What’s Gmail’s position on authentication (SPF, DKIM, DMARC)?

Gmail's position on authentication is clear: SPF, DKIM, and DMARC are mandatory for bulk senders. As of 2024, Gmail requires all senders of 5,000 or more daily messages to have proper authentication with DMARC at minimum p=none policy.

Gmail views authentication as foundational trust infrastructure. SPF verifies that sending IPs are authorized by the domain. DKIM proves message integrity and sender identity. DMARC ties these together and tells Gmail how to handle failures.

Without proper authentication, Gmail may reject messages outright, filter aggressively to spam, or apply warning labels. Even small senders benefit from authentication because it establishes baseline trust. Gmail has made clear that authentication is not optional for anyone serious about reaching inboxes.