Since 2024, Gmail and Microsoft stopped politely suggesting good sending practices and started enforcing them. If you send cold email — even at modest volume — these are the rules of the road now. Here’s the short version, without the jargon.

The three DNS records you must have

Think of these as your domain’s ID papers. Receivers check them before reading a word of your copy.

SPF answers “which servers may send email for this domain?” It’s one TXT record listing your providers. Two rules people break constantly: you can only have one SPF record (multiple records = automatic fail), and it should end in ~all or -all — ending in +all means “anyone may send as me”, which receivers treat as a red flag.

DKIM is a cryptographic signature attached to every email, proving it wasn’t altered and really comes from your domain. Your email provider usually generates the key; you publish the public half in DNS. If you need a key for your own server, you can generate one free in your browser.

DMARC tells receivers what to do when SPF or DKIM fail: nothing (p=none), spam-folder it (p=quarantine), or reject it (p=reject). Gmail and Microsoft now require at least p=none from bulk senders — and p=none is the floor, not the goal. Once your legitimate mail passes reliably, move to quarantine.

You can test all three — plus whether your domain can receive replies at all — in one pass with our free domain health checker.

The unsubscribe rule

Bulk senders must support one-click unsubscribe (the technical kind, RFC 8058 — a header, not just a link in the footer) and honor it within two days. For cold email specifically this is doubly important: a recipient who can’t unsubscribe in one click will press the other button instead — Report spam — and that one costs you forever.

The number that ends careers: 0.3%

Gmail’s enforced spam-complaint threshold is 0.3%, and their stated target is under 0.1%. Three complaints per thousand emails. That’s not many: a sloppy list segment or a tone-deaf follow-up can blow through it in one morning.

What actually keeps complaints low isn’t a trick — it’s relevance and restraint: tight targeting, small personalized batches, sequences that stop the moment someone replies, and never emailing someone twice who said no.

The busy person’s checklist

One SPF record, ending in ~all or -all
DKIM signing on, key published (2048-bit if your DNS allows)
DMARC record live — p=none to start, quarantine when clean
One-click unsubscribe header on every campaign email
Unsubscribes honored automatically, within two days
Spam complaints watched, with a plan to pause sending if they spike
Bounce rate kept low — verify lists before sending

The first three are one-time DNS work — an afternoon, most of it waiting for propagation. The last four are ongoing operations, and they’re where most senders quietly fail: nobody watches the bounce rate on a Tuesday afternoon.

That ongoing half is the part Norbelys automates — unsubscribes and suppression are handled for you, and every mailbox is watched around the clock, with sending slowed or paused before your domain takes damage. You bring relevant copy and a clean list; the machinery underneath is our job.