If you ship an AI agent that sends email, the deliverability rules you learned in 2023 are gone. In November 2025, Gmail flipped from soft-filtering unauthenticated mail to rejecting it at the SMTP envelope. The 2024 Yahoo and Google bulk-sender requirements — DMARC alignment, ARC for forwarders, RFC 8058 one-click List-Unsubscribe, a 0.3% complaint rate ceiling — were narrowed to senders above 5,000 messages per day when they launched. In 2026 they are universal. Microsoft followed in May 2025, and Apple's iCloud Mail now enforces a comparable policy on inbound. Valimail's enforcement timeline and PowerDMARC's analysis walk through the SMTP-level reject codes operators are now seeing.
For human-driven email, the rules are an annoyance: configure DMARC once and move on. For AI agents — which send at machine speed, do not notice soft failures, and pool reputation across every customer that shares your infrastructure — these changes are existential. This guide covers what actually changed, why AI-agent email is uniquely exposed, how we recommend setting up authentication for an agent inbox in 2026, and where the major agent-email vendors land on each requirement.
What Actually Changed in Late 2025
Gmail moved enforcement up the pipeline. Before November 2025, messages that failed SPF or DKIM alignment with the From domain were delivered to the spam folder. The sender saw a successful 250 response from Gmail's MX, and only the recipient saw the problem. As of November 2025, the same messages get a 550 SMTP rejection at the envelope — before any content is transferred — and the sender's mail server sees a hard bounce. The cosmetic difference is large. A 550 bounce trips bounce-handling logic, deactivates list entries in well-behaved senders, and triggers alerts in monitoring tools. A spam-foldered message does none of those things.
The other 2024 bulk-sender rules followed the same pattern of universalization through 2025 and 2026:
- DMARC alignment is now required on every sender. The minimum acceptable policy is
p=nonewith a validrua=reporting address. Gmail Postmaster Tools warns senders without aligned DMARC and degrades reputation. - ARC (Authenticated Received Chain) is required for forwarders and mailing lists. Without ARC headers, forwarded messages that originally passed authentication fail at the next hop.
- RFC 8058 one-click List-Unsubscribe headers are required on any commercial or transactional message that is not a strict 1:1 reply. The header pair is
List-UnsubscribeandList-Unsubscribe-Post: List-Unsubscribe=One-Click. - Complaint rate ceiling of 0.3% measured in Postmaster Tools. Sustained complaint rates above 0.1% begin to suppress deliverability silently.
WP Mail SMTP's 2026 bulk sender guide and Chronos's sender requirements explainer have the most up-to-date threshold numbers we have seen published.
Why AI Agents Are Uniquely Exposed
An AI agent inherits every bad property of bulk email and none of the dampening properties of human-driven email. The volume curve is steeper, the feedback loop is slower, and the reputation pool is wider. Here is the practical version of each:
- Agents send at machine speed. A support agent might reply within seconds, twenty-four hours a day. A sales-development agent might send a thousand outreach messages before lunch. ISPs treat sustained high-velocity sending as a signal of bulk behavior, and bulk behavior triggers tighter scrutiny.
- Agents do not notice soft failures. A human who stops getting replies infers something is wrong and changes course. An agent without explicit bounce, complaint, or spam-folder signals keeps sending into the void — and every additional message lowers the sender's score.
- Agents pool reputation across customers. When ten agent-email startups share an IP pool, the worst behavior in the pool drags down delivery for everyone. The "haircut-shopping agent" your competitor is running is now your problem.
- Agents send from domains they often do not control. Hosted agent platforms hand out subdomains like
*.agentmail.toby default. Reputation accrues to the parent domain, which means an agent's deliverability depends on the parent's worst tenant.
None of these properties are unfixable. They just mean the default — sign up, get a shared address, start sending — is structurally worse for agents than it is for humans, and the gap widened in 2025.
Does Gmail Filter "AI-Generated" Email?
No. Gmail filters behavior, not vibes. We have not seen credible evidence — and neither has Mailbird's 2026 analysis of spam filter heuristics — that Gmail or any major provider scores messages on whether the prose looks LLM-written. What looks like "AI detection" is almost always a behavioral signal that correlates with AI-driven sending: high volume from a new domain, low engagement on outbound, mismatched DKIM d= domain, missing List-Unsubscribe, complaint rates above 0.1%.
Operators routinely report that the same agent — same prompt, same model, same content — lands in the inbox from one sending stack and in spam from another. That is an authentication and reputation gap, not a content gap. The corollary is good news for agent developers: you do not need to make your prose sound human. You need to make your sending look like a well-behaved transactional sender.
