Do we meet the newest Gmail bulk sender requirements?
You can see the (user-facing) blog post from Google about these changes that will take place in Feb 2024: https://blog.google/products/gmail/gmail-security-authentication-spam-protection/.
I'm most concerned about item number 1 in the list:
we're requiring those who send significant volumes to strongly authenticate their emails following well-established best practices. Ultimately, this will close loopholes exploited by attackers that threaten everyone who uses email.
These best practices apply to email senders who "send more than 5,000 emails per day" (which we do when we send messages, who knows how exactly they are counting that).
The requirements / best practices seem to be here: https://support.google.com/a/answer/81126?visit_id=638418241830406355-2407374197&rd=1#requirements-5k&zippy=%2Crequirements-for-sending-or-more-messages-per-day
Starting February 1, 2024, senders who send more than 5,000 messages per day to Gmail accounts must meet the requirements in this section.
- Set up SPF and DKIM email authentication for your domain.
- Ensure that sending domains or IPs have valid forward and reverse DNS records, also referred to as PTR records. Learn more
- Use a TLS connection for transmitting email. For steps to set up TLS in Google Workspace, visit Require a secure connection for email.
- Keep spam rates reported in Postmaster Tools below 0.10% and avoid ever reaching a spam rate of 0.30% or higher. Learn more about spam rates.
- Format messages according to the Internet Message Format standard (RFC 5322).
- Don’t impersonate Gmail From: headers. Gmail will begin using a DMARC quarantine enforcement policy, and impersonating Gmail From: headers might impact your email delivery.
- If you regularly forward email, including using mailing lists or inbound gateways, add ARC headers to outgoing email. ARC headers indicate the message was forwarded and identify you as the forwarder. Mailing list senders should also add a List-id: header, which specifies the mailing list, to outgoing messages.
- Set up DMARC email authentication for your sending domain. Your DMARC enforcement policy can be set to none. Learn more
- For direct mail, the domain in the sender's From: header must be aligned with either the SPF domain or the DKIM domain. This is required to pass DMARC alignment.
- Marketing messages and subscribed messages must support one-click unsubscribe, and include a clearly visible unsubscribe link in the message body. Learn more
Can you confirm that we're following these best practices? I'm asking specifically about Civi mailing functions.