Google’s New DMARC Compliance Requires You to Stop Impersonating Gmail From: Headers

Google’s February 2024 requirements were a turning point, says Brad Slavin, CEO of DuoCircle. Before that, DMARC was a recommendation. Now it’s a gate — if your DMARC record is missing or set to p=none without a plan to enforce, your email deliverability to Gmail is at risk.

DMARC (RFC 7489) ties SPF and DKIM together by requiring alignment between the envelope sender and the visible From header. According to Google’s February 2024 bulk sender requirements, a DMARC policy of at least p=none is now mandatory for any domain sending 5,000+ messages per day to Gmail users. DMARC Report

Google’s New DMARC Compliance Requires You to Stop Impersonating Gmail From: Headers

					<button title="Play" aria-label="Play Episode" aria-pressed="false" class="play-btn">
						

Play Episode

					</button>
					<button title="Pause" aria-label="Pause Episode" aria-pressed="false" class="pause-btn hide">
						

Pause Episode

					</button>
					


				

				

					<audio preload="none" class="clip clip-10697">
						<source src="/images/wp/2024/02/Googles-New-DMARC-Compliance-Requires-You-to-Stop.mp3">
					</audio>
					

						

					

					

						

							<button class="player-btn player-btn__volume" title="Mute/Unmute">
								

Mute/Unmute Episode

							</button>
							<button data-skip="-10" class="player-btn player-btn__rwd" title="Rewind 10 seconds">
								

Rewind 10 Seconds

							</button>
							<button data-speed="1" class="player-btn player-btn__speed" title="Playback Speed" aria-label="Playback Speed">1x</button>
							<button data-skip="30" class="player-btn player-btn__fwd" title="Fast Forward 30 seconds">
								

Fast Forward 30 seconds

							</button>
						

						

							<time class="ssp-timer">00:00</time>
							

/

							<!-- We need actual duration here from the server -->
							<time class="ssp-duration" datetime="PT0H1M40S">1:40</time>
						

					

				

			

								<nav class="player-panels-nav">
												<button class="subscribe-btn" id="subscribe-btn-10697" title="Subscribe">Subscribe</button>
																		<button class="share-btn" id="share-btn-10697" title="Share">Share</button>
										</nav>
						

	



		

						

				

					

					

				

				

					

																																																																								

					

						

RSS Feed

							<input value="https://dmarcreport.com/feed/podcast/dmarc-report" class="input-rss input-rss-10697" title="RSS Feed URL" readonly />
						

						<button class="copy-rss copy-rss-10697" title="Copy RSS Feed URL" aria-label="Copy RSS Feed URL"></button>
					

				

			

									

				

					

					

				

				

					

						Share						

					

						<a href="https://www.facebook.com/sharer/sharer.php?u=https://dmarcreport.com/blog/podcast/googles-new-dmarc-compliance-requires-you-to-stop-impersonating-gmail-from-headers/&t=Google’s New DMARC Compliance Requires You to Stop Impersonating Gmail From: Headers" target="blank" rel="noopener noreferrer" class="share-icon facebook" title="Share on Facebook">
							

						</a>
						<a href="https://twitter.com/intent/tweet?text=https://dmarcreport.com/blog/podcast/googles-new-dmarc-compliance-requires-you-to-stop-impersonating-gmail-from-headers/&url=Google’s New DMARC Compliance Requires You to Stop Impersonating Gmail From: Headers" target="blank" rel="noopener noreferrer" class="share-icon twitter" title="Share on Twitter">
							

						</a>
						<a href="/images/wp/2024/02/Googles-New-DMARC-Compliance-Requires-You-to-Stop.mp3" target="blank" rel="noopener noreferrer" class="share-icon download" title="Download" download>
							

						</a>
					

				

				

					

						Link						

					

						<input value="https://dmarcreport.com/blog/podcast/googles-new-dmarc-compliance-requires-you-to-stop-impersonating-gmail-from-headers/" class="input-link input-link-10697" title="Episode URL" readonly />
					

					<button class="copy-link copy-link-10697" title="Copy Episode URL" aria-label="Copy Episode URL" readonly=""></button>
				

				

					

						Embed						

					

						<input type="text" value='<blockquote class="wp-embedded-content" data-secret="0X9lGO2QUt"><a href="https://dmarcreport.com/blog/podcast/googles-new-dmarc-compliance-requires-you-to-stop-impersonating-gmail-from-headers/">Google’s New DMARC Compliance Requires You to Stop Impersonating Gmail From: Headers</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://dmarcreport.com/blog/podcast/googles-new-dmarc-compliance-requires-you-to-stop-impersonating-gmail-from-headers/embed/#?secret=0X9lGO2QUt" width="500" height="350" title=""Google’s New DMARC Compliance Requires You to Stop Impersonating Gmail From: Headers" — DMARC Report" data-secret="0X9lGO2QUt" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script>

