In 2024, Gmail and Yahoo simultaneously announced requirements that transformed email authentication from best practice into operational necessity for any sender above specific volume thresholds. Microsoft followed in 2025 with its own enforcement. These aren't soft recommendations — non-compliance generates hard SMTP rejection errors that prevent delivery entirely. Understanding exactly what each provider requires, when it applies, and what the rejection looks like in your logs is the prerequisite for staying in every recipient's inbox.
DMARC Adoption Surge Following Gmail + Yahoo Requirements (domains with valid DMARC)
Gmail Bulk Sender Requirements (2024 Enforcement)
Google began enforcing bulk sender requirements in February 2024, with gradual rollout reaching full enforcement by mid-2024. These requirements apply to senders sending 5,000 or more messages per day to Gmail addresses.
Required for all bulk senders
- SPF configured: Valid SPF record for your sending domain that authorises your sending IPs
- DKIM signing: 1024-bit minimum, 2048-bit strongly recommended. Must sign with your sending domain's selector.
- DMARC record published: Minimum p=none. No specific policy level required — but the record must exist and be syntactically valid.
- Alignment: Either SPF or DKIM (or both) must align with the From: header domain for DMARC to pass
- One-click unsubscribe (RFC 8058): All marketing and subscription email must include a List-Unsubscribe header with a one-click unsubscribe method. Unsubscribe requests must be processed within 2 business days.
- Spam rate below 0.10%: Sustained spam rates above 0.10% will result in temporary inbox placement issues. Rates above 0.30% trigger enforcement with 550 5.7.1 or 550 5.7.26 rejection errors.
Gmail compliance rejection codes
# Authentication failure (missing SPF, DKIM, or DMARC)
550 5.7.26 This message does not have authentication information or fails to
pass authentication checks. To best protect our users from spam, the
message has been blocked.
# Spam rate enforcement
550 5.7.1 [IP] Our system has detected that this message is likely
unsolicited mail.
# Missing one-click unsubscribe (marketing mail)
550 5.7.1 The SMTP server requires that you authenticate.Gmail Postmaster Tools: Compliance Status dashboard
The Compliance Status dashboard (added in Gmail Postmaster Tools v2, October 2025) shows your compliance status across all requirements. It replaces the older IP/Domain reputation breakdown and provides direct visibility into which requirements you're meeting and which are causing filtering.
Yahoo Bulk Sender Requirements
Yahoo implemented matching requirements to Gmail's simultaneously in Q1 2024. The requirements are essentially identical in scope:
| Requirement | Gmail | Yahoo | Microsoft (2025) | Enforcement |
|---|---|---|---|---|
| SPF record | Required | Required | Required | Reject if missing + sending > 5K/day |
| DKIM signing | Required — 2048-bit+ | Required | Required | Reject or spam-folder |
| DMARC policy | p=none minimum | p=none minimum | p=none minimum | p=reject strongly recommended |
| One-click unsubscribe | Required for bulk (5K+) | Required for bulk | Recommended | Gmail/Yahoo: spam-folder without it |
| Spam complaint rate | < 0.10% enforced | < 0.10% enforced | < 0.30% before action | Gmail: 550 5.7.28 at 0.30% |
| PTR record | Recommended | Required | Required | Yahoo/MS: soft block if missing |
| List-Unsubscribe header | Required RFC 8058 | Required | Recommended | Gmail: required in From: domain |
List-Unsubscribe: <https://yourdomain.com/unsub?id=abc123&token=xyz>, <mailto:unsub@yourdomain.com?subject=unsubscribe> List-Unsubscribe-Post: List-Unsubscribe=One-Click # The HTTPS URL must accept a POST request with # List-Unsubscribe=One-Click in the body and immediately unsub. # Gmail tests this URL — if it returns non-200, marks as non-compliant. # What NOT to do: # List-Unsubscribe: <https://yourdomain.com/unsub-page> # (Landing page requiring user action = not one-click = non-compliant)
- SPF configured and passing
- DKIM signing with your sending domain
- DMARC record published (p=none minimum)
- One-click unsubscribe for marketing/subscription email (RFC 8058)
- Spam rate below 0.30%
- Low bounce rate (under 2% hard bounce rate)
Yahoo uses its TS error code system for enforcement:
# TS01: Spam complaint rate too high
421 4.7.1 [TS01] Messages from x.x.x.x temporarily deferred due to user
complaints - x.x.x.x; see https://postmaster.yahooinc.com/error-codes
# TS02: Poor reputation
421 4.7.1 [TS02] Messages from x.x.x.x temporarily deferred...
