Microsoft announces new email requirements for bulk senders

Update: Includes a revision that Microsoft will now reject messages rather than moving to junk from large senders that don’t meet the sending requirements.. Everything else remains the same.  When rejected, the following message will be sent instead “550; 5.7.515 Access denied, sending domain [SenderDomain] doesn’t meet the required authentication level.”

This blog:

  • Outlines Microsoft’s new email requirements for bulk senders effective May 5, 2025.
  • Highlights the need for SPF, DKIM, and DMARC to avoid junking or rejection.
  • Discusses the benefits of Red Sift OnDMARC and free tool Red Sift Investigate—for fast, effective compliance.

Microsoft has officially announced new authentication requirements for bulk email senders—referred to as ‘high volume senders’ in their documentation—aligning with the policies rolled out in 2024 by Google and Yahoo. These changes aim to improve email security and deliverability for Outlook.com users, covering domains like outlook.com, hotmail.com, and live.com.

The update marks a significant shift as Microsoft moves to require SPF, DKIM, and—critically—DMARC (Domain-based Message Authentication, Reporting, and Conformance). This signals a broader industry push toward stronger sender authentication, helping protect users from spoofed or fraudulent emails.

If your organization isn’t compliant yet, now is the time to act. This article compiles essential resources, including our free Bulk Sender’s Compliance Checker, Red Sift Investigate, to help you prepare for Microsoft’s new requirements with confidence.

Ready to get started? Unlock your free Red Sift OnDMARC trial and start your DMARC implementation now.

What’s changing—and what it means for your organization

Microsoft’s latest announcement signals a major shift in how businesses must manage email authentication. Much like Google and Yahoo’s February 2024 policy changes, this move aims to stop phishing, spoofing, and spam by ensuring only properly authenticated emails reach recipients.

For senders, the key takeaway is clear: DMARC compliance is now essential. Without it, organizations risk having their emails to Outlook, Hotmail, and other Microsoft domains rejected entirely.

If your business hasn’t implemented DMARC yet, now’s the time to act. You’ll need to ensure your SPF, DKIM, and DMARC records are correctly configured to meet Microsoft’s requirements.

While non-compliance could disrupt email marketing, transactional messages, and customer communications, organizations that act now stand to benefit: stronger security, better deliverability, and enhanced brand protection.

Learn more

Register for our upcoming “Bulk Up or Bust: Meeting Microsoft’s New Requirements for High Volume Senders” webinar to find our how these changes will effect your organization.

Key resources to help you stay compliant

What is DMARC? 

​DMARC is an email security protocol that enables domain owners to protect their domains from unauthorized use, such as phishing and email spoofing. By implementing DMARC, organizations can specify how receiving mail servers should handle emails that fail authentication checks, thereby enhancing email security and preserving brand reputation. 

The protocol also provides reporting mechanisms, offering visibility into potential abuse of the domain. Read more in our complete email security guide.

The role of DMARC in email security

DMARC plays a crucial role in protecting your business from phishing and business email compromise (BEC) attacks. By setting your policy to ‘p=reject’ (the strongest enforcement), you can prevent unauthorized senders from using your domain, keeping your emails secure and your brand protected.

Learn more about the role of DMARC in email security

How DMARC supports marketers

Boost email marketing ROI by implementing DMARC

Email deliverability hinges on compliance but is also an essential step in securing ROI for those email marketing campaigns. Hear from Rebecca Warren, VP of Marketing at Red Sift, on how you can maximise ROI in email marketing

What should I do next?

Check if you’re bulk sender compliant with Red Sift Investigate

Using our free tool Red Sift Investigate, you can instantly assess whether your email domains meet Microsoft’s new requirements. Our tool delivers a visual breakdown of whether your organization is ready and what actions are required.  

Unlock your Red Sift OnDMARC trial today

Adapting to Microsoft’s changes need not be daunting. With Red Sift OnDMARC, you can streamline your DMARC implementation while unlocking a range of benefits: 

  • Simplified email authentication: Manage SPF, DKIM, DMARC, and MTA-STS all in one place. A single DNS update eliminates the need for ongoing manual changes.
  • In-depth forensic insights: Get real-time alerts and detailed reports on failed authentication attempts, including AI-driven spoofing detection backed by a vast security database.
  • Boost brand visibility: Achieve full DMARC enforcement (p=reject) and display your logo in inboxes with BIMI, enhancing email recognition and trust.
  • Powerful AI automation: Red Sift Radar accelerates issue detection and resolution, cutting response times by up to 10x and reducing operational costs.
  • DNS Guardian: Red Sift’s DNS Guardian monitors for unauthorized DNS changes and safeguards critical email security records.
  • Seamless expansion: Easily integrate with Red Sift Brand Trust, Red Sift ASM, and Red Sift Certificates, scaling your email security strategy as your needs evolve.

Ignoring today’s new requirements could result in email deliverability issues, or outright rejection. Take the first step today by starting your free Red Sift OnDMARC trial to begin your DMARC implementation and step-by-step guide to reaching enforcement (p=reject). 

Need expert guidance? Speak to the Red Sift team today.

PUBLISHED BY

Jack Lilley

2 Apr. 2025

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
News

Europe’s #1 for DMARC: Red Sift OnDMARC does it again

Francesca Rünger-Field

G2’s Summer 2025 Report has landed, and we’re proud to share that Red Sift OnDMARC remains the #1-rated DMARC solution in Europe. This marks another strong season for OnDMARC, with continued recognition across G2’s category reports. We were featured in 18 reports this quarter, taking top spots in the Mid-Market Results Index and Mid-Market…

Read more
Cybersecurity

Healthcare and cybersecurity: 73% of breaches lack DMARC enforcement

Faisal Misle

The healthcare sector has become a target for both low-level and occasionally spectacularly successful cyberattacks. Hospitals, insurers, medical supply chains, service and medical providers are prime targets for threat actors, with email phishing attacks, ransomware, and data breaches on the rise. In 2024, 94% of U.S. healthcare organizations experienced a cyberattack, with the average…

Read more
BIMI

VMC and CMC: What are the new requirements?

Jack Lilley

Executive Summary: Staying updated on Verified Mark Certificates (VMCs) and Certified Mark Certificates (CMCs) is crucial for organizations aiming to authenticate their logos and enhance brand trust in email communications. Discover the key changes in the latest security requirements and compare the differences between VMCs and CMCs.​ This article: Introduction Verified Mark Certificates (VMCs) and…

Read more
BEC

The future of email security: Innovations, challenges, and the role of DMARC

Jack Lilley

Executive summary: Email remains a critical tool for business and personal communication, but it is also a primary target for cyber threats such as phishing, spoofing, and Business Email Compromise. As attackers become more sophisticated, organizations must adopt advanced security measures like DMARC and stay informed about emerging authentication protocols. Industry collaboration and proactive…

Read more