPF TXT record for each sending domain. Include every legitimate sender, avoid duplicate SPF records, and stay within the RFC 7208 limit of 10 DNS-querying terms during SPF evaluation. The include, a, mx, ptr, exists, and redirect terms count. Use ~all while you are still validating sources. Move to -all only when you are confident every legitimate sender is included.
• DKIM: turn on signing in every platform that sends mail for you. Each platform usually gives you a selector, such as selector1._domainkey.example.com, and a public key to publish in DNS. Remove unused selectors, rotate old keys, and prefer 2048-bit keys when your provider supports them.
• DMARC: publish the record at _dmarc.yourdomain.com. Start with p=none and a rua mailbox or reporting service so you can see who is sending as your domain. Move to p=quarantine or p=reject only after SPF and DKIM are passing for legitimate mail.
• Alignment: DMARC passes when SPF or DKIM passes and the authenticated domain aligns with the visible From domain. Relaxed alignment is accepted by Yahoo and is common in real deployments, but do not assume a vendor's shared return-path domain protects your brand.
• MX: make sure the domain can receive mail, especially replies, bounces, role inboxes, and DMARC aggregate reports. MX does not authenticate outbound mail, but broken receiving DNS is a common sign of a neglected sender domain.

Why compliant mail can still land in spam

Authentication gets you through the front door. Inbox placement still depends on reputation, complaint rate, content, list quality, and recent sending behavior. Mailbox providers route mail to spam when their systems decide the message is unwanted, risky, misleading, or unauthenticated, not because one magic keyword appeared in the copy.

• Watch blocklists, especially if you use a shared IP or recently changed email providers. A listing can hurt delivery even when DNS authentication is correct.
• Separate transactional, product, and marketing streams when volume is meaningful. Different IPs, subdomains, or DKIM domains help reputation reflect the actual type of mail being sent.
• Do not buy lists, scrape addresses, or keep mailing people who never engage. Spam reports are one of the clearest negative signals Gmail and Yahoo use.
• Honor unsubscribes quickly. Yahoo says bulk senders should honor unsubscribes within 2 days. Gmail requires one-click unsubscribe for marketing and subscribed messages from bulk senders.
• Monitor drift. SPF includes change, DKIM selectors get removed during ESP migrations, DMARC reports stop going to the right mailbox, and old platforms keep sending after a rebrand.

If you need the adjacent basics, see the related deliverability guides at InboxRadar guides.