/*! This file is auto-generated / !function(d,l){“use strict”;l.querySelector&&d.addEventListener&&“undefined”!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll(‘iframe[data-secret=”‘+t.secret+’”]’),o=l.querySelectorAll(‘blockquote[data-secret=”‘+t.secret+’”]’),c=new RegExp(“^https?:$”,“i”),i=0;i<o.length;i++)o[i].style.display=“none”;for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(“style”),“height”===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):“link”===t.message&&(r=new URL(s.getAttribute(“src”)),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(“message”,d.wp.receiveEmbedMessage,!1),l.addEventListener(“DOMContentLoaded”,function(){for(var e,t,s=l.querySelectorAll(“iframe.wp-embedded-content”),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(“data-secret”))||(t=Math.random().toString(36).substring(2,12),e.src+=”#?secret=“+t,e.setAttribute(“data-secret”,t)),e.contentWindow.postMessage({message:“ready”,secret:t},"")},!1)))}(window,document); //# sourceURL=https://dmarcreport.com/wp-includes/js/wp-embed.min.js ’ title=“Embed Code” class=“input-embed input-embed-10697” readonly/>

					<button class="copy-embed copy-embed-10697" title="Copy Embed Code" aria-label="Copy Embed Code"></button>
				

			

				

As of January 16, 2023 , the United States led globally in the daily volume of spam emails sent, totaling approximately 8 billion. Czechia and the Netherlands followed closely, ranking second and third with 7.7 billion and 7.6 billion spam emails, respectively.

To combat such uncontrollable numbers of **phishing and spamming instances, Google and Yahoo rolled out new policies necessitating DMARC adoption for domains used for sending more than 5,000 emails per day. Google laid down a few pointers for bulk and regular email senders, and one of them was the prohibition from impersonating Gmail From: headers.

Although the news has been well adopted across industries and more companies have started deploying SPF, DKIM, and DMARC, there’s still a **lack of comprehension and practice of not impersonating the Gmail From: header.

So, we have curated a blog explaining what it means and how it can impact your domain’s email deliverability if you practice it.

What Does Impersonating Gmail From: Header Mean?

Gmail’s list of ‘sending practices to avoid’ mentions not to impersonate other **domains or senders without permission. This practice is called spoofing, and Gmail is likely to tag such messages as ‘spam,’ risking even genuine communications.

In simpler words, it says that **senders should not use any other platform to send emails if they use gmail.com as their domain. This practice is identified as an instance of domain spoofing.

So, if you own a small business and use a platform like Mailchimp to dispatch emails from an address like yourbusinessname@gmail.com, your messages will **fail DMARC authentication checks. Such emails will be counted as illegitimate or unauthorized as the platform’s servers would neither be included in the SPF record for gmail.com nor get DKIM signed.

This will impact your domain’s email deliverability and **email-based communications at different levels.

Changes Made By Google

Previously, the DMARC policy for gmail.com was set to p=none, which directed recipients’ mailboxes to take no action against messages that failed DMARC authentication checks. So, if you were a regular gmail.com user (not having a customized domain), then it didn’t really matter if you impersonated the Gmail From: headers because a failed DMARC check had no impact on these messages and their placement in recipients’ mailboxes.

However, Google has changed the scenario now.

Starting from February 1, 2024, Google has shifted the DMARC policy for gmail.com from p=none to p=quarantine. As per p=quarantine, recipients’ email servers have to place emails impersonating Gmail From: headers in the **spam folders instead of primary inboxes.

This will **bring a reduction in the engagement rate for outgoing emails for your domain, impacting sales, operations, customer services, internal communications, marketing campaigns, PR strategies, etc.

Who Will Be Affected?

Any domain owner using an external platform for sending emails but using gmail.com as the domain will be tagged as an impersonator and be affected by this new change.

Your emails will land in the spam or promotions folder, and your domain will lose its good reputation. Let’s see how you can save yourself from this problem.

What’s the Solution?

You can **stop using an external platform to send emails if you want to continue using the gmail.com domain.

If you can’t do this (and most businesses can’t), then get a customized domain that can properly authenticate on that platform, so you don’t **impersonate Gmail From: Headers. Most businesses have their own domain, which they can use for sending emails.

So, set up your domain for email, deploy SPF, DKIM, and DMARC, and start sending out emails from an email address like- marketing@yourbusinessname.com.

If you don’t own a domain, then you need to buy it immediately; otherwise, your email deliverability will be impacted. Buying a domain is easy and only costs a few dollars per year. Apart from being a **genuine sender in the eyes of Google, having a domain for your business **creates trust and credibility among customers and prospects, thus driving more business towards you. Avoid buying a domain name that doesn’t match your business name or isn’t clearly recognizable.

Reach out to your email service provider (ESP) to support you in setting up the new domain for sending emails and planning a **smooth transition in switching from gmail.com to yourbusinessname.com.

We at DMARCreport.com can help with the intricacies of email authentication, reporting, and monitoring. So, once your domain is all set to be used for sending messages, reach out to us, and we’ll take care of DMARC.

By deploying DMARC, you would not only be compliant with Google’s new policy but also **shield your business from phishing and spoofing attacks directed towards you, your employees, and your customers.

Sources

• Google Email Sender Guidelines 2024 (2024)
• RFC 7489 — Domain-based Message Authentication, Reporting, and Conformance (DMARC)