SMTP rejections are up: One reason why might surprise you!
Ouch, what a click-baitey headline. But let’s run with it, because it comes from an honest place. As I mentioned here and elsewhere, I recently teamed up with Scott Ziegler from Valimail for a webinar digging into SMTP rejection data provided by Google starting in July/August 2025, and what we saw from this data going into Black Friday and Cyber Monday.
There was quite a large number of SMTP rejections in the data. Some of it for the usual reasons: spam/reputation, failing SPF or DKIM, etc. etc. But wait, there’s more! What really jumped out at us was how much legitimate mail is getting blocked for basic infrastructure problems. Not sketchy behavior. Not shady lists. Just a straight up DNS misconfiguration, that nobody’s monitoring for.
What Changed This Time
Google and Microsoft did not invent new sender requirements out of nowhere. Most of these mandates have existed – in some form or another – for years. What’s new is enforcement. Blocking of non-compliant messages. During the 2025 holiday season, both providers turned the dial way up. Messages that might have limped through before are now getting deferred or rejected outright.
And on top of that, as I opened with, Google also started including SMTP rejection data in DMARC aggregate reports. That gives us visibility we never had before. Previously SMTP rejection data was only available to the MTA (mail server) logs of the email send platform, the ESP, CRM or marketing automation tool. (And how much this was surfaced, and how it was surfaced, to customers of those platforms, varies greatly.) If you’re a data nerd, or if you’re a bounce nerd, this is interesting and useful stuff. Scott started to poke around and look for trends, and he found them, and shared it with me, so we could share it with you.
The Big Thing: Broken DNS Everywhere
The largest single driver of rejections was infrastructure. In particular, sending IPs with broken or missing PTR records. Mail coming from IPs with no reverse DNS, or reverse DNS that does not map cleanly, is getting hammered. Gmail alone rejected tens of millions of messages for this reason in a matter of weeks.
This is table stakes stuff. Or should be. Having proper forward/reverse DNS for your mail server sending IPs is like making sure your car has proper front/rear license plates. And yet, we saw case after case where otherwise reputable senders lost inbox access simply because nobody noticed DNS had broken over time or never got set correctly in the first place.
DNS is too often treated like a one time task in the process: Set up SPF. Set up DKIM. Publish DMARC. Check the box. Move on. Never look back. But things change. Brand names change. Domain names change. If there’s a checklist step that says “check to make sure forward/reverse DNS is working for all of our server IPs,” then people are skipping over it.
And in the past, this was less of an issue. Again, with Google heightening enforcement, this particular DNS problem for sure causes bounces today, when it might not have in years past.
Why You Should Watch the Webinar
If you want to see real data, real charts, and real examples of how this is playing out, the webinar is worth your time. As I’m so fond of saying, it’s niche, it’s nerdy, but if you care about email marketing inbox success and properly configured DNS, you should join us for the nerd party.
Scott shares product level insight into what Google is surfacing and why, and I help put it in a deliverability context. We covered:
Why SMTP rejections spiked going into the holidays
How Google is using DMARC reports to expose delivery failures
Why PTR and reverse DNS failures exploded
What deferrals are really telling you before rejections hit
How legitimate senders get caught when nobody is monitoring infrastructure
Scott and I, we’ll both tell anyone who will listen, how important it is for bulk email senders to have DMARC implemented. But it’s also important to remember that it’s NOT JUST about passing DMARC. Mailbox providers are checking much more beyond that. Alignment matters. TLS matters. RFC compliance matters. Infrastructure configuration matters. Engagement and list hygiene matters, too. But it doesn’t stand alone.
DMARC still matters a lot. It just is not the end of the conversation.
Ouch, what a click-baitey headline. But let’s run with it, because it comes from an honest place. As I mentioned here and elsewhere, I recently teamed up with Scott Ziegler from Valimail for a webinar digging into SMTP rejection data provided by Google starting in July/August 2025, and what we saw from this data going into Black Friday and Cyber Monday.
There was quite a large number of SMTP rejections in the data. Some of it for the usual reasons: spam/reputation, failing SPF or DKIM, etc. etc. But wait, there’s more! What really jumped out at us was how much legitimate mail is getting blocked for basic infrastructure problems. Not sketchy behavior. Not shady lists. Just a straight up DNS misconfiguration, that nobody’s monitoring for.
What Changed This Time
Google and Microsoft did not invent new sender requirements out of nowhere. Most of these mandates have existed – in some form or another – for years. What’s new is enforcement. Blocking of non-compliant messages. During the 2025 holiday season, both providers turned the dial way up. Messages that might have limped through before are now getting deferred or rejected outright.And on top of that, as I opened with, Google also started including SMTP rejection data in DMARC aggregate reports. That gives us visibility we never had before. Previously SMTP rejection data was only available to the MTA (mail server) logs of the email send platform, the ESP, CRM or marketing automation tool. (And how much this was surfaced, and how it was surfaced, to customers of those platforms, varies greatly.) If you’re a data nerd, or if you’re a bounce nerd, this is interesting and useful stuff. Scott started to poke around and look for trends, and he found them, and shared it with me, so we could share it with you.
The Big Thing: Broken DNS Everywhere
The largest single driver of rejections was infrastructure. In particular, sending IPs with broken or missing PTR records. Mail coming from IPs with no reverse DNS, or reverse DNS that does not map cleanly, is getting hammered. Gmail alone rejected tens of millions of messages for this reason in a matter of weeks.This is table stakes stuff. Or should be. Having proper forward/reverse DNS for your mail server sending IPs is like making sure your car has proper front/rear license plates. And yet, we saw case after case where otherwise reputable senders lost inbox access simply because nobody noticed DNS had broken over time or never got set correctly in the first place.
DNS is too often treated like a one time task in the process: Set up SPF. Set up DKIM. Publish DMARC. Check the box. Move on. Never look back. But things change. Brand names change. Domain names change. If there’s a checklist step that says “check to make sure forward/reverse DNS is working for all of our server IPs,” then people are skipping over it.
And in the past, this was less of an issue. Again, with Google heightening enforcement, this particular DNS problem for sure causes bounces today, when it might not have in years past.
Why You Should Watch the Webinar
If you want to see real data, real charts, and real examples of how this is playing out, the webinar is worth your time. As I’m so fond of saying, it’s niche, it’s nerdy, but if you care about email marketing inbox success and properly configured DNS, you should join us for the nerd party.Scott shares product level insight into what Google is surfacing and why, and I help put it in a deliverability context. We covered:
- Why SMTP rejections spiked going into the holidays
- How Google is using DMARC reports to expose delivery failures
- Why PTR and reverse DNS failures exploded
- What deferrals are really telling you before rejections hit
- How legitimate senders get caught when nobody is monitoring infrastructure
Find the recording here on Youtube or embedded above.DMARC Is the Starting Line, Not the Finish Line
Scott and I, we’ll both tell anyone who will listen, how important it is for bulk email senders to have DMARC implemented. But it’s also important to remember that it’s NOT JUST about passing DMARC. Mailbox providers are checking much more beyond that. Alignment matters. TLS matters. RFC compliance matters. Infrastructure configuration matters. Engagement and list hygiene matters, too. But it doesn’t stand alone.DMARC still matters a lot. It just is not the end of the conversation.
Comments
Post a Comment
Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.