Gmail bounces your mail with “This mail is unauthenticated, which poses a security risk to the sender and Gmail users”.
Check your domain first — 10 seconds, free, no signup.
See your DMARC policy, SPF lookup count and every issue explained in plain English. Run the free check →
What this means
Since February 2024 Google requires bulk senders to pass SPF and DKIM with DMARC alignment. Mail that fails both checks gets the 5.7.26 refusal.
How to fix it
Step 1. Verify SPF and DKIM both pass for your actual sending service — not just your mailbox.
Step 2. Check alignment: the domain in your From: header must match the domain SPF/DKIM validated.
Step 3. Publish DMARC with at least p=none and a rua address so you can see what Google sees.
Step 4. For newsletters: enable one-click unsubscribe headers — it's part of the same requirement set.
Frequently asked
How long until fixes take effect?
DNS changes propagate within minutes to 48 hours. Mailbox providers pick up the new records on their next check — most senders see bounces stop within a day of correct configuration.
Does this apply if I send fewer than 5,000 emails a day?
Formal enforcement targets bulk senders, but partial authentication already costs you inbox placement at every volume — and spoofing protection matters regardless of how much you send.
Can I just ask my hosting provider to fix it?
Hosting support can add DNS records for you, but they don't know which services send as your domain. You (or a monitoring tool reading your DMARC reports) have to provide that list — that's the actual hard part.
Don't want to babysit DNS records? DMARCKeeper monitors your reports, names every sender, and walks you to full p=reject protection. Start free monitoring →