Google Enforces stricter measures to combat spoofed emails for better phishing protection

Google has started automatically blocking emails sent by bulk senders who don’t meet stricter spam thresholds and authenticate their messages as required by new guidelines to strengthen defenses against spam and phishing attacks.

As announced in October, the company now requires those who want to dispatch over 5,000 messages daily to Gmail accounts to set up SPF/DKIM and DMARC email authentication for their domains.

The new guidelines also require bulk email senders to avoid sending unsolicited or unwanted messages, provide a one-click unsubscribe option, and respond to unsubscription requests within two days.

Spam rates must also be maintained below 0.3%, and “From” headers must not impersonate Gmail. Non-compliance may result in email delivery issues, including rejected emails or emails being automatically sent to recipients’ spam folders.

“Bulk senders who don’t meet our sender requirements will start getting temporary errors with error codes on a small portion of messages that don’t meet the requirements,” Google says.

Advertisements

“These temporary errors help senders identify email that doesn’t meet our guidelines so senders can resolve issues that prevent compliance.”

“Starting in April 2024, we’ll begin rejecting non-compliant traffic. Rejection will be gradual and will impact non-compliant traffic only. We strongly recommend senders use the temporary failure enforcement period to make any changes required to become compliant.”

The company also plans to enforce these requirements starting in June, with an accelerated timetable for domains used to send bulk emails since January 1, 2024.

As Google claimed when the new guidelines were first announced, its AI-powered defenses can successfully block nearly 15 billion unwanted emails daily, preventing over 99.9% of spam, phishing attempts, and malware from infiltrating users’ inboxes.

“You shouldn’t need to worry about the intricacies of email security standards, but you should be able to confidently rely on an email’s source,” said Neil Kumaran, Group Product Manager for Gmail Security & Trust in October.

“Ultimately, this will close loopholes exploited by attackers that threaten everyone who uses email.”