Google & Microsoft Email Sender Rules: June 2026 Enforcement Update

June 6, 2026 — The era of warning shots for bulk email senders is over. Google now permanently rejects non-compliant bulk mail instead of temporarily deferring it, Microsoft has brought Outlook, Hotmail and Live under the same authentication regime, and Gmail’s Postmaster Tools has replaced reputation grades with hard pass/fail compliance checks. Here is what changed, what is enforced as of this month, and what every B2B outbound team needs to verify this week.

What changed: a timeline of the crackdown

1. May 2025 — Microsoft joins the 5,000/day rule. Outlook.com, Hotmail and Live.com now require SPF, DKIM and DMARC for senders exceeding 5,000 messages per day, mirroring the Gmail/Yahoo requirements introduced in 2024.
2. September 30, 2025 — Postmaster Tools v2. Google retired the familiar High/Medium/Low sender-reputation grades. The new dashboard shows binary compliance: you either pass authentication, spam-rate and unsubscribe requirements, or you fail.
3. November 2025 — enforcement escalates. Google moved from temporary delivery delays to permanent rejections for bulk senders that fail authentication. A missing DMARC record is no longer a soft penalty; it is a bounced campaign.
4. 2026 — Microsoft expands ARC. Authenticated Received Chain preserves authentication results through forwarders and mailing-list intermediaries, closing the loophole where forwarded mail lost its SPF/DKIM alignment.

The numbers that decide inbox placement in June 2026

The thresholds themselves have not moved — enforcement has. Spam complaint rate must stay below 0.3% (Google recommends under 0.1% for reliable placement). SPF, DKIM and DMARC are mandatory at 5,000+ daily messages to any major provider. One-click unsubscribe (RFC 8058) is required on commercial bulk mail. What is new is the consequence: in the infrastructure we manage for clients, authentication failures that produced delayed delivery in 2025 now come back as hard rejections.

What this means for cold email teams

Counterintuitively, the crackdown is good news for legitimate senders. Permanent rejection of unauthenticated mail removes the noisiest competitors from the inbox. Teams running proper infrastructure — dedicated sending domains, full DNS authentication, conservative volumes per inbox, real list verification — report steadier placement than before the changes. The senders being washed out are the ones blasting from misconfigured domains.

The June 2026 compliance checklist

1. Verify SPF, DKIM and DMARC on every sending domain — including secondary and tracking domains. A DMARC policy of at least p=none with monitoring is the floor; move to p=quarantine once reports are clean.
2. Check Postmaster Tools v2 for every primary domain. Anything other than a pass on authentication, spam rate and unsubscribe is now an emergency, not a backlog item.
3. Keep spam complaints under 0.1%. Tighten targeting before increasing volume.
4. Confirm one-click unsubscribe headers are present on bulk commercial sends.
5. If your mail passes through forwarders or list intermediaries on Microsoft-bound traffic, confirm your provider supports ARC.

For the full technical setup, see our guides to SPF, DKIM and DMARC configuration, domain warm-up in 2026, and using Google Postmaster Tools. If you would rather have compliant infrastructure built for you, that is exactly what our cold email infrastructure service does.