Google Postmaster Tools


Earlier this month Google announced a new set of tools for senders at their Postmaster Tools site. To get into the site you need to login to Google, but they also have a handy support page that doesn’t require a login for folks who want to see what the page is about.
We did register, but don’t send enough mail to get any data back from Google. However, the nice folks at SendGrid were kind enough to share their experiences with me and show me what the site looked like with real data, when I spoke at their recent customer meeting.
Who can register?
Anyone can register for Google Postmaster tools. All you need is the domain authenticated by DKIM (the d= value) or by SPF (the Return Path value).
Who can see data?
Google is only sharing data with trusted domains and only if a minimum volume is sent from those domains. They don’t describe what a trusted domain is, but I expect the criteria include a domain with some history (no brand new domains) and a reasonable track record (some or all of the mail is good).
For ESPs who want to monitor all the mail they send, every mail needs to be signed with a common d= domain. Individual customers that want their own d= can do so. These customers can register for their own access to just their mail.
ESPs that want to do this need to sign with the common key first, and then with the customer’s more selective key.
How does it work?
Google collects data from DKIM and/or SPF authenticated mail, aggregates it and presents it to a Google user that has authenticated the domain.
How do I authenticate?

  1. Go to
  2. On the bottom-right, click the + button.
  3. In the box that pops up, enter your authentication domain.
  4. Next, prove that you own the domain by adding a DNS TXT or a DNS CNAME record.

We recommend adding a CNAME record, rather than TXT records for the purposes of authentication.
Our authentication looks like this:

$ dig
;; AUTHORITY SECTION: 59 IN SOA 99514096 900 900 1800 60

What data is there?
Google provides a number of different dashboards, which they describe in detail on the FAQ page.

  • Spam Rate
  • Domain & IP Reputation
  • Feedback Loop
  • Authentication
  • Encryption
  • Delivery Errors

For most senders the Spam Rate, and Domain & IP Reputation dashboards are going to be the most useful. Authentication and Encryption will be useful for troubleshooting. Delivery Errors is useful, but duplicates information already in sending log files.
Spam Rate
This lets users see how many of their recipients who received the email in their inbox hit the “this is spam” button. This not only gives you an idea of complaints, it can also tell you how much of your mail is making it to the inbox.
Domain & IP Reputation
This shows the reputation of domains and IPs. Google ranks them as Bad, Low, Medium and High. There is a limit to the number of IPs that will be shared and so ESPs with large numbers of IPs may discover that limit. Google will always provide the full list of Bad and Low IPs, so if an IP is not listed, it has either a Medium or High reputation.
Feedback Loop
This information only shows up for senders who have an active FBL with Google.
Overall, I think the Google Postmaster tools will be extremely useful for senders and ESPs who want to understand what’s happening at Gmail. There are some limitations of the current set. One of the big ones is you’re stuck with Google’s reporting, and there’s no way to download the data through an API. Another issue is that it’s all based on DKIM, and if Provider A uses Provider B as a white label ESP for Customers X, Y and Z, will both Provider A and Provider B have to sign with their shared DKIM keys in order to monitor their customers? Triple DKIM keys aren’t impossible, but there is a processing cost for signing mail.

About the author


This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Data from my postmaster account:
    Spam Rate: almost always 0, sometimes goes to 0.1%, no details.
    IP Reputation: mostly High, some Medium: vary on each day. Clicking on a bar will show the list of IPs in that segment under the chart.
    Domain Reputation: Fixed “High”, no other details.
    Feedback Loop: empty, even if I followed the Feedback-ID implementation guideline:
    Authentication: 100% for SPF and DKIM, 0% for DMARC (we don’t use it) fixed, no other detail
    Encryption: 0% fixed (we tried StartTLS in past but found many problematic receivers, so we reverted to plain). No details.
    Delivery Errors: 0% fixed, no details.
    I tried using their feedback tool to “argue” about the Feedback Loop pages being documented but forgetting to tell that it is an “invite only” thing: no reply.

  • When you say that to monitor mail, ESPs will need to sign with the common key first followed by the customer’s own key – does this mean the order they appear in the email header is important?
    I’m currently dual signing for certain customers, with the raw output showing the common signature right above the dedicated one…. that’s right?

  • The order is important to avoid the “via” issues. Based on what SendGrid told me, you need to sign with the common key first and the dedicated key second, meaning that when you’re reading the headers from top to bottom the dedicated key is first and the common key is second.

  • This is simply matter of users action as per campaign. We were getting IP as bad but our emails were going into Inbox or promotion tab.
    There are two things that you should keep in mind.
    1. Build reputation of email address. For example: if you are sending for and then you have switched to then obviously, inbox rate. Domain and reputation will get effected. When you switch email address then warm up your email before sending bulk emails to unconfirmed subscribers. Also send to only those that you know will mark your email as not-spam.
    2. We have checked that our first email campaigns were going into spam even for confirmed subscribers so we have change talked to our InboxDime guys and they have told us that your content has poor spam score. You have to keep an eye on your email content and html templates code and check, your spam score before processing campaign.
    We have improved our content spam score and use lightweight, more text with less images HTML template and it works and give us good results. At least mails are going into inbox or promotion tab instead of spam/junk.
    After doing all these things, I had to create another support ticket at InboxDime and they had told me that reputation will also improve with increase in sending of mail and users actions.
    So I have concluded that either your emails are signed or not, it will not effect as users are marking your emails as Non-Spam and google gather and count such stats to process emails into inbox.

  • Hello,
    Please, i want to know if there is an API to retrieve post master tools data automatically, so i can incorporate it into my abuse management system, thank you.

  • How many mails should any one sebd so they can see the report ? I send 2000 Emil’s till now but still all my dashboard section is empty .I checked for dkim and all other things they are fine but still getting nothing in dashboard .I am using AWS SES to send emails is it supported by Google ?

By laura

Recent Posts


Follow Us