Checklist: What to Test Before Moving Your Business Email From Gmail to Hosted Mail

Ready to leave Gmail? A practical pre-migration checklist that prevents downtime, lost mail and deliverability disasters

Moving your business email off Gmail is increasingly common in 2026 — from privacy-driven decisions after Google's January updates to cost, control and compliance reasons. But switching mail providers is deceptively risky: DNS mistakes, missing authentication, or unprepared clients can pause communication for hours or days. This checklist gives you the exact DNS, SPF/DKIM/DMARC, MX, client, archival and deliverability checks to run before you flip the switch.

Why this matters now (2026 trends)

In late 2025 and early 2026, two trends accelerated email migrations:

• Privacy and platform shifts: Major mail platforms introduced new AI integrations and data access models that made some organizations re-evaluate hosted inboxes and central account identities. If privacy and policy actions are part of your reason to move, see recent regulatory updates that influenced migrations.
• Stricter deliverability signals: Advanced authentication (BIMI, MTA-STS, TLS reporting) and AI spam scoring mean unauthenticated or misconfigured domains see sharp deliverability drops. For resilience planning and platform-outage playbooks, consult a platform outage playbook.

Top-line pre-migration priorities (inverted pyramid)

1. Confirm mailbox provisioning and credentials at the new host.
2. Prepare DNS (MX + SPF + DKIM + DMARC) with low TTLs and test records.
3. Migrate archives and contacts safely (no data loss).
4. Update client and application SMTP/IMAP settings.
5. Run deliverability and blacklist tests before and after cutover.

Checklist: DNS and MX records

DNS errors are the most common cause of failed migrations. Do these first.

1. Verify control: Ensure you have access to the domain registrar or DNS host and can edit records and change TTLs. Confirm two-factor authentication (2FA) and a recovery admin account exist.
2. Create MX records for the new host, but don't delete old ones yet.
   • Ask your provider for exact MX hostnames and priorities.
   • Add new MX records alongside existing Gmail MXs so incoming mail can be delivered to either service during the test window.
   • Example check: run dig +short MX yourdomain.com or nslookup -type=MX yourdomain.com.
3. Lower DNS TTLs before cutover.
   • Set MX and relevant TXT TTLs to 300 seconds (5 minutes) 24–48 hours before migration. This reduces propagation time and makes rollback faster.
4. Plan a cutover window and rollback plan.
   • Choose a low-traffic time. Document steps and expected time to rollback (usually reintroducing old MXs and waiting for TTL to expire). If you need guidance on incident playbooks or rollback sequencing, a platform outage playbook can be adapted to migration rollbacks.

Checklist: SPF (Sender Policy Framework)

SPF prevents spoofed senders but must be correct for outbound deliverability.

1. Get the exact SPF string from the new provider. Common formats look like: v=spf1 include:mail.hostexample.com -all.
2. Respect the 10 DNS lookup limit.
   • If you include multiple providers (marketing tools, CRMs), you may exceed limit and break SPF. Use flattening or a dedicated outbound service to avoid includes.
3. Set a soft policy first.
   • Use ~all (soft fail) while testing. Move to -all (hard fail) only after confirming all legitimate sources are covered.
4. Verify with tools: Run SPF checks using MXToolbox or dig TXT yourdomain.com to confirm the record is live and correct. For protecting downstream landing pages and conversion metrics during migration, review guides on protecting email conversion.

Checklist: DKIM (DomainKeys Identified Mail)

DKIM provides cryptographic signing of outbound mail. Missing DKIM is an immediate deliverability hit.

1. Generate DKIM keys at the new host.
   • Use 2048-bit keys; 1024 is deprecated in 2026 for high-risk domains.
2. Create selector-based TXT records.
   • Common format: selector._domainkey.yourdomain.com pointing to the public key TXT value supplied by the provider.
3. Test signing and verification.
   • Send messages from new host to a test inbox (Gmail, Outlook) and inspect full message headers for DKIM-Signature and Authentication-Results.
4. Plan key rotation.
   • Document selectors and rotation schedule. When you rotate, add the new selector before retiring the old one to avoid breaks.

Checklist: DMARC

DMARC controls how receivers handle unauthenticated mail and gives you reporting data to troubleshoot.

