Users of mass email services such as Gmass, Woodpecker, Lemlist and others, that have been using Gmail’s API to send bulk email that tricked recipients into thinking that they were receiving personal one-to-one emails, have been put on notice today by Google: “Applications that use multiple accounts to abuse Google policies, bypass Gmail account limitation, circumvent filters and spam, or otherwise subvert restrictions are prohibited from accessing Gmail API scopes.”
Of course, respected deliverability services have said all along that these services are little more than spam-enabling services that have been using a technical loophole in order to abuse Google’s Gmail API, making it appear that bulk email is actually personalized one-to-one email. And those services absolutely knew that what they were doing was wrong, but they didn’t care because hey, it was their users who were going to get in trouble with Google, not them. Until now. Now Google has closed that Gmail loophole.
Gmail Mass Email Services Have Always Violated Google’s Policies
For those not familiar, the way these Gmail mass email services work is that you sign up for their bulk sending service, and you give them your Gmail account information, and then they send out your bulk email through the Gmail API using your Gmail account, making it look as if you had sent the email, one at a time.
Some of the services were more up front than others about the fact that what they were doing was actually causing a violation of Gmail’s policies; Woodpecker, for example, says on their site that “If you exceed the sending limits (eg. 100 emails for free Gmail accounts when using automated tools, like Woodpecker) or send emails containing spam words your email provider will send us a server notification that your mailbox was suspended (usually for 24 hours).”
The Gmail Mass Email Services Also Cause Customers to Violate Federal Law
In addition to these services violating Google Gmail’s policies, they also caused their customers to violate Federal law. By disguising their bulk email sends as 1:1 sends, they omitted including either an opt-out link (required by the Federal CAN-SPAM Act) or a physical mailing address (ditto). But again, they didn’t care, because it wasn’t them or their email account on the line.
Google’s Email to the Gmail Mass Email Services
Here is the notice that Gmail sent to Gmail API users today:
Time sensitive: compliance with Gmail API services user data policy
We found during a compliance audit that your project ID is in violation of the Gmail API services user data policy:
Applications that use multiple accounts to abuse Google policies, bypass Gmail account limitation, circumvent filters and spam, or otherwise subvert restrictions are prohibited from accessing Gmail API scopes.
To maintain access to the Gmail API, you must disable the email warming feature by February 13, 2023. If you are unable to remedy these violations, your access to the Gmail API will be revoked.
To ensure that user messages are not flagged as spam, we recommend your users instead set up SPF, DKIM, and DMARC email standards for Gmail by following these instructions. (link)
For more information, refer to the following sources:
OAuth Application Verification FAQ
Google APIs Terms of Service
Gmail API Services User Data Policy
Google API Services ser Data Policy
Thank you for your patience. If you have any other questions, reply directly to this email. Note that any new email sent to ap************************@go****.com won’t go to our team.