Skip links

Happy 20th birthday Gmail, you’re mostly grown up – now fix the spam

It was 20 years ago on Monday that Google unleashed Gmail on the world, and the chocolate factory is celebrating with new rules that just might, hopefully, cut down on the amount of spam users receive.

Sure, it may have seemed like an April Fool’s joke in 2004, but nearly two billion users later, Gmail is arguably Google’s most successful venture other than Search and Android.

However, while Gmail’s ability to filter out spam is better than some of its email rivals, the feature isn’t foolproof. So last year it announced measures targeting those who send over 5,000 messages to Gmail addresses in a single day. Now, anyone violating those provisions will be facing a crackdown.

“Many bulk senders don’t appropriately secure and configure their systems, allowing attackers to easily hide in their midst,” Google warned last year.

“We started requiring that emails sent to a Gmail address must have some form of authentication. And we’ve seen the number of unauthenticated messages Gmail users receive plummet by 75 percent,” it added. “That’s great progress, but there’s much more we need to do.”

Beginning a couple months ago, all bulk senders had to begin authenticating their emails to close exploit loopholes, add one-click unsubscribe options to all messages, and conform to new spam rate thresholds (determined daily by the number of users who say a message is spam) of just 0.3 percent before being ineligible for bounced email mitigation requests.

“Most senders already meet these requirements, and for those who are still working on it, we’re sharing clear guidance to help,” Gmail security and trust group product manager Neil Kumaran told The Register. “Doing so is crucial to close loopholes we know attackers are targeting, and will help make email safer for everyone.”

Many of the requirements are being phased in gradually, but Gmail’s 20th birthday marks the date when Google will begin rejecting noncompliant traffic.

“Bulk senders who don’t meet our sender requirements will start getting temporary errors with error codes on a small portion of messages that don’t meet the requirements,” Google wrote. “These temporary errors help senders identify email that doesn’t meet our guidelines so senders can resolve issues that prevent compliance … We strongly recommend senders use the temporary failure enforcement period to make any changes required to become compliant.”

Mass senders may see one of five error codes for not complying with specific requirements for bulk senders: alignment with either an SPF or DKIM domain, no header spoofing, proper header alignment, valid forward and reverse DNS records, message formatting compliant with RFC 5322, and sending all messages using TLS.

Google told us it’s heard positive feedback from across the email ecosystem after announcing the changes last year, and it’s been encouraged by how rapidly senders are moving to comply with the requirements.

Of course, with any good announcement there’s always a drawback. In this case it’s that the rules only apply to personal Gmail accounts – not accounts run under Google’s Workspaces business productivity suite.

Oh well – happy 20th birthday either way, Gmail. ®