If your business sends a lot of emails to Outlook, Hotmail, or Live accounts, there’s a big change on the horizon.
Starting 5 May 2025, Microsoft will begin enforcing new email authentication requirements for high-volume senders – and failing to comply could send your messages straight to the Junk folder.
Let’s break it down so you know exactly what’s happening and how to stay ahead.
Why Is This Happening?
This is part of Microsoft’s wider effort to make email safer and reduce the spread of spam and phishing attacks. They’re joining forces with Google and Yahoo, who have introduced similar policies, to push for better standards across the email ecosystem.
In short: they want to make sure the people sending emails are who they say they are.
Who Needs to Pay Attention?
You’ll need to take action if:
- You send 5,000 or more emails per day to Microsoft’s consumer email services (including Outlook.com, Hotmail.com and Live.com)
- That volume includes all emails from your domain and any subdomains
- Your emails aren’t already authenticated with SPF, DKIM and DMARC
Even if you’re not hitting the 5,000 mark just yet, it’s worth getting ahead of the game. Especially if your email marketing or customer comms are ramping up.
What Microsoft Requires (Starting 5 May)
To avoid deliverability issues, Microsoft requires all bulk email senders to set up and properly configure the following:
1. SPF (Sender Policy Framework)
This tells Microsoft which mail servers are authorised to send emails on your domain’s behalf.
2. DKIM (DomainKeys Identified Mail)
DKIM adds a digital signature to your emails, confirming they haven’t been tampered with in transit.
3. DMARC (Domain-based Message Authentication, Reporting and Conformance)
DMARC builds on SPF and DKIM by specifying what to do with unauthenticated emails (even a simple p=none policy is acceptable for now).
If your domain doesn’t pass these checks, your emails will start heading straight for the Junk folder from 5 May. Microsoft also mentioned they’ll begin rejecting non-compliant emails entirely at a later date.
Other Important Recommendations
Aside from the technical setup, Microsoft also strongly recommends:
- Having a valid “From” or “Reply-To” address (don’t use no-reply addresses that don’t go anywhere)
- Including an unsubscribe link in every marketing or bulk email
- Keeping your mailing list clean (remove invalid or inactive addresses regularly)
- Only emailing people who’ve opted in and expect to hear from you
These are good practices in general – not just to stay on Microsoft’s good side, but to make sure your audience actually reads and trusts your messages.
What Should You Do Now?
If you’re using a hosted email service or sending via a platform like Mailchimp or SendGrid, now’s the time to:
- Double-check your SPF, DKIM, and DMARC records
- Speak to your provider if you’re not sure your domain is configured correctly
- Set up reporting with DMARC to monitor how your domain is being used
- Review your unsubscribe links and contact lists
At ScaleFair, we’re already helping businesses get these records in place as part of our domain and email services. So if you’re unsure what to do next, get in touch and we’ll walk you through it.
Why It Matters
Email is still one of the most effective ways to reach your customers, but only if your emails actually make it into their inbox. These new authentication requirements are part of a broader movement towards a safer, cleaner internet and early adopters will see the benefits in both deliverability and trust.
Need Help?
If you’re a ScaleFair customer (or thinking of becoming one), we can help you configure SPF, DKIM, and DMARC properly on your domain. Whether you use Microsoft 365, Google Workspace, or another platform, we’ve got the tools and know-how to make sure your messages land where they belong – the inbox.
Want to make sure your emails keep getting through?
Contact our team or open a ticket from your ScaleFair client area – we’ll get you sorted.
Read the Microsoft Community post on this topic here
Leave a Reply