Google is introducing stringent new security measures that will decrease the amount of spam in your personal Gmail inbox starting in April 2024. This is good news for email recipients, but it can be bad news for email senders unless you make some changes to your workflow. It may also stop some important emails from getting through to your personal Gmail inbox, at least temporarily. 

What are the new rules for email Gmail will be enforcing?

The new guidelines are called the Email Sender Guidelines. They can be a bit tough to parse, but we’ll help you out with that. They are meant to fight spam and phishing attempts. It means that businesses who have been sending bulk emails from an unverified domain (e.g. not sending from, but using either a different domain or a personal email address) will not be able to do that anymore, as well as enforcing a number of other rules that we’ll dig into. 

New rules for personal Gmail accounts only 

The new rules will apply to personal Gmail accounts only, and not to Google Workspace business customers. This means that important emails sent to or from your business Gmail should not be affected - at least in the immediate future. 

Do we need to modify our business processes? 

There are immediate short-term actions you need to take if you do regular bulk sends of emails. You should also plan for upgrades to your outgoing business email security in 2024, both as a failsafe against Google rolling out the new rules to business and to keep your outgoing emails secure. 

It’s important to note that Google is not the only company taking action, either. Yahoo, which is still one of the largest personal email providers, is making similar changes. 

1.) Immediate action for bulk email communications 

If your business has any kind of email newsletter or sends emails from a CRM such as Salesforce, then you do have some short-term actions you need to take. 

You have probably seen alerts about authenticating your domain, follow the steps your solution gives you for doing that. 

You will also need to offer one-click unsubscribe options and provide opt-out links if you send multiple communications (for example, different newsletters). If you need more detailed directions, follow this guide from the Digital Marketing Institute and, of course the Email Sender Guidelines as laid out by Google. 

Technically, these changes only have to be done for businesses that send over 5,000 emails a day, but they should be done anyway to keep your business compliant with regulations about sending emails. 

These include the EU’s GDPR - arguably the most stringent law with the most expensive consequences, which does apply to American companies that have EU customers in an email database. There is also a diaspora of spam regulations from the federal to the state level in the US. The CAN-SPAM Act is the go-to regulation at the federal level, but California also has the California Consumer Privacy Act which tracks closer to the severe penalties of the GDPR. 

In short, making sure your email newsletters and CRM sends are compliant with Google’s new email rules will bring your business more in line with current regulations and ensure better delivery and open rates. 

2.) Long-term action for your Google Workspace business email

It is absolutely reasonable to assume that the new rules are being rolled out initially for personal Gmail only as a first run to work out the kinks. Given the wide scope of the new rules, Google likely wants to get it right before rolling out the guidelines to its business email recipients. 

Regardless of whether or not Google chooses to roll out the new rules to businesses, your important emails are more likely to make it through to recipients if you set up three protocols: SPF, DKIM, and DMARC. 

Before diving too deep into the setup of each protocol, you can hire UpCurve Cloud to do this for you whether you are a Google Workspace client of ours or not. Setting up these three protocols can be tricky if you are not a seasoned IT professional, and it is easy to get it wrong - which you don’t want to do. 

If you aren’t our client and want to stick with your current vendor, get in touch with them to get it set up. There will likely be a charge for extra support, as there would be with us as well. You will also need to give your vendor access to your domain hosting provider. All of the three protocols require changing records with your domain host. 

  • Setting up SPF
    Your SPF record has to be added with your domain hosting provider. You’ll need to log in to your domain hosting account and modify the records as specified in Google’s support article here.

  • Setting up DKIM
    While you are setting up your SPF record with your domain provider, you should do DKIM at the same time. Again, Google has a helpful support article to assist with this.

  • Setting up DMARC
    This is arguably the trickiest of the three to set up. You will want to set up SPF and DKIM and test them prior to setting up DMARC, again following the steps that Google has provided

After you have set up all three, notify everyone in your organization and tell them to let you know if important emails are not being received by clients. If they aren’t, you may need to go back and troubleshoot that you have followed all of the setup instructions correctly. 

This sounds like a lot of work - why should I do it? 

The main benefits of modifying your business email practices are that you will land more emails in inboxes, improving your chances of getting business and being responsive to clients. Realistically, Google has not been enforcing domain verification for two decades, and the fact that it is now means that spammers and phishers are taking advantage of this. Ensuring that your email security is solid reduces your own cybersecurity risk profile. 

Would you just rather hand over hard Google Workspace tasks to us? We can handle everything you need, from security to integrations. Get in touch with UpCurve Cloud today to see what we can do for you. 


Contact Us to Learn More about Transforming Your Business