Google to bolster phishing and malware delivery defenses in 2024

Google will introduce new sender guidelines in February to bolster email security against phishing and malware delivery by mandating bulk senders to authenticate their emails and adhere to stricter spam thresholds.

"Last year, we started requiring that emails sent to a Gmail address must have some form of authentication," said Neil Kumaran, Group Product Manager for Gmail Security & Trust.

"And we've seen the number of unauthenticated messages Gmail users receive plummet by 75%, which has helped declutter inboxes while blocking billions of malicious messages with higher precision. That's great progress, but there's much more we need to do — starting with new requirements for large senders."

Starting February 1st, 2024, Google will require senders dispatching over 5,000 messages daily to Gmail accounts to set up SPF/DKIM and DMARC email authentication for their domains to strengthen defenses against email spoofing and phishing attempts.

These senders must also provide Gmail recipients the option to unsubscribe from commercial emails with a single click. Additionally, they must handle unsubscription requests within a two-day timeframe.

Going forward, email senders must adhere to a specific spam rate threshold to avoid flooding Gmail users' inboxes with unwanted content.

They'll have to uphold spam rates below 0.3%, as indicated in Postmaster Tools, and avoid impersonating Gmail in their emails' "From" headers. Failure to comply with these new regulations could lead to email delivery issues, as Google intends to enforce a DMARC quarantine policy.

"You shouldn't need to worry about the intricacies of email security standards, but you should be able to confidently rely on an email's source. Ultimately, this will close loopholes exploited by attackers that threaten everyone who uses email," said Kumaran.

"If you don't meet the requirements [..], your email might not be delivered as expected, or might be marked as spam," Google explains in a support article.

Google claims that Gmail's artificial intelligence-driven defenses successfully prevent over 99.9% of spam, phishing attempts, and malware from infiltrating its customers' inboxes, effectively blocking nearly 15 billion unwanted emails daily.