Gmail's DMARC security move is paying off.SOPA Images/LightRocket via Getty ImagesUpdate, Feb. 4, 2025: This story, originally published Feb. 3, now includes further information regarding the hugely impactful Gmail email sender authentication security update and a report revealing 9 out of 10 emails are spam.Google is not scared of making the big decisions when it comes to securing the 2.5 billion users of its Gmail email platform. Be that by way of purging account data, or making wholesale security policy changes. When you consider the security threats to Gmail users including do not click attacks and AI-driven prompt injection vulnerabilities, this is good news. As it was when I reported on Googles critical decision to update Gmail security with new rules concerning email authentication. New research now suggests that this was one of the best security measures that Google has introduced for Gmail users in many a year, making the worlds biggest free email platform even safer to use for everyone as nine out of ten messages are spam, and 20% of those are malicious in intent. Heres what you need to know. The Incredible Impact Of The Critical Gmail Sender Authentication UpdateIts hard to believe that it was really a year ago that Google started updating Gmail security for the 2.5 billion users of the email platform by introducing a simple but, as it turns out, staggeringly effective measure: sender authentication, including the implementation of Domain-based Message Authentication, Reporting & Conformance. Just how effective that has been is now revealed within new statistics released to me by EasyDMARC.A quick recap is probably in order. As Gmails group product manager, Neil Kumaran, said at the time, Many bulk senders dont appropriately secure and configure their systems, allowing attackers to easily hide in their midst. This simple statement was at the heart of the new rules to update Gmail security measures as authenticating those sending email in volume, validating they are who they claim to be, is a crucial requirement for any email platform claiming to take security seriously. All bulk senders, those sending at least 5,000 emails to personal Gmail accounts a day, are now required to provide that authentication by way of the previously mentioned DMARC, as well as DomainKeys Identified Mail and Sender Policy Framework. Ultimately, this will close loopholes exploited by attackers that threaten everyone who uses email, Kumaran said.According to the VIPRE security group, which analyzed more than seven billion emails, nine out of ten of them are now spam. Delving into this statistic revealed that one in five of those were malicious phishing emails, and 88% used impersonation techniques to try and fool the recipients.The aim of these critical changes to the way that Gmail works, from both the recipient and sender perspectives, was simple enough:Add confidence to Gmail users in the knowledge that the source of an email is valid.Make the act of unsubscribing from an email as easy as possible, no jumping through hoops required.Reduce the amount of unwanted email in Gmail inboxes by ensuring that bulk senders cannot exceed specific spam rates.On Oct. 8, 2024, I reported how, after just six months, the Gmail security update was impacting users. Kumaran said that Google had seen a 65% reduction in unauthenticated messages sent to Gmail users and an astonishing 265 billion fewer unauthenticated messages sent than in the previous year. Now, a year on from the changes, that impact has been revealed to be even more impactful.Not Just For GmailAll Users Should Adopt DMARC, DKIM And SPFIt goes without saying that anyone who falls into the definition of a bulk sender would be unwise not to implement strict authentication protocols unless they are acting maliciously in some way or another. And that applies to email sent to any platform, not just Gmail. I would also recommend that anyone who sends emails from their own domain to Gmail users should implement the DMARC, DKIM and SPF trilogy to add confidence that they are a genuine sender. A great example as to why is to solve why email messages arent arriving at their destination correctly. Something else I have previously reported, and which a Gmail spokesperson said was caused by the messages getting dropped before they even get to Gmail due to improper authentication.Im not a bulk sender, but I do send emails to Gmail users using my own domain. I also took the time to set up strict sender authentication protocols to ensure that recipients can trust that it is me sending the email they get. There are plenty of services out there, including your domain or email provider, who can help with this process if you are not a technical person yourself.Confidence To Combat Gmail Phishing Attacks RisesThe statistics that EasyDMARC has shared with me come from research involving 1,000 IT decision-makers and the key findings were:77% said that Gmails policy influenced their decision to adopt DMARC.81% said DMARC implementation met their expectations in reducing spam and phishing emails.87% supported expanding authentication requirements beyond bulk senders to further reduce phishing and spam risks.The percentage of professionals who felt very confident in their organizations ability to combat phishing attacks rose by nine points in the past year, from 27% to 36%.Google has set a strong precedent with the Gmail security update, proving that such influential email providers can improve best practices through sensible, iterative protocol improvements. We must now as an industry convince businesses of their importance and ability to improve cybersecurity resilience, Gerasim Hovhannisyan, CEO at EasyDMARC, said.