The Three Records Every Agent Inbox Needs
Authentication for an agent inbox is the same three records as any other sender — SPF, DKIM, DMARC — published as DNS TXT records on the sending domain. The wrinkle is that an agent inbox is often spun up programmatically on a per-customer basis, which means you need either a parent domain that pre-authenticates every subdomain, or a per-domain provisioning flow that writes records at creation.
# SPF — who is allowed to send for this domain yourdomain.com. IN TXT "v=spf1 include:_spf.deadsimple.email -all" # DKIM — public key matching the private key our MTA signs with ds1._domainkey.yourdomain.com. IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhki..." # DMARC — what to do when SPF and DKIM disagree with the From domain _dmarc.yourdomain.com. IN TXT "v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc@yourdomain.com; aspf=s; adkim=s"
A few choices in that record set are worth defending. -all on SPF (hard fail) rather than ~all (soft fail) is what Gmail's bulk-sender rules increasingly assume. aspf=s and adkim=s on DMARC require strict alignment — the From domain must exactly match the DKIM d= and the SPF return-path domain, not just share an organizational domain. Strict alignment is more work to deploy and is what Yahoo's enforcement now requires for high-volume senders. We deploy strict by default. For a deeper walk-through of what each record actually does, see Email Infrastructure for AI Agents, Explained.
The Subdomain Strategy: Why agents.yourdomain.com Beats *.agentmail.to
Reputation accrues to the domain, not the IP. That has two implications for agent deployments.
First, your agent inbox should send from a subdomain that is dedicated to programmatic mail — agents.yourdomain.com or notifications.yourdomain.com — not from your apex marketing domain. Subdomain isolation keeps your agent's transactional reputation from dragging down your marketing campaigns and vice versa. Google's bulk sender guidelines explicitly recommend this pattern.
Second, your agent inbox should send from your subdomain, not the vendor's. When an agent on the free or developer tier of a hosted platform sends from support@my-company.agentmail.to, every other free-tier customer on AgentMail's sending infrastructure affects your reputation. The vendor's worst tenant decides your inbox placement. Vendors with their own infrastructure and per-customer domain provisioning — including Dead Simple Email — let you operate the agent on a subdomain you own from day one, even on lower-priced plans.
Shared Pools vs Dedicated IPs for Agents
Dedicated IPs are useful when you have enough volume to keep them warm and a tolerance for cold-start ramp-up. Below roughly 10,000 messages per day, a dedicated IP under-performs a well-curated shared pool because ISPs use volume consistency as a reputation signal. Above 10,000 messages per day, a dedicated IP is worth the operational cost because it isolates your reputation from your neighbors.
For most agent workloads — support replies, customer-onboarding emails, password resets, agent-to-human notifications — a shared pool with a well-vetted tenant base is the right choice. The "well-vetted tenant base" qualifier matters more than the shared-versus-dedicated split. A shared pool with 10 reputable senders is better than a dedicated IP for an agent that only sends 200 messages a day.
For agent-email vendors, the practical question is whether dedicated IPs are even available below custom Enterprise pricing.
How the Major Agent Email Stacks Compare on Deliverability
Every vendor in the agent-email category claims "deliverability." Few of them publish what that actually means below the Enterprise tier. Here is what we have been able to verify from public documentation as of June 2026:
| Vendor | Auto SPF/DKIM/DMARC | Custom domain | Dedicated IP | Owns sending infra | Entry price |
|---|---|---|---|---|---|
| Dead Simple Email | Yes, all plans incl. Free | All plans incl. Free | Scale ($99/mo) and up | KumoMTA + Mailcow (ours) | $0 |
| AgentMail | Yes, all plans | Developer ($20/mo) and up | Enterprise only (custom) | Resold backbone | $0 |
| Resend | Yes | All paid plans | Pro ($90/mo) and up | AWS SES backbone | $0 / $20 |
| Gmail / Workspace | Manual setup | Yes, manual | Not offered | $7–8/seat | |
| Self-hosted (Mailcow + KumoMTA) | Manual | Yes, manual | Yes, your IP | You | Server costs + your time |
The two facts worth flagging. AgentMail does not currently publish a dedicated-IP option on its public pricing page below custom Enterprise — confirmed against the AgentMail pricing page on June 1, 2026 — and resells underlying SMTP capacity rather than running its own outbound MTA fleet. Dead Simple Email runs its own KumoMTA cluster (the same MTA stack PayPal and Mailgun use), which is why we can offer dedicated IPs starting at $99/mo. Our cost comparison piece, Email API Cost Comparison for AI Agents in 2026, has the full breakdown across every other feature dimension.
