Have you become aware of Gmail blocking email you send to website users or subscribers on your mailing list?
Gmail has recently started rejecting emails that fail authentication checks. While Google has always had stringent authentication checks for mail sent over IPv6, the same checks are now being applied to all emails, whether they are sent over IPv4 or IPv6.
If you’re having issues with Gmail blocking emails sent from your domain, you’ll need to take steps to ensure your mail is being properly authenticated.
We’ve put together this guide to help explain the issue and walk you through the steps to resolve it.
- Why Is Gmail Blocking Unauthenticated Email?
- Google and Yahoo’s New Mail Sending Requirements
- What Are SPF, DKIM, and DMARC?
- How to Set Up SPF, DKIM, and DMARC to Authenticate Your Emails
- How to Check if Gmail Is Blocking Emails From Your Domain
- Best Practices for Sending to Gmail Accounts
- Prevent Mail Sent to Gmail Users From Being Blocked or Sent to Spam
- FAQs
Why Is Gmail Blocking Unauthenticated Email?
Support forums in recent months have been full of help requests from people having their emails rejected with an unauthenticated email error message:
550-5.7.26 This mail is unauthenticated, which poses a security risk to the sender and Gmail users, and has been blocked. The sender must authenticate with at least one of SPF or DKIM. For this message, DKIM checks did not pass and SPF check for [domain] did not pass with ip: [IP address]. The sender should visit https://support.google.com/mail/answer/81126#authentication for instructions on setting up authentication. – gsmtp
If you visit the URL included in the error message, you’ll see Google’s authentication requirements for sending to Gmail accounts.
These guidelines state that Google performs random checks on messages sent to personal email accounts to ensure the emails have been authenticated.
It goes on to specify that the domain your email is sent from should have either SPF or DKIM records for authentication.
The 5.7.26 error above is triggered when an email fails both of these authentication methods. The email will also either be rejected or sent to the spam folder.
Essentially, Google has tightened up on its security checks for email to try to reduce the number of spam emails, phishing emails, and other malicious messages that are sent to Gmail users.
Google and Yahoo’s New Mail Sending Requirements
Google isn’t the only mail provider that is adding extra requirements for mail received to its users’ inboxes.
Yahoo has also announced that emails sent to a Yahoo mailbox must be properly authenticated.
For Gmail, the new sender requirements will be enforced from February 1st, 2024, and Yahoo has also specified the first quarter of 2024. So if you haven’t already authorized your sending domain with SPF, DKIM, and DMARC, now is the time to do so.
For now, only bulk senders (those sending more than 5,000 emails a day) will be affected by the new rules. But as these sender requirements have long been considered “best practice” for sending marketing and bulk emails, it’s recommended to follow the guidelines even if you are sending fewer emails.
The new guidelines for both providers can be summarized as a few main requirements:
- Authenticate outgoing email: Use industry standards such as SPF, DKIM, and DMARC to authenticate your sending domain.
- Enable easy unsubscription: Make it easy for subscribers to remove themselves from your list in just one click.
- Don’t send unwanted mail: Mail sent from senders with a spam rate above a certain threshold is likely to be blocked. Spam rates should be below 0.3% and senders should aim for a spam rate of 0.1% or less.
- Use a TLS connection for transmitting email: In December 2023, Google added this requirement for all senders who send mail to Gmail accounts. Previously SSL connections, which are less secure, were acceptable but this will no longer be the case. You should check the settings of your outgoing mail client and any software or app using a custom SMTP email connection to ensure you have specified TLS as the security protocol.
What Are SPF, DKIM, and DMARC?
SPF and DKIM are authentication protocols that are set up in the DNS records for your domain and are available for mail servers to authenticate incoming emails.
Sender Policy Framework (SPF) prevents spammers or unauthorized users from sending email that claims to be from your domain. It includes a list of all IPs that are authorized to send emails from your domain. When a mail server checks the SPF record, it will be able to authenticate that your email was genuinely sent from your domain or an approved IP. If you have not set up an SPF record, this authentication check will fail.
DomainKeys Identified Mail (DKIM) verifies that messages sent from your domain have not been changed or tampered with since they left your outgoing mail server and were received by Google’s incoming mail server.
Domain Message Authentication, Reporting, and Conformance (DMARC) specifies what to do with an email if either SPF or DKIM authentication fails.
