Gmail trust has been boosted by new authentication rules
Trust is essential, I hardly need to tell you that. Trust in email is doubly so because it can make the difference between staying protected and falling victim to malware or compromise. Google operates the biggest free email provider on the planet, Gmail, with more than 2.5 billion active users. So, when the rules around trust involving bulk sender authentication change, it’s a big deal. I’ve covered these changes multiple times since they were first announced a year ago now, and Google will detail just how successful they have been at the annual Messaging, Malware and Mobile Anti-Abuse Working Group conference in Toronto on Oct. 09. I’ve been given a sneak preview which I am able to share ahead of time.
Google Sees Remarkable Results Since Announcing Changes To Gmail Security A Year Ago
Neil Kumaran, the group product manager of Gmail security and trust, has trusted me with details of just how successful the rule change, first announced 12 months ago, impacting bulk senders of email to Gmail users has been.
Since the introduction of the new rules in April 2024, Kumaran said, there has been an “unprecedented improvement in the fundamental security of email as a result of these requirements on bulk senders.”
The numbers are, frankly, hugely impressive:
- 65% reduction in unauthenticated messages sent to Gmail users.
- 50% more bulk senders started following best security practices.
- 265 billion fewer unauthenticated messages sent in 2024.
It’s probably worth repeating that last statistic; it’s not a typo: yes, 265 billion fewer unauthenticated messages were sent. That means hundreds of billions less opportunities for malware to be distributed, for spam to be received, for email to be both dangerous and annoying.
What Do Gmail’s New Bulk Sender Requirements, Well, Require?
Although necessarily technical in nature, the new rules that Google imposed starting April 01, 2024, accrue to three simple and realistic outcomes:
- Add confidence to Gmail users in the knowledge that the source of an email is valid.
- Make the act of unsubscribing from an email as easy as possible, no jumping through hoops required.
- Reduce the amount of unwanted email in Gmail inboxes by ensuring that bulk senders cannot exceed specific spam rates.
In other words, if you are sending email to Gmail users, bulk email, then you must be able to prove that you are who you say you are. Authentication must be a foundational part of email security, and that’s what Google has set out to achieve with these rules for bulk sender authentication.
“An environment without strong authentication is one where spam and malicious activity are much more likely,” Kumaran said, “these improvements represent a huge boost to the health of the email ecosystem by dramatically reducing the types of messages often used for spoofing and phishing attacks.”
