It’s not too complicated to follow Google and Yahoo’s new bulk sender requirements, which go into effect February 1st, 2024.
With one exception.
There’s a subset of GMass users who are sending from a gmail.com address (NOT a paid Google Workspace account where you’re using your own domain) and using a SMTP server to send higher volumes of emails.
One of the new Google requirements states you’re no longer allowed to “impersonate” the gmail.com domain by sending from a gmail.com account through a non-Google server.
And… um… that’s exactly what was happening when you’re sending through a SMTP server using a gmail.com account.
So we’ve come up with a complex and robust solution to make sure GMass users sending with the Gmail + SMTP combo can meet the new requirements and become DMARC compliant.
Even if you’re a gmail.com + SMTP user who’s not a bulk sender, this is still a useful solution for you as well. Achieving DKIM alignment with DMARC should also be a nice deliverability benefit for your campaigns.
Plus, even though this is a complex solution, it’s almost exclusively complex on our end.
We take care of pretty much the entire process automatically for you. (The only exception, which I’ll cover near the end of the article, is if you’re using a particularly tricky SMTP service like SendGrid. But even that setup process isn’t prohibitively complex.)
Here’s our method for making sure GMass’s Gmail users sending with an SMTP server will be DMARC compliant — and compliant with Google and Yahoo’s new sender requirements.
DMARC Compliance for Gmail.com with SMTP: Table of Contents
- How It Works
- Setup Instructions If You’re Using GMass’s In-House SMTP Server
- Setup Instructions If You’re Using Your Own Third-Party SMTP Account
- Not a GMass User Yet?
How It Works
When you send a message through GMass from your gmail.com account through a SMTP server, you’ll fail DMARC.
Before, that wasn’t a problem. But with the new sender policies, it is. The DMARC policy for gmail.com is changing to “quarantine” on failed emails… so your messages won’t be delivered.
But with GMass’s new system, you’ll pass DMARC.
Here’s what happens behind the scenes to make that happen…
- We replace your From address with a domain we control. You get your own stand-in email address and custom subdomain at either gmuser.net or gmusers.net.
- We automatically create a DKIM entry for you in the GMass DKIM settings area.
- We create a DNS record for you at the custom subdomain we created for you using that DKIM entry.
- We activate the DKIM record.
- Because the domain in DKIM now matches the From domain, DMARC will pass.
This method allows us to control the DKIM signing, so DMARC can pass DKIM alignment. The From domain matches the domain in the DKIM record we set up, so DMARC passes.
How we make replies work
Since your email officially comes from the stand-in address, we need to make sure replies still go to your main address.
We force the Reply-To header in the email to be your actual email address, not the replacement address — meaning replies will still go to you.
That works in the vast majority of cases (since most email platforms support the Reply-To header). But even if an email platform doesn’t respect the Reply-To header and sends the reply back to you at the replacement domain, it will still count as a reply to you and our custom mail server will forward it into your inbox normally.
Note: If you set your own Reply-To address in the GMass settings box for the campaign, we won’t override that.
How we make bounces work
If you send a message that bounces, the bounce message will go to your rewritten address.
However, in most cases, the custom mail server we have set up will forward it right to your Gmail inbox, GMass will detect the bounce instantly, and the recipient will go on your bounce list. (Exceptions can happen if the SMTP service you’re using doesn’t properly thread the bounce and/or strips out the bounce message. We’re keeping an eye out for those scenarios.)
Do you have an option to opt-in to (or opt-out of) using this replacement system?
Yes (for now).
Right now, the gmail.com DMARC record still hasn’t changed to quarantine emails that fail — like Google said it would starting February 1st, 2024.
Once they do update their policy, all of GMass’s Gmail + SMTP users will be required to use the domain replacement system — otherwise, your emails flat out won’t get delivered.
But in the meantime, if you are a Gmail + SMTP user you have the option to opt in (or out) of the domain replacement system.
You can do so in the GMass dashboard under Settings > Email Authentication. There you’ll find a checkbox option to Replace Gmail domain in “From”.
Why might you turn it on? By turning on the domain replacement, you’re future-proofing against the day when Google does update Gmail’s DMARC policy.
But in the meantime, by turning it on, you’ll start actually passing DMARC right now. Up until this point, you’ve been failing — but since Gmail’s current policy has been not to penalize that failure, it’s possible it hasn’t been having a noticeable negative effect on your deliverability.
If you’ve been seeing any DMARC-related blocks, it makes sense to turn this on.
Also: If you’ve set up and verified whateveryourusernameis.gmusers.net at your SMTP provider, there’s a possibility you might see your email authenticated by whateveryourusernameis.gmusers.net rather than by your SMTP’s default signing domain (e.g., sendgrid.net). For instance, at SendGrid, that could happen if you’ve selected whateveryourusernameis.gmusers.net as your default domain under Sender Authentication > Domain Authentication.
In that case, you have two options. You might want to keep signing your emails via sendgrid.net for the time being, since it has an established reputation — if so, make sure whatever.gmusers.net is not the default domain at your SMTP provider. Or, option two, turn on domain replacement in the GMass settings to start passing DMARC.