1. Start with a monitoring policy: Use p=none at first to collect reports, for example:

   v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com; ruf=mailto:dmarc-forensics@yourdomain.com; pct=100

2. Setup report inboxes and parsing.
   • Use a DMARC report analyzer (many free/paid tools exist) to interpret aggregate and forensic reports. Look for SPF/DKIM alignment failures. Making DMARC and reporting part of your security and privacy program aligns with security best practices for handling user data.
3. Move to enforcement gradually.
   • After 2–6 weeks of steady reports showing good alignment, change to p=quarantine, then to p=reject only after verifying no legitimate mail will be blocked.

Advanced authentication (recommended in 2026)

• MTA-STS: Publish MTA-STS policy and TLS-RPT to ensure encrypted delivery and receive TLS failure reports.
• BIMI: If brand indicators are important, implement BIMI and consider obtaining a Verified Mark Certificate (VMC) to show your logo in supporting inboxes. For publisher/platform badge strategies and brand presentation, see notes on platform branding.
• DANE: For organizations with heavy security needs, DANE can bind TLS certs to DNS (not widely used, but supported by some receivers).

Checklist: Mailbox and archival migration

Data loss is the most visible failure mode. Treat it as mission-critical.

1. Export all mail, contacts, and calendars from Gmail.
   • Use Google Takeout for exports, or IMAP-based tools for a direct copy. For large orgs, use a professional migration tool (IMAPSync, commercial migration services) that preserves labels, timestamps, and folder structure. See our tools roundup for migration tools and migration-service options.
2. Migrate mailboxes to the new host while keeping Gmail active.
   • Copy mail rather than cut. Validate sample mailboxes manually before doing full syncs.
3. Archive and retention.
   • Move long-term archives to an immutable store or legal-hold system if required by compliance. Keep raw export files for 30–90 days during cutover validation. If you need to automate metadata extraction and archival indexing during migration, consider workflows like automating metadata extraction.
4. Check labels and folder mapping.
   • Remember that Gmail labels map to folders in other systems and can create many folders. Test folder depth and search functionality in the new host.

Checklist: Client setups and apps

Users are the weakest link if clients are misconfigured. Prepare devices and automated apps.

1. Inventory all clients and apps that send or read mail.
   • List webmail, desktop (Outlook, Apple Mail), mobile (iOS, Android), marketing tools, CRMs, automation, monitoring services, and server alerts that use the inbox or SMTP.
2. Provide configuration guides.
   • Create step-by-step instructions for IMAP/SMTP settings, OAuth vs. app passwords, and webmail URLs. Test on common mail clients and mobile devices.
3. Autodiscover and CNAME records.
   • Some clients rely on autodiscover or SRV records. If your new host supports custom MX and autodiscover, add the provided CNAME/SRV records to simplify client setup.
4. Update SMTP credentials for apps.
   • Many apps (CRMs, payment gateways, monitoring) authenticate with Gmail SMTP. Change them to the new SMTP endpoint and rotate credentials before cutover when possible.

Checklist: Deliverability and blacklist tests

Verify mail flows and spam scores well before you move everything.

1. Create a seed list of test addresses.
   • Include Gmail, Outlook/Hotmail, Yahoo, ProtonMail, corporate addresses, and ISP-based mailboxes. Also include spam-trap-style addresses (use reputable seed services).
2. Run pre-cutover tests:
   • Send test messages from the new host and verify SPF/DKIM pass and DMARC alignment. Tools: Mail-Tester, MXToolbox, GlockApps, or provider-specific diagnostics. For a quick set of recommended third-party checks, see a tools roundup that includes deliverability services.
3. Check IP and domain blacklists.
   • Verify outbound IPs and your domain are not on Spamhaus, Barracuda, or other major RBLs. If they are, resolve with the provider before routing production mail.
4. Monitor post-cutover metrics.
   • Use Gmail Postmaster Tools, Microsoft SNDS, and provider dashboards to watch bounce rates, spam complaints, and reputation. For ongoing monitoring and reporting governance, incorporate these into your security-news and ops review cadence (see security & marketplace news for examples of governance schedules).

Practical verification commands and checks

Run these before and after cutover. Replace yourdomain.com with your domain and mail.example.com with the provider values.

• Check MX: dig +short MX yourdomain.com
• Check SPF/DKIM TXT: dig +short TXT yourdomain.com and dig +short TXT selector._domainkey.yourdomain.com
• Test SMTP TLS: openssl s_client -starttls smtp -crlf -connect smtp.mailprovider.com:587
• Verify DKIM sign: Send to a mail-tester style inbox and inspect Authentication-Results in headers.

