Google Strengthens Phishing and Malware Delivery Defenses in 2024
Google Strengthens Phishing and Malware Delivery Defenses in 2024

Image: Brett Jordan (unsplash)

In an effort to bolster email security, Google has announced that it will introduce new sender guidelines in February. The primary goal of these guidelines is to enhance protection against phishing and malware delivery. A key provision mandates that bulk senders must authenticate their emails and observe stricter spam thresholds.

Neil Kumaran, Group Product Manager for Gmail Security & Trust, reflected on the progress made over the past year. Emails sent to a Gmail address had been subjected to authentication mandates. Consequently, the volume of unauthenticated messages reaching Gmail users fell sharply by 75%. This initiative successfully decluttered inboxes by filtering out billions of malicious messages with an elevated accuracy. Acknowledging the strides made, Kumaran emphasized the urgency to implement additional measures, particularly targeting large-scale senders.

Starting February 1st, 2024, any sender dispatching more than 5,000 messages daily to Gmail accounts will be mandated to establish SPF/DKIM and DMARC email authentication for their respective domains. This action is specifically geared to fortify the defenses against the threats of email spoofing and phishing.

Furthermore, these senders will have the responsibility to offer Gmail recipients an easy one-click option to unsubscribe from commercial emails. In line with this, they are required to process any unsubscription requests within a 48-hour window.

To ensure the quality of email traffic, senders will now be required to maintain their spam rates under the 0.3% limit, as per the metrics presented in Postmaster Tools. Using Gmail’s likeness in their emails’ “From” headers will be strictly prohibited. Google has warned of potential email delivery complications for those who don’t comply, as they are set to execute a DMARC quarantine policy.

Kumaran underscored the importance of these measures. He stressed that while users shouldn’t be burdened by the complexities of email security protocols, they should have unwavering confidence in the sources of their emails. This initiative aims to plug the gaps that malevolent actors have been exploiting, ensuring a safer email environment for all users.

Google further elucidated their stance in a support article, highlighting that non-compliance could result in emails being flagged as spam or not delivered as anticipated.

The tech giant takes pride in the efficacy of Gmail’s AI-driven defenses. As per their data, over 99.9% of spam, phishing attempts, and malware are thwarted, which translates to blocking nearly 15 billion undesired emails on a daily basis.