How to fix “Gmail rejections (Nov 2025)” from Gmail

Since November 2025 your mail to @gmail.com addresses bounces with temporary (4xx) or permanent (5xx) errors referencing authentication or sender guidelines — messages that used to land in spam now don't arrive at all.

Check your domain first — 10 seconds, free, no signup.
See your DMARC policy, SPF lookup count and every issue explained in plain English.
Run the free check →

What this means

In November 2025 Google ended the “soft enforcement” period that started in February 2024 and began rejecting non-compliant bulk senders outright, with both temporary and permanent SMTP errors. The requirements themselves are unchanged: SPF and DKIM passing, a DMARC record aligned with your From domain, one-click unsubscribe for bulk mail, and a spam-complaint rate under 0.3%. Google's Postmaster Tools now shows a simple pass/fail compliance status for your domain.

How to fix it

Step 1. Run the free check below — it shows instantly whether SPF, DKIM and DMARC are in place and aligned for your domain.
Step 2. Fix each sending service separately: your mailbox provider may pass while your newsletter tool or CRM fails.
Step 3. Publish DMARC with at least p=none and a rua address so you can see exactly what Google sees.
Step 4. For newsletters and campaigns: enable one-click unsubscribe (RFC 8058) and honor requests within two days.
Step 5. Check Postmaster Tools' compliance dashboard after 24–48h — it flips to green when requirements are met.

Frequently asked

How long until fixes take effect?

DNS changes propagate within minutes to 48 hours. Mailbox providers pick up the new records on their next check — most senders see bounces stop within a day of correct configuration.

Does this apply if I send fewer than 5,000 emails a day?

Formal enforcement targets bulk senders, but partial authentication already costs you inbox placement at every volume — and spoofing protection matters regardless of how much you send.

Can I just ask my hosting provider to fix it?

Hosting support can add DNS records for you, but they don't know which services send as your domain. You (or a monitoring tool reading your DMARC reports) have to provide that list — that's the actual hard part.

Don't want to babysit DNS records?
DMARCKeeper monitors your reports, names every sender, and walks you to full p=reject protection.
Start free monitoring →