If you send a large volume of emails to Gmail users, you can use Postmaster Tools to see:
- If users are marking your emails as spam
- Whether you’re following Gmail's best practices
- Why your emails might not be delivered
- If your emails are being sent securely
An authentication domain is either the DKIM (d=) or SPF domain (Return-Path domain) that is used to authenticate your email. You can find it in the ‘Authentication Results’ header of an email that has successfully passed authentication (and was delivered to a Gmail mailbox).
For example, in the sample Authentication Results header below, domain.com is the 'Authentication Domain.':
spf=pass (google.com: domain of firstname.lastname@example.org designates 18.104.22.168 as permitted sender)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=12345; d=domain.com;
Postmaster Tools uses your authentication domain to uniquely identify your email traffic and provide access to your traffic analytics.
Tip: Authentication domain can be either the domain-name or the sub-domain. If it’s a domain-name, the data will show the traffic aggregated over any and all sub-domains of that domain-name, plus any traffic corresponding to the (exact) domain-name match. You can also independently add multiple sub-domains and view data about each of them separately.
- Go to postmaster.google.com.
- On the bottom-right, click the + button.
- In the box that pops up, enter your authentication domain.
- Next, prove that you own the domain by adding a DNS TXT or a DNS CNAME record.
- Each account needs a separate DNS verification record, and you won’t be able to see your traffic analytics until you complete this step (although you can skip the step and add this later).
- Hover over the domain you want to remove from the Dashboard.
- Click the drop-down menu that appears to the right of the domain.
- Click Delete.
- Deletion removes the domain, but doesn’t un-verify it (so you can easily add it back if you want without going through the verification process again). If you want to un-verify the domain, remove the corresponding domain verification record from your DNS. Even after the domain verification record has been removed, it might take up to a month before the domain gets fully unverified.
Dashboards show only traffic that passed SPF or DKIM (except for the Outbound TLS graph).Spam rate dashboard
This dashboard shows the volume of user-report spam vs. email that was sent to the inbox. Only emails authenticated by DKIM are eligible for spam rate calculation.
Domain and IP reputation gives a sense of whether the Gmail spam filter might mark emails from that Domain or IP as spam or not. Keep in mind that spam filtering is based on thousands of signals, and that Domain & IP reputation are just two of them.
The definition of spam in the section below includes mail detected as spam by Gmail’s Spam filter, and mail reported by users as Spam.
- Bad — A history of sending an enormously high volume of spam. Mail coming from this entity will almost always be rejected at SMTP or marked as spam.
- Low - Known to send a considerable volume of spam regularly, and mail from this sender will likely be marked as spam.
- Medium/Fair — Known to send good mail, but is prone to sending a low volume of spam intermittently. Most of the email from this entity will have a fair deliverability rate, except when there is a notable increase in spam levels.
- High — Has a good track record of a very low spam rate, and complies with Gmail's sender guidelines. Mail will rarely be marked by the spam filter.
This dashboard only shows up for senders who’ve implemented the Gmail Spam Feedback Loop (FBL). Click any data point on the graph to see a table with the identifiers flagged by FBL and their corresponding spam rates.
This dashboard has two distinct graphs:
- Average FBL Spam Rate Graph — Shows average spam rate across all identifiers flagged by FBL, on a given day (when applicable) over time.
- Identifier Volume Graph — Shows the number of unique identifiers flagged by FBL per day (when applicable) over time.
Shows traffic that passed SPF, DKIM & DMARC, over all received traffic that attempted authentication.
- SPF Graph — Shows percentage of mail that passed SPF vs all mail from that domain, that attempted spf (ie. excludes any spoofed mail).
- DKIM Graph — Shows percentage of mail that passed DKIM vs all mail from that domain, that attempted DKIM (ie. excludes any spoofed mail).
- DMARC Graph — Shows percentage of mail that passed DMARC alignment vs all mail received from the domain, that passed either of SPF or DKIM.
Shows TLS encrypted traffic vs. all mail received from that domain, and consists of two distinct graphs within the same dashboard.
- TLS Inbound — Shows percentage of incoming mail (to Gmail), that passed TLS vs all mail received from that domain.
- TLS Outbound — Shows percentage of outgoing mail (from Gmail), that was accepted over TLS vs all mail sent to that domain.
Shows rejected/temp-failed traffic vs all authenticated traffic coming from that domain, within a single graph. Typically messages are rejected or temp-failed with the SMTP error codes 550 or 421 respectively. Click a data point to see a table with the reason behind why the traffic was rejected or temp-failed.
How to interpret Delivery Errors
- Rate limit exceeded: The Domain or IP is sending traffic at a suspiciously high rate, due to which temporary rate limits have been imposed. The limit will be lifted when Gmail is confident enough of the nature of the traffic.
- Suspected spam: The traffic is suspected to be spam, by our systems, for various reasons
- Email content is possibly spammy: The traffic is suspected to be spammy, specific to the content
- Bad or unsupported attachment: Traffic contains attachments not supported by Gmail
- DMARC policy of the sender domain: The sender domain has set up a DMARC rejection policy
- Sending IP has low reputation: The IP reputation of the sending IP is very low
- Sending domain has low reputation: The Domain reputation of the sending domain is very low
- IP is in one or more public RBLs: The IP is listed in one or more public Real-time Blackhole Lists. Work with the RBL to get your IP delisted.
- Domain is in one or more public RBLs: The Domain is listed in one or more public Real-time Blackhole Lists. Work with the RBL to get your domain delisted.
- Bad or missing PTR record: The sending IP is missing a PTR record.
Share your Postmasters Tools data
If you own a verified domain on Postmaster Tools, you can share access to your data.
As a domain owner, you can add or remove anyone who isn’t also an owner from your domain. If you want to remove someone from your domain who is an owner, however, you’ll need to remove their domain verification record in the DNS.
If an owner deletes or loses access to a domain, everyone they added will also lose access.
Add Google Accounts
- On your computer, sign in to Postmaster Tools.
- Point your cursor to one of your verified domains.
- To the right of the domain, click More .
- Click Manage Users.
- At the bottom-right, click Add +.
- In the pop-up, enter the email address of the Google account you want to access your domain's Postmaster Tools data.
When you give someone access, be sure to let them know. There’s no automatic notification.