If you have noticed your business emails landing in the junk folder or, worse, not arriving at all, you are not alone. As we move through 2026, the goalposts for email deliverability have shifted once again. Google and Microsoft, the two giants that power the vast majority of business and personal inboxes, have introduced stricter rules to combat spam and phishing.
For small and medium-sized businesses across Devon, Cornwall, and the rest of the UK, these changes are no longer optional "best practices" – they are now hard requirements. Whether you are sending a handful of invoices or a weekly newsletter to hundreds of customers, failing to meet these standards could see your primary communication tool crippled.
At ABC Service, we believe in keeping our local partners ahead of the curve. We have seen first-hand how a sudden "block" on an email domain can halt a business in its tracks. In this guide, we will break down exactly what has changed in 2026 and what you need to do to ensure your messages keep reaching your clients’ inboxes.
The 5,000 Emails Per Day Threshold and Why it Still Matters to You
One of the most talked-about changes is the strict enforcement for "bulk senders," defined by Google and Microsoft as anyone sending more than 5,000 messages a day. While many small local businesses might think, "I don't send anywhere near that many," it is important to understand how these thresholds work in 2026.
Google now calculates this threshold across your entire domain. This means that if your marketing team sends a blast to 4,000 people and your office staff send another 1,000 personal emails or automated invoices in the same 24-hour period, you have hit the limit. Once you are flagged as a bulk sender, you are often permanently held to a higher standard of authentication.
Even if you send far fewer than 5,000 emails, these rules are becoming the "new normal" for everyone. Google and Microsoft are increasingly using the same authentication signals to judge the reputation of all senders. If you don't have the right digital "passports" in place, your emails are far more likely to be treated with suspicion.
Understanding the Three Pillars of Email Authentication
To stay on the right side of the 2026 updates, there are three technical acronyms every business owner should know. You don't need to be a coding wizard to understand them, but you do need to ensure they are configured correctly on your domain.
SPF – The Authorised Guest List
Think of SPF (Sender Policy Framework) as a guest list for your email domain. It is a simple text record in your domain’s DNS (Domain Name System) settings that tells the world which servers are allowed to send mail on your behalf.
If you use Microsoft 365, Google Workspace, and perhaps a service like Mailchimp for your newsletters, all three need to be on that list. If an email arrives claiming to be from you but it’s sent from a server not on your SPF list, the receiving inbox will likely flag it as spam.
DKIM – The Digital Signature
DKIM (DomainKeys Identified Mail) adds a digital "tamper-evident" seal to your emails. It uses a pair of cryptographic keys to sign every message you send. This proves to the recipient's server that the email really did come from your domain and hasn't been altered by a hacker while in transit. In 2026, Microsoft and Google are looking for stronger 2048-bit encryption keys as the standard, making it harder for cybercriminals to forge your identity.
DMARC – The Security Guard
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is the clever part that ties everything together. It tells the receiving server what to do if the SPF or DKIM checks fail.
In the past, many businesses left their DMARC policy on "none," which essentially told servers, "If the email looks fake, let it through anyway but let me know." In 2026, this is no longer sufficient for bulk senders, and even small senders are encouraged to move toward "quarantine" or "reject" policies. This ensures that if someone tries to impersonate your business, their fake emails are blocked before they can do any damage to your reputation.
Easy Unsubscribe and Valid From Addresses
The 2026 rules aren't just about technical code in the background; they are also about how you interact with your recipients. Google and Microsoft are putting a massive emphasis on user experience and transparency.
One-Click Unsubscribe
For any marketing or "list" style emails, you must now support a "one-click" unsubscribe. This isn't just a link in the footer that takes you to a webpage where you have to log in or confirm your email address again. It is a technical header in the email itself that allows the user's email client (like Outlook or Gmail) to show an "Unsubscribe" button right at the top of the window. If you make it hard for people to leave your list, the big providers will simply start sending all your mail to the spam folder.
Professional From and Reply-To Addresses
Gone are the days when a small business could reliably send professional mail from a @gmail.com or @outlook.com address. In 2026, both platforms are cracking down on "impersonation." If you are a business, you should be using your own domain (e.g., [email protected]).
Furthermore, your "From" address must be valid and monitored. If you send from a "no-reply" address that bounces when a customer tries to contact you, your sender reputation will take a hit. Microsoft, in particular, is using engagement levels – how often people open, reply to, or move your emails – as a key factor in deciding whether you are a "good" sender.
Why This is Great News for Responsible Businesses
While these technical hurdles might feel like a headache, they are actually a fantastic development for honest local businesses. By forcing everyone to authenticate their emails, Google and Microsoft are making it much harder for scammers to "spoof" your brand.
When you take the time to set up your SPF, DKIM, and DMARC correctly, you are essentially telling the world that you are a responsible, verified organisation. This builds trust with your customers and ensures your important communications – like quotes, invoices, and project updates – actually get read. It also aligns perfectly with broader security standards, such as Cyber Essentials, which we highly recommend for any UK business looking to prove their commitment to data security.
How ABC Service Can Support Your IT Infrastructure
We know that talking about DNS records and cryptographic keys isn't everyone's cup of tea. For many business owners in Tavistock, Plymouth, and beyond, you just want your email to "just work."
That is where we come in. As a recognised Microsoft Partner, our team of specialists understands the nuances of these 2026 updates. We don't just "tick a box"; we look at your entire IT infrastructure to ensure your email hosting is secure, your domains are properly authenticated, and your sender reputation is protected.
Whether you are struggling with emails going to spam or you want a proactive audit of your web hosting and email setup, we are here to help. We pride ourselves on being a local partner you can actually talk to – no faceless call centres, just honest, expert advice to keep your business running smoothly.
Frequently Asked Questions Regarding the 2026 Email Changes
What happens if I don't implement DMARC?
If you send a significant volume of mail, your messages may be rejected or delayed. For smaller senders, your "spam score" will gradually increase, making it harder for your emails to reach the primary inbox.
Does this apply to my personal email?
The 5,000-per-day rule specifically targets those sending to Gmail and Outlook consumer accounts. However, the authentication standards (SPF/DKIM) are becoming standard for all business-to-business (B2B) communication as well.
How do I check if my domain is compliant?
There are various free tools online that can "scan" your domain for SPF and DKIM records. Alternatively, you can book a consultation with us, and we can provide a full report on your current email health.
Is "one-click unsubscribe" required for invoices?
No. These rules generally apply to marketing or promotional content. Transactional emails (like invoices or password resets) do not require an unsubscribe link, though they still must pass authentication checks.
Summary and Key Takeaways
The 2026 email landscape is all about authenticity and trust. By following these new rules, you aren't just jumping through hoops for Google and Microsoft; you are protecting your business’s most vital communication channel.
- Check your authentication – Ensure SPF, DKIM (2048-bit), and DMARC records are active.
- Monitor your volume – If you approach the 5,000/day mark, you must be fully compliant or risk a total block.
- Simplify the exit – Use one-click unsubscribe for all marketing mail.
- Use your own domain – Move away from generic
@gmail.comaddresses for business use. - Seek expert help – If the technical side feels overwhelming, partner with a local IT specialist who can manage the transition for you.
Keeping your tech running smoothly is what we do best at ABC Service. If you are worried about your email deliverability or need a hand navigating these changes, don't hesitate to reach out to our team in Tavistock.