Why Gmail Is Blocking Your Email (and How To Fix It)

Why Is Gmail Blocking Unauthenticated Email?

Support forums in recent months have been full of help requests from people having their emails rejected with an unauthenticated email error message:

550-5.7.26 This mail is unauthenticated, which poses a security risk to the sender and Gmail users, and has been blocked. The sender must authenticate with at least one of SPF or DKIM. For this message, DKIM checks did not pass and SPF check for [domain] did not pass with ip: [IP address]. The sender should visit https://support.google.com/mail/answer/81126#authentication for instructions on setting up authentication. – gsmtp

If you visit the URL included in the error message, you’ll see Google’s authentication requirements for sending to Gmail accounts.

These guidelines state that Google performs random checks on messages sent to personal email accounts to ensure the emails have been authenticated.

It goes on to specify that the domain your email is sent from should have either SPF or DKIM records for authentication.

The 5.7.26 error above is triggered when an email fails both of these authentication methods. The email will also either be rejected or sent to the spam folder.

Essentially, Google has tightened up on its security checks for email to try to reduce the number of spam emails, phishing emails, and other malicious messages that are sent to Gmail users.

Google and Yahoo’s New Mail Sending Requirements

Google isn’t the only mail provider that is adding extra requirements for mail received to its users’ inboxes.

Yahoo has also announced that emails sent to a Yahoo mailbox must be properly authenticated.

For Gmail, the new sender requirements will be enforced from February 1st, 2024, and Yahoo has also specified the first quarter of 2024. So if you haven’t already authorized your sending domain with SPF, DKIM, and DMARC, now is the time to do so.

For now, only bulk senders (those sending more than 5,000 emails a day) will be affected by the new rules. But as these sender requirements have long been considered “best practice” for sending marketing and bulk emails, it’s recommended to follow the guidelines even if you are sending fewer emails.

The new guidelines for both providers can be summarized as a few main requirements:

1. Authenticate outgoing email: Use industry standards such as SPF, DKIM, and DMARC to authenticate your sending domain.
2. Enable easy unsubscription: Make it easy for subscribers to remove themselves from your list in just one click.
3. Don’t send unwanted mail: Mail sent from senders with a spam rate above a certain threshold is likely to be blocked. Spam rates should be below 0.3% and senders should aim for a spam rate of 0.1% or less.
4. Use a TLS connection for transmitting email: In December 2023, Google added this requirement for all senders who send mail to Gmail accounts. Previously SSL connections, which are less secure, were acceptable but this will no longer be the case. You should check the settings of your outgoing mail client and any software or app using a custom SMTP email connection to ensure you have specified TLS as the security protocol.

What Are SPF, DKIM, and DMARC?

SPF and DKIM are authentication protocols that are set up in the DNS records for your domain and are available for mail servers to authenticate incoming emails.

Sender Policy Framework (SPF) prevents spammers or unauthorized users from sending email that claims to be from your domain. It includes a list of all IPs that are authorized to send emails from your domain. When a mail server checks the SPF record, it will be able to authenticate that your email was genuinely sent from your domain or an approved IP. If you have not set up an SPF record, this authentication check will fail. 

DomainKeys Identified Mail (DKIM) verifies that messages sent from your domain have not been changed or tampered with since they left your outgoing mail server and were received by Google’s incoming mail server.

Domain Message Authentication, Reporting, and Conformance (DMARC) specifies what to do with an email if either SPF or DKIM authentication fails.

DMARC authentication helps senders monitor emails sent from their domain, so they can quickly become aware of any mail spoofing attempts.

How to Set Up SPF, DKIM, and DMARC to Authenticate Your Emails

Your SPF, DKIM, and DMARC records are stored in your DNS settings, which you should find in the control panel for your domain. 

If you’re not sure where to access your DNS settings, contact your web host or domain provider for advice.

You will need to create the SPF, DKIM, and DMARC records to add to your DNS settings. The process for this can be a little complicated, so if you’ve not done it before, you should ask your email service provider to supply these or give you further instructions on setting them up.

Alternatively, you can use SendLayer to set up authentication for you.

SendLayer is an SMTP email delivery service that improves your email deliverability by authenticating your domain.

Additionally, SendLayer protects the sender reputation of your domain by setting up a subdomain for outgoing emails. The platform also includes tools for logging your emails and tracking email delivery status, opens, and unsubscribes, so you’ll know immediately if there are any issues.

Setting Up Email Authentication in SendLayer

SendLayer offers several plans, depending on the volume of emails you send each month. You can sign up by visiting the pricing page, choosing a plan, and clicking the Get Started button.

SendLayer also offers a free trial, so you can try it out before signing up for a paid plan. To sign up for the free trial, click the link at the bottom of the pricing table.

Once you’ve created your account, log into your SendLayer dashboard.

Adding and Authorizing Your Domain

You will need to add the domain you’ll be sending email from to your SendLayer account. Click the Add Domain button in the top right to enable SendLayer to create SPF and DKIM records for your domain.

