What Are the Google and Microsoft Bulk-Sender Requirements?

TL;DR

In February 2026, Google and Microsoft tightened the authentication and deliverability rules that apply to senders sending high volumes of email, extending requirements first introduced for Gmail/Yahoo bulk senders in 2024 — senders on shared IPs without proper authentication reportedly saw the steepest drops in deliverability.

What changed

Google and Microsoft further tightened bulk-sender requirements in February 2026, building on the authentication rules both providers (along with Yahoo) had already been enforcing since 2024. Industry reporting describes senders relying on shared IP pools without strong authentication as seeing the steepest deliverability drops from this round of changes — some reports cite drops in the 30-50% range for affected senders.

The rules generally require correctly configured SPF, DKIM, and DMARC records, a one-click unsubscribe mechanism, and staying under a low spam-complaint-rate threshold, for anyone sending above a certain daily volume to that provider’s users.

Who this affects most

Any sender pushing meaningful cold-email volume through Gmail or Outlook-hosted recipients is in scope, not just large marketing senders — the threshold has historically been in the low thousands of messages per day to a single provider. Senders on shared sending infrastructure without dedicated IPs and solid authentication are the most exposed, since a poorly-behaving neighbor on the same IP can drag down deliverability for everyone on it.

How to stay compliant

The practical checklist: authenticate every sending domain with SPF, DKIM, and DMARC (not just SPF alone), include a working one-click unsubscribe link in every message, keep spam-complaint rates low through good list hygiene and targeting, and consider a dedicated IP if you’re sending meaningful cold-outreach volume.

Frequently asked questions