How to Add a DMARC Record to Meet Gmail's 2024 Sender Rules

Starting February 1st, 2024, Gmail and Yahoo! Mail will rollout new requirements for email marketing, newsletters and bulk senders.

The majority of these are common best practices — if you're using a modern email platform like Audienceful, you're already in compliance with the vast majority of the new rules.

DMARC is the only new requirement you may need to setup yourself. Luckily this only requires adding a simple DNS record to your domain. In this how-to guide, we'll get you up to speed and DMARC-compliant in less than 5 minutes.

What the heck is DMARC?

DMARC is a way for inbox providers to verify the sender of an email is who they claim to be, and prevent spoofing.

When the email protocol (SMTP) was first created, issues like spam and fraud were non-existent. So spoofing email addresses (eg. sending emails that appear to be from tim@apple.com) has always been surpisingly easy.

DMARC was created in the early 2010s to combat this.

How to generate and add a DMARC record to your domain

Here's how to generate a record for domain authentication:

1. Use a free DMARC record generator like MxToolbox or EasyDMARC or Dmarcian. They all do basically the same thing and offer free monitoring, so any one will do.
2. Make sure to enter the correct domain or subdomain that you send emails from (company.com vs. mail.company.com). Click generate.
3. Add the record to your domain's DNS provider. If you aren't sure, usually your DNS is hosted where you purchased your domain (Namecheap, GoDaddy, etc.) or on the web host you are using (Squarespace, Webflow, Digital Ocean, etc.)

DNS changes may take 24 hours to propagate. Just test that the record is authenticating properly, and you're good to go!

How to test if your emails pass DMARC authentication

To test your DMARC record is passing and properly aligned, do the following:

1. Send an email from your domain to your Gmail account and open it on Desktop webmail (mail.google.com)
2. When viewing the email, click the 3 vertical dots in the top right corner. You should see a submenu, click on <> View Original.
3. This reveals the raw code of your email. You should see a table near the top showing SPF, DKIM, and DMARC.

If the DMARC row says "PASS" you're all set!

Do I qualify as a bulk sender to Gmail/Yahoo?

The official policy is that a DMARC record is only required if sending emails to over 5,000 Gmail or Yahoo email addresses in a day (note: workspace user emails are counted towards this quota).

However, we highly recommend all email marketers implement it regardless.

Gmail is likely to tighten up this limit in the future, and its likely many inbox providers have been using DMARC as a deliverability signal already.

Why is Gmail only now requiring DMARC?

It's true that DMARC is roughly a decade old at this point, and has been considered best practice for years. So why haven't they required it before?

The problem is that adding DNS records to your domain can be tough for non-technical small business owners, and Gmail has wanted to be accommodating to these folks (they buy lots of ads on Google).

However, fraud, phishing and spam have gotten worse over the years, so Google has finally decided the risk of shutting out non-technical small businesses is worth it for finally cleaning up their email inboxing practices.

What happens if I don't implement DMARC?

We've summarized the timeline for enforcement and the specific consequences below:

• Yahoo’s Rollout: Starts in February 2024, focusing on authentication and complaint rates, with stricter rules for bulk senders from June 2024.
• Google’s Rollout: Gradual enforcement begins in February 2024 with temporary errors, escalating to email rejections in April 2024. Also, all bulk senders must incorporate a one-click unsubscribe by June 1, 2024 (already implemented for all Audienceful users so no need to worry about this).