Common migration problems and quick fixes (real-world examples)

Two client stories illustrate what to watch for:

Case: “50-user org — SPF exceeded lookups”

A mid-sized marketing agency moved to a new hosted provider and included their CRM, email service, and new host in SPF. SPF failed due to >10 DNS lookups and outbound mail started failing DMARC checks. Fix: the team flattened SPF via the provider’s SPF flattening service and consolidated marketing sends through a single authenticated provider. Result: SPF passed and deliverability recovered within 24 hours.

Case: “Immediate bounce after MX switch”

A small retailer changed MX priorities but forgot to provision mailboxes at the new host for two aliases used in billing. Inbound invoices bounced. Fix: Re-added old MX to restore delivery, provisioned missing mailboxes, and then performed a staged cutover with monitoring. Lesson: pre-create all mailboxes and forwards before changing MX.

Cutover runbook — step-by-step

1. 72 hours prior: Lower TTL to 300s for MX and TXT records. Provision all mailboxes and aliases at the new host.
2. 48 hours prior: Publish SPF (soft fail), DKIM public keys, and DMARC p=none (monitoring) records. Add new MX records alongside old Gmail MXs.
3. 24 hours prior: Migrate mail archives and validate sample mailboxes. Test sending and receiving on seed list.
4. Cutover (low-traffic window): Remove Gmail MX records (or set new host as higher priority). Monitor mail logs, bounce messages, and DMARC reports in real time. If the cutover encounters outages unrelated to DNS, refer to an incident playbook such as a platform outage playbook for notification steps.
5. 0–72 hours after: Watch delivery rates and spam complaints. Keep DMARC at p=none until confident. Fix any failures rapidly and consider rolling back if critical mail paths are broken.
6. 2–8 weeks after: Harden SPF to -all, tighten DMARC to quarantine/reject, and enable MTA-STS/BIMI as appropriate.

Final checklist summary (printable)

• Access to DNS and registrar confirmed
• Low TTL set for MX/TXT
• New MX records added (not replacing Gmail yet)
• SPF published (use ~all during tests)
• DKIM keys added and verified
• DMARC p=none with reporting enabled
• Mailboxes and aliases provisioned at new host
• All clients and apps inventoried and reconfigured
• Archives migrated and verified
• Seed deliverability tests run; blacklists checked
• Cutover window scheduled; rollback plan documented

Post-migration governance and monitoring

After the move, make authentication maintenance part of routine ops:

• Quarterly review of SPF includes and DKIM selectors
• Monthly DMARC report review and action items
• Monitor reputation dashboards and complaint rates weekly for the first 90 days

Parting advice — trust, but verify

Switching off Gmail in 2026 is a justified choice for many organizations, but the migration must be treated as a systems change, not a single DNS edit. Authenticate early, migrate data carefully, test deliverability repeatedly, and keep a rollback plan in your pocket.

Actionable next steps (do these today)

1. Document all mail flows and third-party senders in your org (marketing, CRM, ticketing).
2. Set DNS TTLs to 300s and add new MX records without removing Gmail MXs.
3. Publish SPF (soft), add DKIM keys and DMARC p=none with reports to your inbox or a reporting service.
4. Run a seed deliverability test and inspect authentication headers.

Need help executing this checklist?

If you want a migration template, an audit of your current DNS/authentication records, or a pre-cutover deliverability test, we offer hands-on guides and managed migration help tailored to marketing and SEO teams. Don’t gamble with your business email — take the checklist and schedule a short pre-migration review.

Call to action: Download our free migration runbook or book a 30-minute audit with an email deliverability specialist to validate your SPF/DKIM/DMARC and test mail flows before you move off Gmail.

Related Reading

• How to Conduct Due Diligence on Domains: Tracing Ownership and Illicit Activity (2026 Best Practices)
• Playbook: What to Do When X/Other Major Platforms Go Down — Notification and Recipient Safety
• Protecting Email Conversion From Unwanted Ad Placements
• Product Roundup: Tools That Make Local Organizing Feel Effortless (useful migration and sync tools)
• A Capsule Jewelry Wardrobe: 10 Emerald Pieces to Buy Before Prices Rise
• Are Large Windows Worth It in Cold Climates? Heating Cost Comparisons and Retrofit Tips
• AI-Generated Resumes Without the Cleanup: A Practical Checklist
• Media & Streaming Internships: How JioHotstar’s Record Viewership Creates New Entry-Level Roles
• Family Travel Savings: Combining Carrier Deals and Hotel Perks for Budget Trips