Why you might want to turn if off? The two reasons you might want domain replacement off are (1) you don’t want your shared domain showing up as your From address and you’re willing to risk failing DMARC for it or (2) you don’t want to change what’s already working.
Again, this will all be moot once Gmail updates their DMARC policy to quarantine, but for now, it’s something some users might want to consider.
What we do if your Gmail address has a dot (.) in it
When we create your personal From domain and stand-in email address, we do use your Gmail username (everything before the @ in your address). You can see the examples in the screenshots above (samquick1992.gmuser.net and [email protected]).
However, there’s one case where we handle this slightly different, and that’s if you have a dot (.) in your username. For instance, if your email address is [email protected]. In those cases, we do not use the dot in the subdomain, as a subdomain with four or more parts can look like spam and it’s definitely messier.
So in those cases, your subdomain would be either coolguy.gmuser.net if you’re using our in-house server or coolguy.gmusers.net if you’re using your own third-party SMTP server. Your stand-in email address keeps the dot, so it would be [email protected].
Setup Instructions If You’re Using GMass’s In-House SMTP Server
If you’re using one of GMass’s in-house SMTP servers (either our own SMTPGM server, or our Amazon SES account), there’s pretty much nothing you have to do to make this work.
Wait… what are your in-house SMTP servers? GMass allows some users (those sending opt-in emails) to apply to use our SMTP servers rather than signing up for their own. If you’re interested, you can learn more here.
You can send a quick test email to yourself to see this process in action.
Write up a test message and make sure you’re sending it through GMass’s in-house server or GMass’s Amazon SES server.
Click the Send Test button at the top of the settings box to send it to yourself.
The message should come through momentarily. And when you open it, you can check to see the newly rewritten email address.
If you choose the Show Original option in Gmail, you can dig deeper into the headers.
You’ll see that you passed DMARC.
And if you scroll down, you’ll see the DKIM record GMass automatically created for your subdomain.
You can see your DKIM header by going to the GMass dashboard, going to the Settings and then Email Authentication > Manage DKIM Settings. GMass has added that DKIM entry for you.
You’re clear to continue sending your campaigns through GMass’s SMTP server without having to worry about failing DMARC.
Setup Instructions If You’re Using Your Own Third-Party SMTP Account
Fortunately, for many SMTP services, you won’t have to do anything — GMass will set up your records behind-the-scenes, pass them through to your SMTP provider, and everything will work right.
For instance, when I sent a message using ReachMail as my SMTP service, everything went perfect behind the scenes.
In addition to creating the DKIM entry like we did for people sending through GMass’s in-house server, in this case we’ll also create a DNS record. You can view that in the GMass dashboard under Settings > Email Authentication > Manage DNS Records.
What to do if you use SendGrid (or another SMTP service that strips out DKIM headers)
GMass will always attempt to pass along your DKIM headers to your third-party SMTP server.
However… there are some that strip away those DKIM headers and add their own.
SendGrid, which is still the most popular SMTP service, is one of those that strips out the headers. That means SendGrid won’t be signing your emails using the DKIM signature from the custom sending domain GMass has created for you — and DMARC will fail.
So in order for this Gmail + SMTP process to work, you’ll need to get some DNS records from SendGrid (or your other header-stripping SMTP service) and add them into GMass.
In SendGrid, you can set this up in Settings > Sender Authentication > Authenticate Your Domain.
You’ll need to generate records here. Select Other for your DNS host (and don’t put anything in when it asks you to specify who the other host is). SendGrid will generate these records for you.
Go to the GMass dashboard and go to Settings > Email Authentication > Manage DNS Records. Click to Add a CNAME record and enter the info from SendGrid as I’ve shown below. (Basically, grabbing the first part of the Host and the entire Value).
Repeat that for all three CNAME records. You do not need to create the DMARC TXT record that SendGrid gives you, as GMass already has a DMARC record in place.
Once you’ve saved all three CNAME records in GMass, click the Verify button in SendGrid.
Assuming you entered everything right, SendGrid will tell you you were a success.
To make sure there were no problems, I also added my GMass-generated email under their sender verification.
Wait a few minutes for everything to propagate. Then send a test email through SendGrid in GMass. It should all go through the new domain properly…
… and pass DMARC.
Not a GMass User Yet?
If you’re not a GMass user yet, we hope this solution shows you why, well, you should be.
We created this process to make sure our users with gmail.com addresses sending through a SMTP would still be able to do so, even with the new Google/Yahoo sender requirements.
There aren’t a ton of users with gmail.com addresses using SMTP servers in GMass. It’s a small segment of our user base. But we still devoted a ton of time and resources to taking care of this problem. It didn’t matter that it was a small segment of users. We weren’t going to tell them they were out of luck.
This solution is wildly complex — but we were determined to make it work for GMass users and determined to make it NOT complicated on their end.
That’s just what we do.
And we hope we’ll have the chance to do it for you as well.
You can sign up for a free trial of GMass by downloading the Chrome extension. And once you sign up for a plan, you can hook up a SMTP server (or apply to use ours) — and send with a gmail.com address knowing we’re keeping you in compliance with whatever rules the email providers throw at you.
Email marketing, cold email, and mail merge all in one tool — that works inside Gmail
TRY GMASS FOR FREE
Download Chrome extension - 30 second install!
No credit card required