Starting February, Gmail will require you to authenticate outgoing email, avoid sending unwanted or unsolicited email (meaning to use SPF, DKIM, DMARC and some more) if you're a "bulk sender" sending over 5k emails/day to Gmail.
Few points I've learned when checking the requirement:
- only messages to personal Gmail accounts count towards the 5k/day limit
- emails from both @example.com and @foo.example.com count towards the "example.com" limit
- once a bulk sender, always a bulk sender
- you can use DMARC with p=none policy which basically means "I have a DMARC record but...", it's a good starting point and makes sense when used with rua ("send me aggregated reports") to check how you're doing before switching to p=quarantine ("your" messages that don't pass SPF/DKIM checks end up in spam folders") or p=reject (such messages are rejected)
- enforcement for bulk senders will be gradual and progressive: small percentage of non-compliant emails will see temporary errors in February, in April In April 2024, Gmail we’ll start rejecting a percentage of non-compliant email traffic, gradually increasing the percentage of rejected emails
Another requirement is a one-click unsubscribe which bulk senders have until June 1, 2024 to implement.
There's a lot of info out there and I found these two pages the most helpful: this one is a bit higher-level https://support.google.com/a/answer/81126?#zippy=%2Crequirements-for-all-senders
and this one has all the details:
https://support.google.com/a/answer/14229414