Starting 5 May 2025, Microsoft is strengthening its email security by enforcing stricter authentication requirements for high-volume senders. If your business sends 5,000 or more emails per day to Microsoft consumer addresses such as @outlook.com, @hotmail.com, or @live.com these changes could directly impact your deliverability.
Here’s what you need to know:
Why This Matters
Email authentication helps prevent phishing and spoofing, protecting both your brand and your recipients. Following similar moves from Google and Yahoo in early 2024, Microsoft is aligning its standards across the board to improve trust in email communication.
What’s Changing?
Microsoft will now require the following for high-volume domains:
SPF (Sender Policy Framework)
- Confirms the email is sent from an authorised server.
- Your DNS must list valid IPs/hosts.
DKIM (DomainKeys Identified Mail)
- Uses encryption to verify the content hasn't been tampered with.
- Must pass for email integrity.
DMARC (Domain-based Message Authentication, Reporting, and Conformance)
- Tells receiving servers what to do with unauthenticated mail.
- Requires at least a policy of p=none and alignment with SPF or DKIM (ideally both).
What Happens If You Don’t Comply?
From 5 May 2025:
- Non-compliant emails may be routed to junk folders.
- Whitelisting won't save you—sender exceptions won’t apply.
- Later in 2025, Microsoft will begin rejecting non-compliant emails altogether (date TBD).
What Should You Do Now?
- Check your DNS settings: Ensure SPF, DKIM and DMARC records are properly configured.
- Run a domain alignment check: Your DMARC policy must align with SPF or DKIM.
- Don’t wait: Use this grace period before May to avoid disruptions to your outbound email.
Need Help?
At Affinity, we help businesses ensure their email domains are compliant, secure, and deliverable. Don’t let poor configuration undermine your outreach or reputation.
Get in touch for a DMARC compliance check today.
