The problem with getting Gmail to work for bounces has to do with the permissions of the Gmail account. You have to update the Security configuration to allow a 3rd Party Apps to access the Gmail account with only a username & password (i.e., without using a 2-factor authentication method or OAUTH2).
Before you get excited and run out and update your Gmail account Security settings, don’t bother. Gmail is disabling / removing the ability to allow 3rd Party Apps to access an account with only a username & password on May 30, 2022.
This is where the PHPMailer OAUTH / OAUTH2 capability needs to be integrated into phpList. PhpList utilizes PHPMailer to send each message, but the OAUTH2 authentication method is not supported by the phpList configuration. I’ve been looking at the phpList code trying to figure out how to integrate the OAUTH2 authentication into it. While it is certainly possible to hack the phpList code to include OAUTH2, it needs to be a capability added to the phpList code base (otherwise you can never update to the latest release of phpList after you have hacked the code).