Type in your domain and click the Add Domain button.

SendLayer will generate 5 new DNS records for you. These records include:

• A record to define a subdomain used exclusively for sending email (this protects the reputation of your root domain)
• A DMARC record, which tells mail servers what to do if messages fail authentication
• An SPF record for authentication
• A DKIM record for authentication
• A TXT record to verify domain ownership

You should add these DNS records to your domain DNS settings in your web hosting account or domain management control panel. See our complete domain setup guide for more help with this.

Once you’ve added all 5 DNS records to your domain, go back to SendLayer, tick the box, I have added these DNS records and am ready to proceed, and click the Verify DNS Records button.

To make sure your domain has been authorized, navigate to Settings in the sidebar menu of your SendLayer dashboard and scroll down to the DNS Records & Settings section.

If SendLayer has been successful in verifying your domain’s DNS records, you will see a green checkmark in the Status column.

To use SendLayer’s SMTP for sending emails,  you’ll need to configure custom SMTP settings on your website or use SendLayer’s API to integrate with the platform that’s sending out emails on your behalf.

SendLayer integrates with WordPress, WooCommerce, Magento, and over 1,000 other apps. Read the getting started documentation for more information on integrating with SendLayer.

How to Check if Gmail Is Blocking Emails From Your Domain

If Gmail is blocking your emails, they will be bounced back with an error message.

You should check your mail server logs for errors regularly. If many emails are failing or bouncing, you should resolve the issue quickly to avoid damage to your sender reputation.

SendLayer includes email logs in your account dashboard and can send notifications of failed messages so you can be aware of any problems as soon as they occur.

If your domain has been added to the Gmail blacklist, you will see error messages with the code 421 or 550. If this is the case, you will need to contact Google to submit an unblock request.

However, it can take weeks before Google removes your IP from its blocklist, and you’ll need to prove you’ve taken steps to improve your sender reputation. So it’s best to follow best practices from the start to avoid inadvertantly being blocked.

Best Practices for Sending to Gmail Accounts

If you’ve set up SPF and DKIM records for your domain and ensured your emails are being authenticated, there may be another reason why Gmail is blocking your emails.

Ensure you’re following these guidelines when sending email campaigns to subscribers who use Gmail.

• Send email to engaged users only: make sure subscribers want to receive mail from you and clean your lists regularly to remove unengaged users.
• Make it easy to unsubscribe: Include a clear unsubscribe link in marketing emails and consider setting up one-click unsubscribe to avoid spam complaints.
• Make sure recipients opt-in to receive emails from you: Don’t automatically subscribe users to mailing lists, and consider a double opt-in to confirm before adding them to a list.
• Increase sending volume slowly: It looks suspicious if you suddenly start sending a high volume of emails, particularly if your domain is new. Instead, increase the number of emails you send out slowly and consider spreading the emails you send over a period of time instead of sending mass emails all at once.
• Don’t purchase email lists from other companies: While buying email lists isn’t illegal in most locations, it’s certainly frowned upon, increases the risk a user will report spam, and can damage your sender reputation.

Prevent Mail Sent to Gmail Users From Being Blocked or Sent to Spam

Aside from these bulk sender guidelines, there are a few other things you can try to make sure your transactional emails and other email messages aren’t rejected or end up in the spam box instead of the Gmail inbox.

• Monitor the reputation of your sending domain: Gmail will block emails from your domain if it has a poor sender reputation. You can use a tool like Google Postmaster Tools (also take a look at our guide to setting up Postmaster Tools) or MXToolBox to check your domain’s reputation
• Monitor the reputation of shared IP addresses: If your website is hosted on a shared server, it’s possible that other users on the same IP may have engaged in undesirable email practices. Keep an eye on the reputation of your IP to make sure it hasn’t been added to any blocklists.
• Send email from a subdomain: Setting up a subdomain that is used only for sending emails will protect the reputation of your main domain name.
• Monitor your email bounce rate: Gmail may block emails you send if your bounce rate is high. While it’s impossible to eliminate all email bounces, you can use an email suppression list to remove invalid email addresses and help keep your bounce rate to a minimum.
• Keep marketing emails and transactional emails separate: Be careful about including promotional content in transactional emails. While it’s generally okay to send a coupon or link to a promotion in a transactional email from time to time, keep this to a minimum.
• Avoid sending emails with attachments or lots of images: Google may flag emails if the content is suspicious or looks spammy.
• Write your email subject lines carefully: Certain words can trigger spam filters, so be sure you’re following best practices for writing email subject lines.
• Don’t send emails from a brand new domain: Gmail and other mail servers will often automatically reject emails if the domain has been recently registered and is sending out messages in bulk. If you just registered a new domain, it’s best to wait a few months and warm up the domain gradually before you start sending emails from your site.

FAQs

We get a lot of support requests from users having issues with Gmail blocking their emails. Here are some of the most common questions we receive: