Microsoft’s new DMARC, SPF and DKIM requirements are coming – are you prepared?

Microsoft has announced stricter requirements for the protection of its users’ inboxes

Get up to speed with a little refresher about what DMARC is and how it works. 

SPF, DKIM, and DMARC settings are now mandatory in certain cases, enforcing stricter security standards. Microsoft’s move, specific to the consumer facing Outlook.com at the moment, pushes the industry toward essential best practices, protecting millions of individuals and small businesses who depend on our services. These measures will curb spoofing, phishing, and spam, bolstering brand protection and deliverability for legitimate senders. 

Find out how DMARC helps protect against Email Spoofing. 

Who is affected by the new Requirements? 

Starting May 5th, 2025, Outlook.com mailboxes will initially direct emails from high-volume senders lacking the necessary compliance to the Junk folder. This provides a window for senders to resolve any outstanding configuration needs. Looking ahead, please note that non-compliant emails will eventually be rejected outright (with the future date to be communicated) to strengthen user protection. 

The restrictions will apply to domains sending more than 5,000 emails a day to Outlook/hotmail.com addresses.  

Learn more about how compliant DMARC settings will enhance your chances of emails reaching the intended inboxes.  

What Should I do now? 

First things first: Find out about the status of your domain’s security posture by using our domain checking tool.

Despite adjusting your DMARC, SPF and DKIM settings, Microsoft shared some additional advice: 

• Compliant Sender Addresses: Your “From” and “Reply-To” addresses should be valid, genuinely represent your sending domain, and be able to receive replies.  
• Functional Unsubscribe Options: Make it easy for recipients to unsubscribe from future communications, especially for marketing and bulk emails. Ensure these links are clear and accessible.  
• Maintaining List Hygiene: Regularly clean your mailing lists of invalid addresses to improve deliverability and reduce negative feedback like bounces and spam complaints.  
• Transparent Mailing: Always use truthful subject lines, avoid deceptive header information, and confirm recipients have opted in to receive your messages.  

Important: Outlook.com may filter or block senders who don’t adhere to these guidelines, especially for significant issues with authentication or list hygiene. 

DMARC Manager simplifies Implementation 

DMARC Manager makes DMARC authentication straightforward, streamlining implementation for businesses. It demystifies setup for DMARC, SPF, and DKIM, ensuring correct email authentication and compliance. Further, it provides visibility into whoever else is sending emails under a domain and returns control to the domain owner, strengthening and securing brand reputation. Real-time alerts and detailed reports proactively safeguard your email reputation even further. 

Learn more about Hornetsecurity DMARC Manager.