Skip to main content
Italiano
Help Desk

Microsoft requirements for senders: what to do to prevent emails from being blocked

Updated

Microsoft has introduced new requirements for email senders, following what Google and Yahoo did in 2024. These requirements aim to enhance the security of users' mailboxes, making them more resilient to phishing, spam, and other abuses. Additionally, they offer significant benefits to senders, such as the ability to protect their domain, improve reputation, and ensure greater deliverability.

Starting May 5, 2025, if you send more than 5,000 emails in a day to Outlook, Hotmail, and Live contacts, you must comply with specific email authentication and contact list management requirements, otherwise your emails will be classified as spam or not delivered to your contacts.

The requirements are essentially the same as those for Google and Yahoo: if you have already complied with theirs, you need not do anything more, just continue to monitor your Brand Protection configurations and follow the best practices for email deliverability.

Discover in this article the new requirements from Microsoft and how to ensure that your emails reach their destination correctly.

Who are the requirements for? 

Microsoft's requirements are aimed at bulk senders, those sending more than 5,000 emails in a day to Outlook, Hotmail, and Live contacts. However, these guidelines represent best practices that every sender should consider to improve their reputation and ensure greater deliverability of their emails.

What are the requirements? 

Email authentication via SPF, DKIM, DMARC

Email authentication protocols SPF, DKIM, and DMARC allow Mailbox Providers to know you are a reliable sender, meaning you are who you claim to be, and that your emails are legitimate and trustworthy.

  • SPF (Sender Policy Framework) 
    • The technical sender domain, also known as Return-Path domain, EnvelopeSender, MailFrom, must pass the SPF check, so the SPF record published for the technical sender domain must accurately list all IP addresses/servers authorized to send on behalf of the domain.
  • DKIM (DomainKeys Identified Mail)
    • Emails sent must have a valid DKIM signature certifying that the emails actually come from the sender domain and have not been altered during their path to the final recipient. DKIM is used to ensure the integrity and authenticity of the emails sent.
  • DMARC (Domain-based Message Authentication, Reporting, and Conformance)
    • DMARC is your best ally to protect your sender domain from spoofing, phishing, and other abuses.
    • For the sender domain, there must be a valid DMARC record with the DMARC policy set to at least none (p=none)
    • The DMARC alignment must be satisfied, through DKIM alignment and/or SPF alignment (both recommended):
      • DKIM alignment: the sender domain must match the DKIM-certified domain. Achieve this alignment in magnews by configuring the DKIM for your sender domain.
      • SPF alignment: the sender domain must be aligned with the technical sender domain, also known as Return-Path domain, Envelope Sender, Mailfrom, for which the SPF record is configured. The technical sender domain can match or be a subdomain of the sender domain. Achieve this alignment in magnews by customizing the technical sender domain.

Guidelines for keeping clean lists and instilling trust 

  • The "From" or "Reply-To" must be existing: the email address you set as sender or Reply-to in your email communications must be valid, existing, and capable of receiving replies.
  • Clear and working unsubscribe link: provide your contacts with a simple way to unsubscribe from emails they no longer wish to receive. Ensure the unsubscribe link within your communications is clearly visible and functioning.
  • List cleaning and bounce management: regularly remove inactive contacts and those with invalid email addresses to reduce spam complaints and bounces. 
  • Transparent mailing practices: ensure emails are sent only to contacts who have consented to receive them and want to receive them, with sincere and relevant subject and content.

What happens if you don't follow the requirements? 

Microsoft penalizes your emails by classifying them as spam or not delivering them to recipients. Specifically, emails that do not meet the email authentication requirements may be blocked by Microsoft with the error "550; 5.7.515 Access denied, sending domain [SendingDomain] does not meet the required authentication level."

In magnews, emails not delivered for this reason are registered as "Soft Block Bounce", and can be analyzed through the Bounce Analysis report available for all sent communications.

 

What to do to prevent your emails from being blocked?

  • Set as "Sender email" and/or "Reply-To email" only existing email addresses.
  • Configure DKIM for your sender domain. Discover how here.
  • Configure DMARC for your sender domain. Discover how to do it here
  • Meet DMARC alignment, through DKIM alignment and/or SPF alignment (both recommended): 
  • Regularly monitor the status of DKIM, DMARC configurations and the technical sender domain. Ensure they are always correct and complete by monitoring from the sender domains section or starting deliverability checks for each of your email communications.
  • Follow the best practices for email deliverability