Deliverability

2025 bulk sender requirements. How to stay compliant.

Over the years, we’ve witnessed big moments that reshaped the email landscape from a simple text-based system to a highly regulated space where authentication, relevance, and engagement signals are carefully evaluated before a message can reach the inbox. Major mailbox providers have played a pivotal role in this evolution with smarter filters and stricter sender guidelines.

2024 was no exception. Google and Yahoo led a new wave of changes, announcing stricter requirements for bulk senders. And it didn’t take long for others to follow. Now, Microsoft is stepping in with its own requirements that went into effect starting May 2025. Although Apple hasn’t formally announced new sender policies, their bulk sender guidelines closely align with Gmail, Yahoo, and Microsoft.

In this article, we’ll break down what these changes mean and what you’ll need to do to stay compliant in 2025.

Email authentication

All major ISPs now require brands to implement SPF, DKIM, and DMARC (with at least p=none) as a minimum standard for verifying their identity and protecting user inboxes. ISPs also recommend implementing the ARC standard for forwarded messages to ensure legitimate emails aren’t incorrectly marked as spam

  • SPF (Sender Policy Framework) – Ensures that only authorized IP addresses can send emails on behalf of your domain
  • DKIM (DomainKeys Identified Mail) – Verifies that your email content has not been altered in transit
  • DMARC (Domain-based Message Authentication, Reporting & Conformance) – Builds on SPF and DKIM, giving domain owners control over how unauthenticated emails are handled
  • ARC (Authenticated Received Chain) is an email standard introduced to help preserve authentication results (DKIM and SPF) during forwarding

Senders must also ensure valid forward and reverse DNS (PTR) records are in place for all sending IPs.

Learn how to protect your reputation in this blog: Protect Your Online Reputation: The Power Of Email Authentication

User-reported spam complaints

A key component of these sending requirements is maintaining low spam complaints – under 0.3% according to Gmail and Yahoo. Every time a subscriber hits “Report Spam”, it tells mailbox providers your message is unwanted. Too many spam complaints can lead to severe deliverability issues and hinder your sender’s reputation.

If your spam rate stays high, you might lose access to support channels. Gmail has already stated that, and chances are other ISPs will follow. Without access to mitigation channels, resolving deliverability issues can get much harder.

So what next? Be aware of who you send to and what you are sending. Focus on maintaining a clean list of engaged recipients and ensure your content is relevant.

List hygiene & maintenance

Keeping email lists up to date has long been a best practice, so it’s no surprise that all major ISPs now expect senders to stay on top of list hygiene. That means you must regularly clean your lists by removing inactive users and bounced addresses – Microsoft even suggests cleaning lists monthly or quarterly. Also, ensure you’re familiar with your ESP’s bounce handling policies so nothing slips through the cracks.

And, if you have a bunch of users who haven’t engaged in a while, send them a re-engagement campaign before cutting them loose. It’s a great way to win them back while maintaining a good sender reputation.

Want to dive deeper, check out this blog: Why, when, and how to clean your email list.

Unsubscribe mechanism

Gmail and Yahoo have stated that a one-click unsubscribe functionality is required to make it easier for recipients to opt-out of marketing emails without unnecessary steps. Both ISPs also require senders to honor unsubscribe requests within two days.

To stay compliant, your emails need to include two specific headers:

  • One List-Unsubscribe header
  • One List-Unsubscribe-Post

Microsoft and Apple do not currently mandate the one-click unsubscribe option, but they still require a clear, easy to find unsubscribe link; don’t bury your unsubscribe link in your footer or your privacy policy.

Permission-based mailing

Obtaining clear consent before emailing isn’t just the right thing to do, it’s key for building trust and protecting your sender reputation. Always provide clear opportunities for users to opt in, whether it’s subscribing to a newsletter, filling out a sign-up form, or checking an opt-in box. Don’t use pre-checked boxes or outdated lists; consent must be intentional, clear, and current.

Keep your content and sending frequency in line with the expectations set during the original opt-in. If you go off track you risk email fatigue, losing subscribers, and spam reports.

Laws and regulations

There are several laws and regulations in place that aim to protect consumer privacy and prevent unwanted or unsolicited messages. Each country has its own rules that define how brands should communicate with their customers. Ignoring them can result in heavy fines and damage to your brand reputation. If you are a legit sender, chances are you are already following these rules.

