In late 2023, Google, Yahoo, and Apple introduced new sender authentication requirements to provide their end users with a safer email experience.   Microsoft followed suit in mid 2025 by introducing new bulk sender requirements. Google updated its guidance in 2025, stating that they would ramp up enforcement on non-compliant traffic.

Even if you don’t use one of these providers, you need to pay attention as the requirements apply to organizations that send to these providers.

The requirements apply to organizations that send more than 5,000 emails per day. These policy changes are meant to benefit the end recipient and ensure that both users can trust the mail they receive. For many senders, the new requirements won’t impact their email programs, but for others, these changes will mean they’ll need to re-examine their current email authentication and sending practices. Emails that do not meet these requirements may be rejected, throttled, or marked as spam by providers.

The key requirements are to:

a) ensure you authenticate your sent mail using SPF, DKIM, and DMARC, and at a minimum send from a domain with a DMARC policy of at least p=none;

b) have a valid forward and reverse DNS record for your sending IP addresses;

c) comply with RFC 5321 "Simple Mail Transfer Protocol" and RFC 5322 "Internet Message Format";

d) provide one-click unsubscribe links;

e) do not send unsolicited email.

For general help with configuring SPF, DKIM, and DMARC, please refer to:

• "Implement SPF records for Email Security.cloud" - https://knowledge.broadcom.com/external/article?articleNumber=161394
• "Configuring DKIM signing for outbound mail" - https://knowledge.broadcom.com/external/article/171225/configuring-dkim-signing-for-outbound-ma.html
• "Adding a DMARC Record" - https://knowledge.broadcom.com/external/article?articleNumber=178782

Please note that forward and reverse DNS records are already in place for all emails routed via Email Security.cloud.  However, it is good practice to ensure you have these records in place for your own mail servers. Also, if you are using modern commercial email software or a cloud mailbox service such as Microsoft Office 365, you are likely already RFC 5321 and RFC 5322-compliant. If you are using custom-developed email-sending applications, we recommend you verify that their behavior is RFC-compliant.

References:

• Valimail
  • Guide to compliance requirements for all providers - provided by Valimail
• Yahoo
  • Sender Best Practices
• Google 
• •         New Gmail protections for a safer, less spammy inbox
  •         Google Email Sender Guidelines 
  •         Google Email Sender Guidelines FAQ
• Microsoft
• • Strengthening Email Ecosystem: Outlook’s New Requirements for High‐Volume Senders | Microsoft Community Hub

•  Apple

• •     Postmaster information for iCloud Mail - Apple Support