We’ve got some essential information to share today about Google’s latest email protection updates, specifically concerning Gmail. With many of us relying on Gmail for our email communications, these updates are something you should definitely have on your radar.

Google’s New Email Protection Updates

There are three key aspects you need to know about Google’s new email protection requirements for bulk email senders.

Authentication: Google wants your recipients to have full confidence that the emails they receive are genuinely from you. This step reduces the risk of spoofing and phishing attempts while safeguarding your organization’s identity. Plus, it can help prevent your emails from being marked as spam.

Easy Unsubscribe: Making it easy for people to opt out of your emails is crucial. Google is putting a strong emphasis on user control, and you should too.

Sending Only Wanted Emails: Google aims to keep inboxes clean and clutter-free. By sending emails that your recipients genuinely want, you’ll be contributing to a better email ecosystem. Google will track this by monitoring spam report rates.

Configure Your Email Sending Domain

Before we dive deeper into email authentication, let’s make sure your email sending domain is properly configured in HubSpot. If you want to send marketing emails from your own domain, connecting your email sending domain to HubSpot is essential. This process grants HubSpot permission to send emails on your behalf using DKIM (Domain Keys Identified Mail) email authentication.

Here are some key benefits of connecting your email sending domain:

  • Your marketing emails will have a lower chance of being marked as spam.
  • Your marketing emails will no longer display “via HubSpot” in the sender information.

Before you begin, here are a few things to keep in mind:

  • Ensure you have login details for your DNS provider and access to the CNAME records.
  • All HubSpot accounts may connect an unlimited number of email sending domains, provided you own and have access to each domain.
  • If you have a DMARC policy, you can add HubSpot to your SPF record after connecting your email sending domain.
  • If you’re using Cloudflare to configure your email sending domain, make sure that domain-wide CNAME flattening and proxy settings are turned off.
  • You can connect a subdomain (e.g., info.domain.com) as your email sending domain, and it should match the domain in the “From” email address you’re using to send marketing emails in HubSpot.

Here’s how to connect your email sending domain:

  • In your HubSpot account, click the settings icon in the main navigation bar.
  • In the left sidebar menu, navigate to Website > Domains & URLs.
  • In the top right, click Connect a domain.
  • In the dialog box, select Email Sending, then click Connect.
  • On the domain connection screen, enter an email address you use to send marketing emails, then click Next.
  • Verify that the email sending domain is correct, then click Next.
  • In a separate tab, log in to your DNS provider and locate your DNS record settings.
  • Copy the values in the Host and Required Data columns in HubSpot. In your DNS provider account, paste the values into the appropriate record fields for the CNAME record of the subdomain you’re connecting.
  • Once you’ve entered the values into the CNAME record, click Verify.

With your email sending domain configured correctly, you’ll be in a better position to ensure email authentication and deliverability.

DMARC Policy Implementation

Now that your email sending domain is set up, let’s circle back to DMARC. DMARC is an email authentication protocol that you implement outside of HubSpot, designed to protect your email domain against unauthorized use. For DMARC to pass, you need one of two domain authentication protocols, DKIM or SPF, to be set up correctly.

To use the DKIM protocol to authenticate, connect your domain as an email sending domain. To use the SPF protocol to authenticate, add HubSpot to your SPF policy.

Troubleshooting DMARC Issues

You may encounter issues with DMARC authentication. If you see an error message like “DMARC authentication has failed for [email sending domain]. The error is: [error description],” it means that the domain of the email address you used as your “from address” has a DMARC policy configured outside of HubSpot, but that policy is not compatible with your HubSpot email sending domain configuration. This error isn’t critical but may result in a higher rate of email messages failing to deliver or being routed to the spam folder.


That’s it! These steps, including configuring your email sending domain, DMARC implementation, and SPF record setup, are pretty straightforward, and we’re here to help you through them.

These updates might seem sudden, but they’re aligned with best email practices to improve deliverability. You likely won’t need a major overhaul – we just want to ensure all your settings are spot-on.

Remember, Google’s goal is to keep Gmail users’ inboxes clean, and by following these requirements, you’re helping them achieve that.

Now, who has questions?

Please feel free to get in touch with us if you have any questions or need any assistance with Google’s new protection updates.