DMARC authentication helps senders monitor emails sent from their domain, so they can quickly become aware of any mail spoofing attempts.
How to Set Up SPF, DKIM, and DMARC to Authenticate Your Emails
Your SPF, DKIM, and DMARC records are stored in your DNS settings, which you should find in the control panel for your domain.
If you’re not sure where to access your DNS settings, contact your web host or domain provider for advice.
You will need to create the SPF, DKIM, and DMARC records to add to your DNS settings. The process for this can be a little complicated, so if you’ve not done it before, you should ask your email service provider to supply these or give you further instructions on setting them up.
Alternatively, you can use SendLayer to set up authentication for you.
SendLayer is an SMTP email delivery service that improves your email deliverability by authenticating your domain.
Additionally, SendLayer protects the sender reputation of your domain by setting up a subdomain for outgoing emails. The platform also includes tools for logging your emails and tracking email delivery status, opens, and unsubscribes, so you’ll know immediately if there are any issues.
Setting Up Email Authentication in SendLayer
SendLayer offers several plans, depending on the volume of emails you send each month. You can sign up by visiting the pricing page, choosing a plan, and clicking the Get Started button.
SendLayer also offers a free trial, so you can try it out before signing up for a paid plan. To sign up for the free trial, click the link at the bottom of the pricing table.
Once you’ve created your account, log into your SendLayer dashboard.
Adding and Authorizing Your Domain
You will need to add the domain you’ll be sending email from to your SendLayer account. Click the Add Domain button in the top right to enable SendLayer to create SPF and DKIM records for your domain.
Type in your domain and click the Add Domain button.
SendLayer will generate 5 new DNS records for you. These records include:
- A record to define a subdomain used exclusively for sending email (this protects the reputation of your root domain)
- A DMARC record, which tells mail servers what to do if messages fail authentication
- An SPF record for authentication
- A DKIM record for authentication
- A TXT record to verify domain ownership
You should add these DNS records to your domain DNS settings in your web hosting account or domain management control panel. See our complete domain setup guide for more help with this.
Once you’ve added all 5 DNS records to your domain, go back to SendLayer, tick the box, I have added these DNS records and am ready to proceed, and click the Verify DNS Records button.
Note: changes to your domain DNS settings can take time to propagate across the internet. You may need to wait up to 48 hours until SendLayer can verify your DNS settings.
To make sure your domain has been authorized, navigate to Settings in the sidebar menu of your SendLayer dashboard and scroll down to the DNS Records & Settings section.
If SendLayer has been successful in verifying your domain’s DNS records, you will see a green checkmark in the Status column.
To use SendLayer’s SMTP for sending emails, you’ll need to configure custom SMTP settings on your website or use SendLayer’s API to integrate with the platform that’s sending out emails on your behalf.
SendLayer integrates with WordPress, WooCommerce, Magento, and over 1,000 other apps. Read the getting started documentation for more information on integrating with SendLayer.
How to Check if Gmail Is Blocking Emails From Your Domain
If Gmail is blocking your emails, they will be bounced back with an error message.
You should check your mail server logs for errors regularly. If many emails are failing or bouncing, you should resolve the issue quickly to avoid damage to your sender reputation.
SendLayer includes email logs in your account dashboard and can send notifications of failed messages so you can be aware of any problems as soon as they occur.
If your domain has been added to the Gmail blacklist, you will see error messages with the code 421 or 550. If this is the case, you will need to contact Google to submit an unblock request.
However, it can take weeks before Google removes your IP from its blocklist, and you’ll need to prove you’ve taken steps to improve your sender reputation. So it’s best to follow best practices from the start to avoid inadvertantly being blocked.
Best Practices for Sending to Gmail Accounts
If you’ve set up SPF and DKIM records for your domain and ensured your emails are being authenticated, there may be another reason why Gmail is blocking your emails.
Ensure you’re following these guidelines when sending email campaigns to subscribers who use Gmail.
- Send email to engaged users only: make sure subscribers want to receive mail from you and clean your lists regularly to remove unengaged users.
- Make it easy to unsubscribe: Include a clear unsubscribe link in marketing emails and consider setting up one-click unsubscribe to avoid spam complaints.
