Who counts as a bulk sender for Gmail and Yahoo?

Google draws the line at roughly 5,000 messages a day to Gmail addresses, counted across your domain rather than per IP or per mailbox. Yahoo applies its requirements to high-volume senders in the same spirit. Two things surprise people: the count is to Gmail specifically, not your total send, and once you cross the line the stricter rules stay in force even on a quieter day. If you are anywhere near that volume, treat yourself as a bulk sender and meet every requirement now.

What authentication do bulk senders actually need?

Both SPF and DKIM on the sending domain, not just one of them, plus a published DMARC record. The DMARC policy can start at p=none, but it has to exist and pass, and the domain in the visible From header must align with either the SPF domain or the DKIM domain. Relaxed alignment is acceptable. Every sender, bulk or not, also needs valid forward and reverse DNS on the sending IP and a TLS connection. The authentication mechanics themselves are covered in the DNS-authentication guides this page links to.

Is one-click unsubscribe mandatory?

For marketing and subscribed messages from a bulk sender, yes. You have to include both the List-Unsubscribe and List-Unsubscribe-Post headers so the mailbox provider can show its own unsubscribe button and complete the request with a single HTTPS POST, no landing page or login. Yahoo also wants a visible unsubscribe link in the body and expects requests honored within two days. Transactional mail, like a receipt or a password reset, does not need it.

What spam complaint rate is allowed?

Keep it below 0.3%. Google states it plainly in Postmaster Tools terms and adds that you should stay under 0.1% and never reach 0.3%; Yahoo uses the same 0.3% ceiling, measured against mail that reached the inbox. That works out to about three complaints per thousand delivered messages. Cross it and providers throttle, divert to spam, or reject. Authentication will not save a list that people keep marking as spam.

Do these rules apply if I send through an ESP like Mailchimp or SendGrid?

Yes. The requirements attach to the domain in your From address, not to the platform. A capable sending platform handles SPF, DKIM, reverse DNS, TLS, and the one-click headers for you, which removes most of the technical burden. What stays yours is the DMARC record on your own domain, the alignment of your From address, the quality of your list, and the complaint rate it generates.

Gmail and Yahoo bulk sender requirements (2024)

What changed in February 2024

For years, Gmail and Yahoo published sender "best practices" that read like advice. In February 2024 they stopped being advice. Both providers now enforce a shared set of requirements for bulk senders, and mail that ignores them gets throttled, filtered to spam, or rejected with a bounce.

The two lists are close enough that you can treat them as one. Meet the stricter reading of each rule and you satisfy both. Nothing here is exotic — it is the authentication and list-hygiene work that careful senders were already doing. What changed is that skipping it now costs you delivery instead of a slightly worse open rate.

Are you a bulk sender?

Google's threshold is about 5,000 messages a day to Gmail addresses, measured across your whole domain rather than per IP or per sending tool. Yahoo applies its rules to high-volume senders without publishing a single hard number.

Two details catch people out. The count is to Gmail specifically, so a domain sending 4,000 to Gmail and 20,000 elsewhere is below Google's line for now. And once you cross the threshold, the requirements stay in force — providers do not relax them on a quieter day. If you are anywhere near 5,000 a day, the safe move is to meet every requirement now rather than wait for the first bounce to tell you that you qualified last week.

Most of these rules are good practice for any sender. A small transactional sender still benefits from SPF, DKIM, and clean reverse DNS. The bulk threshold just marks the point where they become mandatory.

The requirements, one by one

Authentication and alignment

Bulk senders need SPF and DKIM on the sending domain — both, not whichever one is easier. On top of that, publish a DMARC record. The policy can start at p=none, but it has to exist and pass, and the domain in your visible From header must align with either the SPF domain or the DKIM domain. Relaxed alignment counts.

This is where most failures actually live, and it is also the part with the most moving pieces, so it has its own cluster. Start with email authentication explained for how SPF, DKIM, and DMARC fit together, then no DMARC record if you have not published one yet. When you are ready to tighten enforcement past p=none, moving DMARC from p=none to p=reject walks through doing it without breaking your own mail.

One-click unsubscribe

Marketing and subscribed messages have to carry a working one-click unsubscribe. In practice that means two headers — List-Unsubscribe with an HTTPS link and List-Unsubscribe-Post — so the mailbox provider can show its own unsubscribe button and complete the request with a single background POST. No landing page, no login, no confirmation step. Yahoo also expects a visible unsubscribe link in the body and wants requests honored within two days.

The headers are easy to get subtly wrong, so the mechanics get their own page: one-click unsubscribe (RFC 8058).

Spam complaint rate

Keep the rate of recipients marking your mail as spam below 0.3%. Google says to stay under 0.1% and never reach 0.3%; Yahoo uses the same 0.3% ceiling, measured against mail that reached the inbox. Roughly, that is three complaints per thousand delivered messages.

No amount of clean authentication offsets a list that people keep reporting. This is a relevance and consent problem, and it is the requirement most likely to creep up on you over time. The full picture — how the rate is measured, why passing DMARC does not lower it, and how to bring it down — is in keep your spam complaint rate below 0.3%.

Infrastructure: reverse DNS and TLS

Every sender, not just bulk ones, needs valid forward and reverse DNS on the sending IP and has to transmit over TLS. The reverse DNS (PTR) record should be meaningful and specific to your host, not a generic provider default. If you send through a managed platform, this is usually handled for you; if you run your own outbound server, it is on you to set up.

Message format

Format messages to the Internet Message Format standard, RFC 5322, with a single valid From address. Do not spoof a Gmail From header on mail that did not come from Gmail. These are baseline rules that any competent mail library already follows, but a misconfigured device or script can still trip them.

How to check where you stand

Run your domain through a health check to confirm SPF, DKIM, DMARC, alignment, reverse DNS, and TLS are all in place — that covers the technical half of the list in one pass. For the two behavioral requirements, send yourself a campaign and confirm the mailbox provider shows its own unsubscribe control, then watch your complaint rate in Google Postmaster Tools and Yahoo's complaint feedback loop. The technical checks you can fix today; the complaint rate you manage over weeks.

What this page does not cover

This is the map, not the territory for authentication. SPF lookup limits, DKIM key rotation, DMARC alignment edge cases, and the staged path to enforcement each have their own guide in the email authentication cluster, and there is no point repeating them here. Treat this page as the checklist of what Gmail and Yahoo require, and follow the links for the how.