What the new Gmail security requirements will mean for your users

Blog Post - Email Security

On October 3rd, 2023, Google announced a series of crackdowns aimed at improving email security and reducing spam for their users.

Set to roll out in February 2024, these new measures build on existing anti-spam policies to ensure that Gmail users are less likely to fall prey to stolen email address scams and phishing attempts.

The implications for end-users of bulk email systems are clear:

  • Daily limits on how many emails can be sent

  • Required DKIM/SPF configuration for companies sending over 5,000 emails per day

  • Spam rate thresholds - an industry first

So what does this mean for platforms that allow their users to send bulk email, such as CRMs and marketing automation tools?

In short, it means that what was once merely a best practice will now be a requirement, and all users of these tools will have to set up DKIM and SPF records.

What the heck is a DKIM record?

First, an overview: DKIM records are DNS records specifically formatted for email authentication. It's a way of verifying that the email sender owns the domain that the email is coming from, and that they are responsible for it.

The impact of DKIM (and other DNS records) on deliverability

Setting up email-related DNS records for custom email domains has always been a best practice. These records tell email service providers (ESPs) like Google that you're the real deal, and prevent emails from winding up in spam.

For bulk email senders, such as email marketers, and especially for cold emailers, setting up these records has been an essential part of ensuring their campaigns reach their recipients. Open rates will inherently suck if your emails aren't actually getting delivered.

But where in the past setting up these records was just good sense, Google's new standards make setting up email-related DNS records a mandatory minimum.

Talking users through this process is...complicated

The reality is that setting up DNS records in general is a complex, technical process that most users have no awareness of or experience with. Email-related DNS records such as DKIM and SPF are particularly tricky. What's more, since most users are using a 3rd-party ESP in tandem with marketing and sales tools, the process is even more complex.

Herein lies the dilemma: If Google is requiring these records going forward, how do you get users on board, without creating all-out chaos in your support tickets?

If you're a website builder, a CRM, an outbound email tool - anything involving custom domains - your support team knows all about DNS configuration. It's a technical and 100% essential piece of the onboarding process that results in slower user activation, tons of support tickets, and plenty of frustrated users.

Problem 1: Who is the DNS provider anyway?

In order to set up DKIM records, users need to log in to their DNS provider account. Plenty of users have absolutely no idea who that is.

It's not always the company the user bought their domain from, or even the hosting provider they use.

Problem 2: Correctly inputting DKIM, SPF, and DMARC records

There are three types of DNS records users may have to set up for their email-sending domain:

  • DKIM

  • SPF


The fun part: Each of these records gets added in a different way. For example, DKIM records get replaced entirely when updated, and new SPF records can be appended to existing entries.

It's a frustrating process that the average non-technical marketing or sales user has little to no experience with, and it's 100% unique to each DNS provider and SaaS tool to boot.

Problem 3: You have to send your users outside of your app

Any process that requires a user to leave your application is the bane of every product designer's existence.

You lose the user's path, you lose their analytics, the ability to troubleshoot – and you can even lose them to a competing product (plenty of DNS providers now sell website builders and email marketing solutions as well).

Meet Google's new email security requirements automagically, with Entri

We're not winding you up and leaving you hanging – the good news is, there's an easy way to ensure all of your users set up the required DNS records for bulk emailing, without doubling the size of your support staff.

Entri Connect is an API for DNS configuration that automatically sets up the required DNS records across over 40 DNS providers. Whatever records you need your users to add, Entri will automatically send the records in the correct format to your user's DNS provider (and even detect the domain's DNS provider for your user).

The process takes all of the friction out of secure email sending, and ensures high deliverability scores and happy customers on your end.

See Entri Connect in action -> Launch instant demo