Google’s New DMARC Compliance Requires You to Stop Impersonating Gmail From: Headers
As of January 16, 2023, the United States led globally in the daily volume of spam emails sent, totaling approximately 8 billion. Czechia and the Netherlands followed closely, ranking second and third with 7.7 billion and 7.6 billion spam emails, respectively.
To combat such uncontrollable numbers of phishing and spamming instances, Google and Yahoo rolled out new policies necessitating DMARC adoption for domains used for sending more than 5,000 emails per day. Google laid down a few pointers for bulk and regular email senders, and one of them was the prohibition from impersonating Gmail From: headers.
Although the news has been well adopted across industries and more companies have started deploying SPF, DKIM, and DMARC, there’s still a lack of comprehension and practice of not impersonating the Gmail From: header.
So, we have curated a blog explaining what it means and how it can impact your domain’s email deliverability if you practice it.
What Does Impersonating Gmail From: Header Mean?
Gmail’s list of ‘sending practices to avoid’ mentions not to impersonate other domains or senders without permission. This practice is called spoofing, and Gmail is likely to tag such messages as ‘spam,’ risking even genuine communications.
In simpler words, it says that senders should not use any other platform to send emails if they use gmail.com as their domain. This practice is identified as an instance of domain spoofing.
So, if you own a small business and use a platform like Mailchimp to dispatch emails from an address like yourbusinessname@gmail.com, your messages will fail DMARC authentication checks. Such emails will be counted as illegitimate or unauthorized as the platform’s servers would neither be included in the SPF record for gmail.com nor get DKIM signed.
This will impact your domain’s email deliverability and email-based communications at different levels.
Changes Made By Google
Previously, the DMARC policy for gmail.com was set to p=none, which directed recipients’ mailboxes to take no action against messages that failed DMARC authentication checks. So, if you were a regular gmail.com user (not having a customized domain), then it didn’t really matter if you impersonated the Gmail From: headers because a failed DMARC check had no impact on these messages and their placement in recipients’ mailboxes.
Image sourced from fastercapital.com
However, Google has changed the scenario now.
Starting from February 1, 2024, Google has shifted the DMARC policy for gmail.com from p=none to p=quarantine. As per p=quarantine, recipients’ email servers have to place emails impersonating Gmail From: headers in the spam folders instead of primary inboxes.
This will bring a reduction in the engagement rate for outgoing emails for your domain, impacting sales, operations, customer services, internal communications, marketing campaigns, PR strategies, etc.
Who Will Be Affected?
Any domain owner using an external platform for sending emails but using gmail.com as the domain will be tagged as an impersonator and be affected by this new change.
Your emails will land in the spam or promotions folder, and your domain will lose its good reputation. Let’s see how you can save yourself from this problem.
What’s the Solution?
You can stop using an external platform to send emails if you want to continue using the gmail.com domain.
If you can’t do this (and most businesses can’t), then get a customized domain that can properly authenticate on that platform, so you don’t impersonate Gmail From: Headers. Most businesses have their own domain, which they can use for sending emails.
So, set up your domain for email, deploy SPF, DKIM, and DMARC, and start sending out emails from an email address like- marketing@yourbusinessname.com.
If you don’t own a domain, then you need to buy it immediately; otherwise, your email deliverability will be impacted. Buying a domain is easy and only costs a few dollars per year. Apart from being a genuine sender in the eyes of Google, having a domain for your business creates trust and credibility among customers and prospects, thus driving more business towards you. Avoid buying a domain name that doesn’t match your business name or isn’t clearly recognizable.
Reach out to your email service provider (ESP) to support you in setting up the new domain for sending emails and planning a smooth transition in switching from gmail.com to yourbusinessname.com.
We at DMARCreport.com can help with the intricacies of email authentication, reporting, and monitoring. So, once your domain is all set to be used for sending messages, reach out to us, and we’ll take care of DMARC.
By deploying DMARC, you would not only be compliant with Google’s new policy but also shield your business from phishing and spoofing attacks directed towards you, your employees, and your customers.