The rules that changed bulk email for good
In early 2024, Google and Yahoo stopped treating good sending practice as optional. Anyone sending around 5,000 or more messages a day to Gmail addresses must authenticate their domain with SPF, DKIM and DMARC, offer one-click unsubscribe, and keep spam complaints below a hard threshold. Miss the bar and mail is throttled or sent straight to spam. Microsoft has since applied similar requirements to Outlook.com addresses, so the rules now effectively cover the mainstream consumer inbox.
Two things matter for smaller senders. First, the 5,000 figure counts messages across your whole domain, including automated receipts and notifications, so businesses cross it sooner than they expect. Second, even below the threshold, Gmail scores every sender on the same signals. Treating the bulk-sender rules as your baseline is the safest posture whatever your volume.
Authentication: SPF, DKIM and DMARC in plain English
All three are DNS records that prove your email genuinely comes from your domain.
- SPF lists which servers are allowed to send mail for your domain. Your email platform gives you the value to publish.
- DKIM adds a cryptographic signature to each message so receivers can verify it was not altered in transit.
- DMARC ties the two together and tells receivers what to do with mail that fails. Bulk senders need at least a published policy of p=none, and the domain in your From address must align with the authenticated domain.
One consequence catches many small firms out: you can no longer send campaigns from a free @gmail.com address through a marketing platform, because you cannot authenticate a domain you do not own. Send from your own domain, ideally a subdomain such as mail.yourbusiness.co.uk, which keeps your marketing reputation separate from day-to-day correspondence.
Need a hand with this?
Our team delivers Email Marketing for UK businesses — with a free initial consultation, transparent fixed quotes and no lock-in contracts. Tell us what you're working on →
One-click unsubscribe is not optional
Bulk senders must include one-click unsubscribe headers (the standard is RFC 8058), which is what powers the "Unsubscribe" button Gmail shows next to the sender name, and they must honour requests within two days. This is separate from the unsubscribe link in your footer, which you still need.
Reputable platforms such as Mailchimp, Brevo, Klaviyo and MailerLite add these headers automatically, but only when you use their built-in unsubscribe handling. If you have wired up a custom preference centre or, worse, an "email us to unsubscribe" arrangement, you are likely non-compliant. Making unsubscribing easy also protects you: a reader who cannot leave quickly will hit the spam button instead, and that costs far more.
Complaint rate: the number that decides your fate
Google's stated threshold is a spam complaint rate below 0.3%, with a target of under 0.1%. Every time a Gmail user marks your message as spam, it counts against you; sustained spikes above the threshold and your whole domain's mail starts failing, not just the offending campaign.
Google Postmaster Tools, which is free, shows your complaint rate and domain reputation directly. The common causes of complaints are predictable: purchased or scraped lists, mailing people who signed up years ago and have forgotten you, sudden jumps in frequency, and subject lines that overpromise. The fix is equally predictable: mail only people who recently and clearly consented, at the cadence you told them to expect.
Your monthly deliverability health check
Thirty minutes a month keeps you ahead of trouble. Work through this list:
- Check spam rate and domain reputation in Google Postmaster Tools; investigate anything above 0.1%.
- Verify SPF, DKIM and DMARC still pass using a free checker such as MXToolbox or dmarcian; DNS changes and new sending tools break them silently.
- Send a test campaign to seed addresses at Gmail, Outlook and Yahoo and note where it lands.
- Review bounce rates; anything above 2% suggests list decay worth cleaning.
- Prune or move to a re-engagement flow anyone with no clicks in six months, remembering Apple Mail Privacy Protection makes opens unreliable.
- Check your domain against common blocklists.
- Read a sample of your DMARC reports, and once results are consistently clean, plan the move from p=none towards quarantine and eventually reject.
Key Takeaway
Authenticate your sending domain with SPF, DKIM and DMARC, use one-click unsubscribe headers, and keep your Gmail spam complaint rate below 0.3%, ideally under 0.1%. Monitor it monthly in Google Postmaster Tools, verify your DNS records still pass, prune subscribers who have not clicked in six months, and never buy a list. If you do land in spam, cut volume to your most engaged segment and rebuild sender reputation gradually rather than switching domains.
Already in the spam folder? The recovery route
Reputation damage is repairable, but only gradually. Pause campaigns, fix authentication first, then resume sending at low volume to your most engaged segment only: people who clicked in the last 30 days. Consistent positive engagement from that core group is what rebuilds trust with Gmail. Expand the audience slowly over several weeks, watching Postmaster Tools as you go, and resist any shortcut involving a brand-new domain, which inbox providers treat with more suspicion, not less.
Deliverability is unglamorous plumbing, but it decides whether the rest of your email marketing exists at all. If you would like a second pair of eyes on your setup, our team runs deliverability audits for UK businesses.