General Data Protection Regulation (GDPR) (EU)

  • Must obtain explicit consent before sending marketing emails
  • Must provide a clear and easy way to opt out

CAN-SPAM Act (USA)

  • Must include accurate header information, such as the sender’s name and email address
  • Provide a valid physical postal address
  • Provide a clear and easy way to opt out

Canada’s Anti-Spam Legislation (CASL)

  • Must obtain express or implied consent before sending marketing emails
  • Include accurate contact info
  • Provide a clear and easy way to opt out

Australian Spam Act

  • Must obtain Express or Inferred consent (based on an existing relationship)
  • Provide accurate sender info
  • Provide a working unsubscribe option

RFCs 5322 and 5321

Email providers like Gmail and Yahoo require compliance with RFCs 5321 and 5322 standards to ensure successful email delivery. This involves using the correct SMTP envelope information and properly formatting message headers.

RFC 5321

  • SMTP protocol (Simple Mail Transfer Protocol)
  • Defines how email is sent and delivered between mail servers

RFC 5322

  • Internet Message Format
  • Defines the format of the email’s headers (from, to, subject) and body (message content)

Mailing stream and domain requirements

  • Microsoft strongly recommends using a monitored reply-to address to manage customer relationships efficiently. It’s also a long-standing best practice to encourage engagement and build trust. If your “Reply-To address” is something like [email protected], any recipients’ inquiries won’t be addressed. Instead, use a monitored address like [email protected] so you can respond quickly and keep the line of communication open
  • The domain in the “From” address must align with the domains used in SPF and/or DKIM authentication. For instance:
    – “From” address: [email protected]
    – SPF domain: yourcompany.com
    – DKIM domain: yourcompany.com
  • Use a consistent “From” address to maintain brand recognition. For example, your emails typically come from [email protected]. Consistency helps build trust and makes your emails more recognizable
  • Separate marketing and transactional emails by using different domains and IPs to ensure uninterrupted communications; marketing emails are more likely to be flagged as spam
  • For new domains or IPs, gradually increase the sending volume to establish a positive reputation. Increasing the sending volume too quickly can cause spam filtering and blocks
  • Track temporary and permanent SMTP errors (4xx and 5xx), investigate and adjust accordingly to improve deliverability

Testing and monitoring

If you’ve already implemented all these requirements, great! You’ve set your email program up for long-term success. But if you’re still working through the steps, testing and monitoring can be a great way to start.

  • Sign up for postmaster tools, like Google postmaster tools and Microsoft SNDS. These tools provide valuable insight into your reputation, spam complaint rates, authentication status, and other key metrics
  • Use Gmail’s Compliance Dashboard to stay on top of your compliance with its latest sender guidelines and quickly identify areas for improvement
  • Sign up for Feedback Loops (CFLs), such as Yahoo’s CFL, to identify users who mark your emails as spam and remove them from your mailing list
  • Regularly review bounced messages, as they provide valuable insights into the reasons behind delivery failures. Gmail for example, has introduced new bounce codes to provide more details on failed email deliveries, particularly related to authentication issues

Final thoughts

Email continues to be one of the most effective marketing tools today, but that also makes it a target. As spam grows, mailbox providers will keep pushing for stricter rules to protect their customers. What does this mean for marketers? Adapt fast. Those who adjust will stay in the game, while those who don’t may fall behind.

If you’re still uncertain or have questions, don’t hesitate to reach out. Let’s chat!

EMAIL DELIVERABILITY GUIDE
Mastering email deliverability: Insights, strategies and trends for 2025 and beyond
Hiba Khaleel
Hiba Khaleel
Senior Deliverability Analyst, Inboxable

Hiba Khaleel is a deliverability analyst on the Inboxable team. Hiba brings her years of experience in client management and data-driven solutions to her current role, where she helps her clients achieve email marketing success. Her passion is optimizing deliverability rates for maximum impact. Hiba specializes in monitoring and optimizing email campaigns, authentication protocols, data analysis and mitigating risks related to email deliverability. She enjoys spending her free time on long walks and road trips with her family.