When will Gmail update their DMARC policy to quarantine?

Key findings

• Current policy: Gmail's own DMARC policy for gmail.com remains p=none, with sp=quarantine applied to subdomains.
• Sender requirements: As of February 2024, Gmail and Yahoo require bulk email senders to implement DMARC with a policy of p=quarantine or p=reject for emails failing DMARC authentication. This is distinct from Gmail updating its own domain policy.
• No public timeline: Google has not provided an exact date for when gmail.com will transition to a p=quarantine policy at the root level.
• Internal milestones: Experts suggest Google may be waiting for significant reductions in unauthenticated mail using gmail.com in the From address by ESPs before making this change.

Key considerations

• DMARC policy evolution: Implementing a DMARC policy, whether p=none, p=quarantine, or p=reject, is crucial for senders. Learn more about when to use these DMARC policies.
• Gmail deliverability impact: A strong DMARC policy directly impacts your email deliverability to Gmail and your sender reputation, reducing the likelihood of your emails being marked as spam. Understanding how DMARC impacts Gmail deliverability is essential.
• Staying informed: Given Google's general silence on future specific policy changes for its own domain, staying updated through reliable sources is important. Monitor official announcements or trusted industry blogs for any changes.

Key opinions

• High anticipation: Many marketers were bracing for significant disruptions around the February 2024 enforcement date, but some reported initial calm.
• Confusion on gmail.com policy: There's a common misconception that gmail.com itself shifted to p=quarantine, confusing it with the bulk sender requirements.
• Long-term outlook: Many believe a full p=quarantine for gmail.com is still a long way off.
• ESP behavior: Some email service providers (ESPs) are already disallowing or rewriting gmail.com in the From address automatically.

Key considerations

• Compliance readiness: Regardless of Gmail's own policy, marketers must ensure their domains are DMARC compliant to meet the new sender requirements. Learn what to do for Google's new requirements.
• Proactive DMARC implementation: It is advised to gradually move your domain's DMARC policy from p=none to p=quarantine or p=reject to protect against spoofing. Mailgun provides guidance on DMARC policy progression.
• Adaptation of sending practices: Marketers using third-party ESPs should verify how their platforms handle From addresses and DMARC alignment.

Key opinions

• Google's opacity: Experts find that Google typically does not provide early notification for changes to its own domain policies.
• Milestone-driven changes: Future updates to gmail.com's DMARC policy are expected to be tied to internal targets, such as a significant reduction in unauthenticated mail using gmail.com as the sender.
• Policy progression: There is a general expectation that DMARC policies will continue to evolve towards stricter enforcement, including for major mailbox providers' own domains.
• Subdomain vs. root: Distinguishing between the root domain policy (p=) and subdomain policy (sp=) is critical to avoid misinterpretations.

Key considerations

• Monitor reports: Regularly reviewing DMARC reports is essential to understand email authentication performance and compliance. Knowing how to understand DMARC reports from Google and Yahoo is key.
• Proactive policy hardening: While awaiting Google's policy shift, senders should ensure their own domains have robust DMARC policies. A guide on how to safely transition your DMARC policy can be very helpful.
• Stay current: Email deliverability is dynamic, requiring continuous learning and adaptation. SpamResource offers insights into email deliverability trends and policy changes.

Key findings

• Bulk sender mandate: Starting February 2024, Google and Yahoo require bulk senders to implement DMARC.
• Microsoft's alignment: Microsoft will enforce similar DMARC requirements starting May 5, 2025, showing a broader industry trend towards stricter authentication.
• Policy options: Documentation outlines the three DMARC policy actions: none (monitoring), quarantine (move to spam/junk), and reject (block delivery).
• Gradual implementation recommended: Best practices suggest a gradual evolution of a domain's DMARC policy from p=none to p=quarantine and finally p=reject.

Key considerations

• Proactive compliance: Organizations should ensure their DMARC, SPF, and DKIM records are properly configured to meet evolving sender requirements. Our guide on DMARC, DKIM, and SPF updates can help.
• Internal email considerations: A stricter DMARC policy could impact internal email deliverability if not properly configured, especially with aliases or forwarding. Review how DMARC affects internal email.
• Phased approach: Documentation from Enom Customer Support highlights key DMARC requirements for bulk senders by Google and Yahoo, with Microsoft following suit, emphasizing the importance of compliance deadlines. Enom provides details on understanding DMARC requirements.