# TS03: Connection rate exceeded (not reputation-based)
421 4.7.1 [TS03] All messages from x.x.x.x will be permanently rejected...
# Hard failure
554 delivery error: Sorry your message to address@yahoo.com cannot be
delivered. This mailbox is disabled, no longer accepting mail.Microsoft Requirements (May 2025)
Microsoft announced its own bulk sender enforcement effective May 5, 2025, targeting senders at or above 5,000 messages per day to Microsoft-managed accounts (Outlook.com, Hotmail.com, Live.com).
Microsoft requirements for bulk senders
- SPF: Valid SPF record; must pass for the sending IP
- DKIM: Required; 2048-bit keys required for new setups
- DMARC: p=none minimum; alignment required
- FCrDNS: Forward-confirmed reverse DNS — the sending IP's PTR record must resolve to a hostname that resolves back to the same IP (this was already best practice but became mandatory)
- Postmaster registration: Registering domains in Microsoft Postmaster Tools (now called Microsoft's Email Insights) is strongly recommended and speeds up reputation establishment
Microsoft compliance rejection codes
# Authentication failure (May 2025 enforcement)
550 5.7.515 Access denied, sending domain [yourdomain.com] does not meet
the required authentication standards for this recipient. Contact your
email administrator.
# IP reputation block
550 5.7.606 Access denied, banned sending IP [x.x.x.x]. To request removal
from this list please visit https://sender.office.com/
# General spam policy
550 5.7.1 Unfortunately, messages from [x.x.x.x] weren't sent.
Please contact your Internet service provider since part of their network
is on our block list.Universal Requirements Across All Providers
Beyond the platform-specific requirements, these universal requirements apply across all major receiving ISPs:
- Valid PTR record (FCrDNS): Sending IP must have a reverse DNS record that forward-resolves back to the same IP. Missing or broken PTR records cause rejection or aggressive filtering at virtually every ISP.
- Consistent From: domain: Use the same From: domain consistently. Rotating From: domains or mismatching From: with authentication domains creates confusion in ISP reputation tracking.
- Functional postmaster address: An RFC 2142-compliant postmaster@ address for your sending domain that receives and responds to mail.
- Visible physical address: Required by CAN-SPAM for commercial email (US law); good practice globally.
- Functional unsubscribe: Unsubscribe links must work; must be processed within 10 business days (CAN-SPAM) or immediately (CASL for Canadian recipients).
The Compliance Checklist
| Requirement | Gmail | Yahoo | Microsoft | How to verify |
|---|---|---|---|---|
| SPF configured | ✅ Required | ✅ Required | ✅ Required | dig TXT yourdomain.com; mxtoolbox.com/spf |
| DKIM signing | ✅ Required | ✅ Required | ✅ Required | Email header: Authentication-Results dkim=pass |
| DMARC p=none+ | ✅ Required | ✅ Required | ✅ Required | dig TXT _dmarc.yourdomain.com |
| One-click unsubscribe | ✅ Required | ✅ Required | Recommended | Email header: List-Unsubscribe-Post present |
| FCrDNS/PTR | Recommended | Required | ✅ Required | dig -x YOUR_IP; verify hostname forward-resolves |
| Spam rate <0.10% | ✅ Threshold | ✅ Threshold | Internal signal | Gmail Postmaster Tools spam rate graph |
What Non-Compliance Looks Like in Your Logs
Non-compliance surfaces in SMTP delivery logs as specific error patterns. Knowing which error maps to which requirement gap allows rapid diagnosis:
# In Postfix mail.log or PowerMTA accounting:
# Gmail authentication failure:
status=bounced (host gmail-smtp-in.l.google.com said: 550-5.7.26 This message
does not have authentication information...)
# Yahoo TS01 (complaint rate):
status=deferred (host mta7.am0.yahoodns.net said: 421 4.7.1 [TS01] Messages
from x.x.x.x temporarily deferred due to user complaints...)
# Microsoft May 2025 authentication:
status=bounced (host mail-eopbgr130056.outbound.protection.outlook.com said:
550 5.7.515 Access denied, sending domain [yourdomain.com] does not meet...)
# Missing PTR (generic):
status=bounced (host xxx said: 550 PermFail - Host not found or poorly
configured. Try again later. PTR lookup failed for IP)Filter your SMTP logs for these patterns daily. Any 550 error from a major ISP warrants immediate investigation. A 421 pattern that persists across more than a few hours indicates a systematic issue rather than transient throttling.
