Home
The Mailjet Blog
Email best practices
Outlook’s new sender requirements: What you need to know (and do)
Email best practices
Microsoft Outlook’s new sender requirements: What you need to know (and do)
Microsoft has finally joined the club. As of May 5, 2025, mass senders will need to tighten their email authentication protocols to avoid risking their emails landing in the spam folder or worse, getting blocked altogether.
PUBLISHED ON
Big news for email marketers and senders: Starting May 5, 2025, Microsoft Outlook will begin enforcing stricter email authentication requirements for high-volume senders –people sending more than 5,000 emails per day. If your messages land in Outlook.com inboxes (including hotmail.com, live.com, and outlook.com addresses), you’ll need to comply with new standards or risk ending up in the spam folder or worse, getting blocked altogether.
Here’s what’s changing, why it matters, and what you should be doing right now to stay compliant.
Table of contents
02
Why now?
What are Microsoft’s new sender requirements?
Microsoft is following in the footsteps of Google and Yahoo by requiring bulk senders (5,000 + daily emails) to fully implement three key email authentication protocols:
SPF (Sender Policy Framework) Verifies that emails are sent from authorized servers listed in your domain’s DNS.
DKIM (DomainKeys Identified Mail) Digitally signs your emails to verify they haven’t been tampered with in transit.
DMARC (Domain-based Message Authentication, Reporting, and Conformance) Tells email providers how to handle unauthenticated emails and provides visibility into unauthorized activity using your domain.
Pro tip: The minimum DMARC policy required will be: p=none. However, Microsoft recommends eventually moving to p=reject for stronger security.
Non‐compliant messages will first be routed to spam folders. If the issues persist, senders will find their emails eventually rejected altogether – something you’ll want to avoid!
Why now?
It seems Microsoft has finally joined the party in keeping our inboxes safe and junk free. The new email authentication requirements for brands sending bulk email will reduce the risk of email spoofing, phishing attacks, and improve overall security and email deliverability.
But why now? Why the sudden need for action?
Well, it’s probably worth mentioning that these new requirements are simply best practices that have existed for well over 10+ years now. There’s nothing particularly new or revolutionary about what Microsoft, Yahoo and Google are doing. In fact, many email senders already meet these authentication standards. The difference is they will now be enforced.
Further reading: Emails that fail to reach your customers and prospects are missed opportunities to connect and engage. A new report from Sinch Mailjet reveals how to avoid roadblocks and dead ends on the way to reaching the inbox. Get survey results and expert advice in our report Road to the inbox.
Are there any additional changes I should be aware of?
Microsoft also made it clear it will be clamping down on list hygiene best practices, too. Here are some of those best practices they recommend adopting:
Ensure the “From” or “Reply‐To” address is valid, reflects the true sending domain, and can receive replies.
Provide a clearly visible unsubscribe link for recipients to opt out of unwanted emails.
Remove invalid addresses regularly to reduce spam complaints and bounces.
Use accurate subject lines and ensure your recipients have consented to receive your messages.
Again, Microsoft has said it will take action if these requirements are not met, including filtering or blocking non‐compliant senders.
Deadline and enforcement
Here’s the timeframe we’ve been given for compliance:
Now: Make sure your SPF, DKIM, and DMARC records are updated, aligned, and functioning correctly.
May 5, 2025: Microsoft begins routing messages from high volume non‐compliant domains to the Junk folder.
Future: We can expect inbox rejection from all non-compliant senders.
What should I do now?
With Microsoft's sending requirements largely falling in line with what we saw from Google and Yahoo in 2024, the good news is (if you already implemented the email authentication protocols) no additional action needs to be taken.
However, if that’s not your case, here’s a list of action items along with some documentation on how to get ready:
What you’ll need | How to get there |
|---|---|
What you’ll need | |
SPF and DKIM | If you’re a Mailjet user, just follow our detailed guide to get your domains authenticated with SPF and DKIM. If you’re not, we’ve outlined the processes for obtaining these authentications in these posts: How to handle SPF and DKIM setup. For DMARC you will need to set up at minimum a p=none policy. |
How to get there | |
DMARC | Implementing DMARC takes a bit more time, as DMARC allows you to make choices regarding your policy based on your email program. Get started now by checking out our article What is DMARC and how it works. |
Email list hygiene | Email list hygiene involves removing unsubscribed or unengaged contacts to improve your email deliverability and conversion rates. We’ve put together some tips and best practices for cleaning your email lists. |
How can Sinch Mailjet help?
At Sinch, email deliverability excellence is always at the core of our product offering for all our email solutions. We’re constantly striving to set up our users for deliverability success and making sure you get the help you need to achieve it.
Sinch Mailjet users can use our detailed documentation to set up the SPF and DKIM email authentication protocols required by Microsoft. If you’re looking for even more tailored support, check out our Deliverability Services. We have a dedicated team of experts ready to help your company navigate these evolving industry standards and implement the tailored strategy that best fits your email needs.
