Google provides help with disappearing Gmail messages.
Update, Dec. 13, 2024: This story, originally published Dec. 12, now includes further information about how Gmail defines bulk senders and requires secure authentication to prevent email from being bounced before it even gets to a Gmail user’s inbox.
Having seen, or rather not, messages to Gmail users disappearing into the ether for more than 12 months, one .com reader reached out in desperation for help. If you are suffering from a similar disappearing Gmail email issue, here’s how to fix it straight from the insiders at Google itself.
The Disappearing Email Issue—Gmail Users Not Receiving Messages
After reading an article at .com about Gmail account takeover attacks, one reader thought they would reach out to me as I mentioned a Google insider had helped with advice for Gmail users. The thing here is, though, that this particular reader wasn’t using a Gmail account but rather sending an email to one. Actually, to be precise, more than one, and that’s where the issue arose.
“If I email more than two Gmail accounts,” the reader said, “the Gmail users do not receive the email.” Others included in the email but not using Gmail do receive the email, however. There were “no error messages, nothing,” the reader continued, “the email disappears into the ether—usually I can email single Gmail users, but not always.”
Once again, I chatted with Google spokesperson Ross Richendrfer, who deals with all things Gmail and workspace security and privacy. If anyone could get to the bottom of this mystery, it was going to be Richendrfer and the team of Gmail techies he had to call upon for help.
Investigating The Disappearance Of Gmail Messages
So as to preserve the privacy of the reader in question, I only passed on the bare bones of the problem to Richendrfer, who tried to help nonetheless. This did, unfortunately, mean that Google was hard-pressed to provide a definitive answer without knowing the sending domain or seeing any example email messages. “Any message failures,” Richendrfer said, “spam or otherwise, would be sent back to the sending domain, which should be observable for the user.” The problem could have been down to something on the domain side that was preventing the user from accessing the delivery failure bounce messages, maybe that server doesn’t accept inbound failure bounces, for example. But Richendrfer had a hunch it was more likely going to be an authentication issue, with “the messages getting dropped before they even get to Gmail due to improper authentication.” As such, working with the reader’s own provider to ensure messages were being properly authenticated was the first step that Google recommended.
New Gmail Bulk Email Sender Secure Authentication Rules Started April 1
What could have happened, although I cannot be sure, is that the reader got caught up in the new rules for bulk senders that Google introduced for everyone sending email to a Gmail address from April 1. Essentially, this meant that Google would reject emails addressed to Gmail users that didn’t meet strict new email domain authentication rules. Google itself first warned that these rules were coming in a posting way back in October 2023, so it’s not that this should be a surprise. The bulk sender authentication ruling came into play to try and put a cap on the amount of spam landing in the inboxes of Gmail users. Spam that is often the carrier for malicious software and phishing attacks. “By implementing these new requirements,” I wrote at the time, “Google is aiming to prevent malicious actors from using unauthenticated or compromised domains to deliver their dangerous payloads and reduce unwanted spam.”
Although Google defines a bulk sender as someone who gets close to sending 5,000 messages within a 24-hour period, the use of strict authentication protocols is highly recommended to anyone who sends emails from their own domain to Gmail users, or those of any email provider to be honest. Anything that helps confirm that you are not a spammer and that your email is safe has to be a good thing, right? Helps, not guarantees, of course. One attack methodology that attempts to circumvent such protections is known as SubdoMailing, where attackers inject Sender Policy Framework records in order to authenticate their Simple Mail Transfer Protocol servers and then host unsubscribe functions on hijacked subdomains. The Guardio report referenced above uncovered a network of more than 8,000 domains, including hugely well-known brands such as CBS, eBay, Marvel, McAfee, and MSN, being used in one such SubdoMailing email attack campaign. “Gmail has multiple layers of protections,” Richendrfer said, “and we’re constantly adding more to defend against this attack vector.”
The April 1 rules meant that all bulk senders are now required to authenticate their email using well-established best practices such as Domain-based Message Authentication, Reporting & Conformance, DomainKeys Identified Mail and Sender Policy Framework, to close the loopholes exploited by attackers threatening everyone who uses email, Gmail or otherwise.
Authentication Issues Likely At The Heart Of The Disappearing Gmail Problem
To get to the bottom of the problem, what Richendrfer and the Google Gmail experts really needed was sight of the sending domain in question and an example of the emails that are not getting delivered to Gmail recipients. I approached the reader to ask if this was possible, and they gladly gave their consent. Armed with this information, I went back to Google. The Gmail tech team then took a closer look and determined, from what it could tell, that setting up DomainKeys Identified Mail authentication on the sending domain server would likely solve the issue. I’ve written about DKIM before, but here’s the TL;DR.
Sender Policy Framework allows your mail server to determine if an email that claims to be from a specific domain actually does come from a host that is authorized by way of the Domain Name System record. DKIM has the same goal, but approaches it from the direction of a digital signature, well, a hash value attached to the email message itself and encrypted with a private key. This ensures that the email is as sent when it arrives at the destination as any attempts to modify the contents are immediately visible so the email can then be rejected by server.These are bound together by the Domain-based Message Authentication, Reporting and Conformance security protocol known as DMARC which checks both the SPF and DKIM authentication records for validity and then decides what should be done with the email accordingly.
Google Authentication Resources For Sending Email To Gmail Users
Google has a specific resource for setting up DKIM which provides step-by-step instructions for domain administrators on how to authenticate outgoing email to Gmail accounts and protect the domain against spoofing. “If the user has questions about implementation or sees delays in delivery,” Richendrfer said, “they can directly contact Google support.”
/cdn.vox-cdn.com/uploads/chorus_asset/file/13134203/VRG_ILLO_2940_002.jpg)
