Google has announced new requirements for sending email to gmail accounts effective 2024-02-01, and we should ensure we meet those.
Requirements for all senders
- Set up SPF or DKIM email authentication for your domain.
- SPF should be OK. For DKIM I think we currently sign with ed25519 keys only and I think Google only supports RSA keys so we may need to double-sign here.
- Fixed.
- Ensure that sending domains or IPs have valid forward and reverse DNS records, also referred to as PTR records.
- We should be ok.
- Use a TLS connection for transmitting email.
- We should be ok.
- Keep spam rates reported in Postmaster Tools below 0.10% and avoid ever reaching a spam rate of 0.30% or higher.
- No idea, need to check.
- Format messages according to the Internet Message Format standard (RFC 5322).
- I assume we are ok here.
- Don’t impersonate Gmail From: headers. Gmail will begin using a DMARC quarantine enforcement policy, and impersonating Gmail From: headers might impact your email delivery.
- We should be ok, although restricting folks from using non-WMCS domains via our relays might be a smart move. T341004
- Done.
- If you regularly forward email, including using mailing lists or inbound gateways, add ARC headers to outgoing email.
Toolforge does this, and Cloud VPS does not relay emails.We do SRS but not ARC. Will need to fix.
Requirements for high-volume senders
I don't have data on this atm but I would not be surprised if we're over the 5k emails per day threshold.
- Set up DMARC email authentication for your sending domain. Your DMARC enforcement policy can be set to none.
- We don't have a DMARC policy at all at the moment.
- Fixed.
- For direct mail, the domain in the sender's From: header must be aligned with either the SPF domain or the DKIM domain. This is required to pass DMARC alignment.
- Need to check if cron email etc passes this, or if we need to add some more rewrites.
- Marketing messages and subscribed messages must support one-click unsubscribe, and include a clearly visible unsubscribe link in the message body.
- No clue how they define marketing and subscribed messages, but we certainly don't support one-click unsubscribe for anything.