What an Agent-Aware Deliverability Setup Looks Like
If you are starting a new agent inbox today, the order of operations is:
- Pick a subdomain dedicated to programmatic mail —
agents.yourdomain.comis a fine default. Do not send agent mail from your apex marketing domain. - Publish SPF, DKIM, and DMARC at
p=nonewith a workingrua=address. Let aggregate reports run for two weeks while you watch for unexpected senders. - Move DMARC to
p=quarantineonce reports are clean. Watch Postmaster Tools for a week. - Move DMARC to
p=reject. This is the goal state, and where Yahoo's enforcement assumes you are. - Add a List-Unsubscribe header pair to every outbound message that is not a strict 1:1 reply to an incoming thread. RFC 8058 one-click is the standard.
- Instrument bounces and complaints. Every bounced address should be suppressed automatically. Every complaint should pause the relevant agent.
- Send to engaged recipients first. Cold lists tank reputation faster than any single configuration error. Agent-driven outbound to engaged recipients (replies, transactional, opt-in) is what passes Gmail's behavioral filters.
If steps 1 through 4 look like infrastructure work you do not want to own, that is the value proposition of a hosted agent inbox: the vendor handles authentication, you supply the agent and the recipients. The question is which vendor handles steps 5 through 7 well in practice — and which ones leave you alone with a shared pool and a complaints dashboard you cannot see into.
What Dead Simple Email Does on Deliverability
We are operators first, vendors second. The deliverability stack we run for our own customers is the one we wished existed when we were debugging Gmail inbox placement from EC2 instances at 2am.
- Every custom domain ships with SPF, DKIM, and DMARC records generated at provisioning time. You add three DNS records and click verify. We rotate DKIM keys every 12 months and notify before each rotation.
- Free plan inboxes get a pre-authenticated shared subdomain at
*.deadsimple.emailthat already passes alignment against our parent DMARC policy. You can start sending in under five minutes — see Spin Up an AI Agent Email Inbox in Under 5 Minutes. - KumoMTA + Mailcow outbound. We run the same MTA the largest transactional senders use, on hardware we own. No reselling SES, no opaque rate limits, no shared bounce-back queues.
- Dedicated IPs on Scale ($99/mo) and above. AgentMail does not publish a dedicated-IP option below custom Enterprise. We give you one for $99/mo on the Scale plan, with automated warm-up.
- Per-inbox suppression lists and bounce processing. Agents that try to send to a previously bounced address get a 4xx response from our API instead of silently destroying the parent domain's reputation.
- Postmaster-grade monitoring. We pull Gmail and Microsoft postmaster data on every customer domain and surface complaint rate, authentication pass rate, and reputation score in the dashboard.
Frequently Asked Questions
Does Gmail block AI-generated email?
Gmail does not filter mail based on whether it looks AI-written. It filters based on authentication (SPF, DKIM, DMARC), sender reputation, and recipient complaint rate. An agent that authenticates correctly, sends to engaged recipients, and stays under a 0.3% complaint rate will land in the inbox. An agent that fails DMARC alignment or blasts cold lists will land in spam — or, since November 2025, get rejected at the SMTP envelope.
What changed for email deliverability in late 2025?
Gmail moved from soft-filtering unauthenticated mail to hard SMTP rejection in November 2025. Messages that fail SPF and DKIM alignment now bounce with a 550 error instead of landing in spam. The 2024 bulk sender rules became universal across all senders rather than only senders above 5,000 messages per day.
Do AI agents need their own dedicated IP address?
Most agent workloads under 10,000 messages per day perform best on a well-warmed shared pool. Above that volume, dedicated IPs become valuable for reputation isolation. Dead Simple Email offers dedicated IPs on Scale ($99/mo) and above; AgentMail does not publish a dedicated-IP option below custom Enterprise.
How do I set up DMARC for an AI agent inbox?
Publish three DNS records: SPF, DKIM, and DMARC at _dmarc.yourdomain.com. Start with p=none for two weeks while collecting reports, then move to p=quarantine, then p=reject. Dead Simple Email generates all three records for any custom domain on every plan, including Free.
What complaint rate gets an AI agent's email blocked?
Gmail's documented threshold is 0.3% in Postmaster Tools. Sustained rates above 0.1% start to suppress deliverability. Agents that reply to existing threads almost never breach this; agents that initiate cold outbound at volume frequently do.
The Bottom Line
The 2025 deliverability changes were not aimed at AI agents specifically, but they hit agent-email products harder than anyone else. The default agent setup — shared subdomain, shared sending pool, opaque reputation — is exactly the shape Gmail's new enforcement targets. Surviving the new regime means owning your subdomain, owning your reputation, and partnering with a vendor that owns its outbound infrastructure rather than reselling someone else's.
Dead Simple Email was built that way from day one. Start free, point a subdomain at us, and we will hand you the authentication records your agent needs to land in the inbox in 2026.