Learn about DMARC, SPF, and DKIM

When a receiver sees two From: header fields in one message, the problem is not subtle. The message is malformed.

That matters because modern receiver filtering does not separate "syntax hygiene" from "sender trust" as neatly as administrators often expect. If the visible author identity is malf...

When Gmail returns 421 4.7.28, the useful question is not just "why was this message deferred?" but which sending identity did Gmail decide was moving too fast?

That distinction matters because Google can rate limit this error at more than one layer during warm-up:

• the sending IP address
• t...

When Gmail returns 4.7.23 or 5.7.25, the problem is usually narrower than it first appears. This is not a generic “your reputation is bad” message. It is Gmail complaining that the sending IP does not have acceptable reverse DNS, or that the reverse DNS does not map back cleanly to the same publ...

For many senders, deliverability troubleshooting starts with SPF, DKIM, DMARC, PTR, and complaint rate.

That is correct, but it is not the whole picture.

Google's current sender guidelines also call out display-name misuse and other misleading message elements as things that can hurt delivery...

If you run a multi-tenant sending platform, Gmail complaint data is only useful if you can map it back to the exact stream that caused the problem.

That is what Google's Feedback-ID header is for.

Instead of sending a traditional per-message complaint copy to a mailbox, Gmail's Feedback Loop...

Gmail's newer sender-requirement enforcement changed the operational question for many teams.

It is no longer enough to say, "SPF and DKIM are configured somewhere, so delivery should be fine." Google now gives senders a dedicated Compliance status dashboard in Postmaster Tools that is meant t...

Admins keep asking the same three questions about Gmail's bulk sender rules.

Does the 5,000/day threshold count per subdomain? Does it count only mail sent to @gmail.com users, or all Google-hosted mail? And if a domain crosses the line once during a launch, a migration, or a holiday campaign,...

Sometimes a message gets rejected, deferred, or heavily spam-foldered and the first assumption is "SPF broke" or "DMARC is failing again."

That assumption is often wrong.

Large receivers increasingly treat message formatting defects as sender-trust problems because badly formed mail is common...

Warm-up is really a trust-building exercise.

The technical side matters, but the bigger question mailbox providers are answering is simple: does this sender look predictable, wanted, and well-controlled as volume increases?

That is why teams sometimes publish SPF, DKIM, and DMARC correctly, the...

Yes, this really happens.

A message can leave the sender with one clean-looking authentication story, then land at Provider A with a DMARC pass and at Provider B with a DMARC fail, or with the same DMARC result but a very different final disposition. That is not necessarily evidence that one recei...

Publishing DMARC is an important milestone, but it is not the finish line for deliverability.

After SPF, DKIM, and DMARC are in place, mailbox providers still make inbox and spam decisions based on sender reputation, user complaints, list quality, traffic consistency, and overall message quality.

If bulk email compliance work is already underway, one-click unsubscribe is usually where teams discover that a footer link is not the same thing as a provider-recognized unsubscribe flow.

That distinction matters now.

Google's Email sender guidelines require bulk senders to support one-click...