Google‘s email service, Gmail, is celebrating its 20th anniversary on April 1st. Although initially considered an April Fool’s joke, it has now become one of the most popular email platforms globally. Google is officially implementing a new set of security policies to commemorate this milestone. These policies aim to make the Gmail experience safer and more pleasant for its billions of users.

New bulk sender rules take effect on April 1st

Several stringent new rules will be enforced on Gmail starting April 1st, rules that all bulk senders must adhere to if they wish to continue using the platform. Essentially, Google is now cracking down on the vast amounts of spam plaguing its email service by enforcing strict Bulk Sender Rules.

Under these new guidelines, all bulk senders must authenticate their email using well-established best practices such as Domain-based Message Authentication, Reporting and Conformance (DMARC), DomainKeys Identified Mail (DKIM), and Sender Policy Framework (SPF). As Neil Kumaran of Google states, this move will “close loopholes exploited by attackers that threaten everyone who uses email.”

For legitimate email marketers already following industry standards, these authentication methods should already be in place, meaning little disruption. For unscrupulous spammers, however, failing to authenticate will result in their emails being blocked before ever reaching an inbox or spam folder.

While dedicated attackers may still find ways to circumvent these protections, as they inevitably do with most security measures, any roadblocks in the path of spam and malicious emails are a positive step.

Furthermore, beginning June 1st, Google will make the one-click unsubscribe option mandatory for all bulk senders, saving users the hassle of navigating convoluted unsubscribe processes.

Other enhanced Gmail security measures

According to reports, Google is also enforcing additional security rules that apply to all Gmail users, not just bulk senders. One such measure is enhanced email encryption when messages are sent between different email providers. By implementing Transport Layer Security (TLS), email content remains encrypted regardless of the recipient’s email service.

Two-factor authentication is also being set as the default for Gmail accounts. This additional verification step raises the bar for threat actors attempting phishing attacks, unauthorized access, or impersonation.

Rounding out Google’s renewed focus on email security are the Password Alert feature, warning users about credential leaks, and the Security Checkup Tool for detecting client-side issues. While no single measure is a panacea, this multilayered approach aims to make Gmail a safer, more secure experience for all.