- Make sure recipients opt-in to receive emails from you: Don’t automatically subscribe users to mailing lists, and consider a double opt-in to confirm before adding them to a list.
- Increase sending volume slowly: It looks suspicious if you suddenly start sending a high volume of emails, particularly if your domain is new. Instead, increase the number of emails you send out slowly and consider spreading the emails you send over a period of time instead of sending mass emails all at once.
- Don’t purchase email lists from other companies: While buying email lists isn’t illegal in most locations, it’s certainly frowned upon, increases the risk a user will report spam, and can damage your sender reputation.
Prevent Mail Sent to Gmail Users From Being Blocked or Sent to Spam
Aside from these bulk sender guidelines, there are a few other things you can try to make sure your transactional emails and other email messages aren’t rejected or end up in the spam box instead of the Gmail inbox.
- Monitor the reputation of your sending domain: Gmail will block emails from your domain if it has a poor sender reputation. You can use a tool like Google Postmaster Tools (also take a look at our guide to setting up Postmaster Tools) or MXToolBox to check your domain’s reputation
- Monitor the reputation of shared IP addresses: If your website is hosted on a shared server, it’s possible that other users on the same IP may have engaged in undesirable email practices. Keep an eye on the reputation of your IP to make sure it hasn’t been added to any blocklists.
- Send email from a subdomain: Setting up a subdomain that is used only for sending emails will protect the reputation of your main domain name.
- Monitor your email bounce rate: Gmail may block emails you send if your bounce rate is high. While it’s impossible to eliminate all email bounces, you can use an email suppression list to remove invalid email addresses and help keep your bounce rate to a minimum.
- Keep marketing emails and transactional emails separate: Be careful about including promotional content in transactional emails. While it’s generally okay to send a coupon or link to a promotion in a transactional email from time to time, keep this to a minimum.
- Avoid sending emails with attachments or lots of images: Google may flag emails if the content is suspicious or looks spammy.
- Write your email subject lines carefully: Certain words can trigger spam filters, so be sure you’re following best practices for writing email subject lines.
- Don’t send emails from a brand new domain: Gmail and other mail servers will often automatically reject emails if the domain has been recently registered and is sending out messages in bulk. If you just registered a new domain, it’s best to wait a few months and warm up the domain gradually before you start sending emails from your site.
FAQs
We get a lot of support requests from users having issues with Gmail blocking their emails. Here are some of the most common questions we receive:
Why is Gmail rejecting my forwarded emails?
Gmail may detect forwarded emails as email spoofing in some cases. This happens if your forwarding mail server is modifying messages before sending them. To avoid this, make sure you have set up SPF and DKIM authentication for your sending domain. You should also avoid modifying messages. This may be done automatically by third-party software such as virus checkers.
How to know if someone blocked you on Gmail?
Even if Gmail successfully authenticates your email, individual users can request to block all email from a specified email sender. This will route all emails from this address or domain to the spam box. While there’s no way to know for sure if a user has blocked your sender address in their “Filters and blocked addresses” settings, you can monitor your mail logs to check for spam reports and unsubscribes.
How do I know if Gmail has blacklisted my domain?
There are several free services you can use to check if your IP or domain has been added to a public email blacklist. You can also monitor your email logs for error messages that indicate your domain has been blocked.
What is the difference between Gmail blocking email and the Gmail spam filter?
Gmail uses a filter to decide if an email is spam or not. This filter includes many pre-defined criteria, and it’s possible for some of your emails to be marked as spam, while others are not. However, if Gmail has added your IP or sending domain to the blocklist, it will be automatically rejected before it is checked by the spam filter.
Why is Gmail suddenly blocking emails?
If you’ve been sending emails successfully to Gmail users and they’ve suddenly started being blocked, this may be because you are not authenticating your emails properly. Google recently started rejecting all unauthenticated emails, so ensure you have set up SPF and DKIM records for your sending domain.
That’s it! Now you know why Gmail is blocking your email and how to fix it.
Next, would you like to learn more about sending email from a subdomain? Check out our article on why you should send email from a subdomain for more information.
2 comments on "Why Gmail Is Blocking Your Email (and How To Fix It)"
Can’t send an email. My list is blocked. I need help to solve
Hi Mary, could you give me a bit more information? Are you using SendLayer? If so, please get in touch with technical support, who will be happy to help you solve your problem!