{"id":162855,"date":"2025-04-24T15:01:38","date_gmt":"2025-04-24T13:01:38","guid":{"rendered":"https:\/\/spotler.com\/?post_type=blog&#038;p=162855"},"modified":"2026-01-27T17:18:10","modified_gmt":"2026-01-27T16:18:10","slug":"outlooks-new-dmarc-requirements","status":"publish","type":"blog","link":"https:\/\/spotler.com\/en-gb\/blog\/outlooks-new-dmarc-requirements","title":{"rendered":"Outlook&#8217;s new DMARC requirements"},"content":{"rendered":"<p><strong>A little over a year ago, in February 2024, <a href=\"https:\/\/spotler.com\/en-gb\/blog\/yahoo-google-new-dmarc-requirements\" target=\"_blank\" data-type=\"link\" data-id=\"https:\/\/spotler.com\/en-gb\/blog\/yahoo-google-new-dmarc-requirements\" rel=\"noreferrer noopener\">Yahoo and Google unveiled new rules for bulk senders<\/a>, designed to protect consumers from spam. Now Microsoft have announced an update that covers a lot of the same ground.<\/strong><\/p>\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<h2 class=\"wp-block-heading\">What does the update look like?<\/h2>\n<p><a href=\"https:\/\/techcommunity.microsoft.com\/blog\/microsoftdefenderforoffice365blog\/strengthening-email-ecosystem-outlook%E2%80%99s-new-requirements-for-high%E2%80%90volume-senders\/4399730\" data-type=\"link\" data-id=\"https:\/\/techcommunity.microsoft.com\/blog\/microsoftdefenderforoffice365blog\/strengthening-email-ecosystem-outlook%E2%80%99s-new-requirements-for-high%E2%80%90volume-senders\/4399730\" target=\"_blank\" rel=\"noreferrer noopener\">Read the full announcement here<\/a>.<\/p>\n<p><em>For domains sending over 5,000 emails per day, Outlook will soon require compliance with SPF, DKIM, DMARC. Non<\/em><em>\u2010<\/em><em>compliant messages will first be routed to Junk. If issues remain unresolved, they may eventually be rejected. Senders will soon start requiring compliance with the following requirements:<\/em><em>&nbsp;<\/em><em><\/em><\/p>\n<h4 class=\"wp-block-heading\"><em>1. SPF (Sender Policy Framework)<\/em><\/h4>\n<ul class=\"wp-block-list\">\n<li><em>Must Pass for the sending domain.<\/em><\/li>\n<li><em>Your domain&#8217;s DNS record should accurately list authorized IP addresses\/hosts.<\/em><\/li>\n<\/ul>\n<h4 class=\"wp-block-heading\"><em>2. DKIM (DomainKeys Identified Mail)<\/em><\/h4>\n<ul class=\"wp-block-list\">\n<li><em>Must Pass to validate email integrity and authenticity.<\/em><\/li>\n<\/ul>\n<h4 class=\"wp-block-heading\">3. DMARC (Domain-based Message Authentication, Reporting, and Conformance)<\/h4>\n<ul class=\"wp-block-list\">\n<li><em>At least p=none and align with either SPF or DKIM (preferably both).<\/em><\/li>\n<\/ul>\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<h3 class=\"wp-block-heading\">Additional Email Hygiene Recommendations<\/h3>\n<p><em>Large senders should also adopt these practices to maintain quality and trust:<\/em><\/p>\n<ul class=\"wp-block-list\">\n<li><strong><em>Compliant P2 (Primary) Sender Addresses<\/em><\/strong><em>: Ensure the \u201cFrom\u201d or \u201cReply<\/em><em>\u2010<\/em><em>To<\/em><em>\u201d<\/em><em> address is valid, reflects the true sending domain, and can receive replies.<\/em><em>&nbsp;<\/em><\/li>\n<li><strong><em>Functional Unsubscribe Links<\/em><\/strong><em>: Provide an easy, clearly visible way for recipients to opt out of further messages, particularly for marketing or bulk mail.&nbsp;<\/em><\/li>\n<li><strong><em>List Hygiene &amp; Bounce Management<\/em><\/strong><em>: Remove invalid addresses regularly to reduce spam complaints, bounces, and wasted messages.&nbsp;<\/em><\/li>\n<li><strong><em>Transparent Mailing Practices<\/em><\/strong><em>: Use accurate subject lines, avoid deceptive headers, and ensure your recipients have consented to receive your messages.&nbsp;<\/em><\/li>\n<\/ul>\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<h2 class=\"wp-block-heading\">How does it affect me?<\/h2>\n<p>If you\u2019re doing email marketing properly, there\u2019s not a whole lot to worry about here. Both of SPF and DKIM have been a requirement for Spotler customers for a long time.<\/p>\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<h4 class=\"wp-block-heading\">SPF (Sender Policy Framework)<\/h4>\n<p>SPF makes sure that your email server is allowed to send emails from the domain you\u2019re using (the bit after the @ in the email address).<\/p>\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<h4 class=\"wp-block-heading\">DKIM (DomainKeys Identified Mail)<\/h4>\n<p>DKIM operates at the recipient\u2019s end, acting like a signature to prove that your email comes from who it looks like it comes from.<\/p>\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<h4 class=\"wp-block-heading\">DMARC (Domain-based Message Authentication, Reporting and Conformance)<\/h4>\n<p>The newest of the 3, but it\u2019s still been around for over a decade.<\/p>\n<p>DMARC acts as an umbrella, checking that SPF and DKIM match the From Address, providing a policy for what email clients should do with any messages that fail the test (Reject, Quarantine, or Nothing), and delivering reports on what it\u2019s seeing.<\/p>\n<p>We\u2019ve recommended having DMARC in place to all our customers for a number of years now.<\/p>\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<h4 class=\"wp-block-heading\">Compliant P2 (Primary) Sender Addresses<\/h4>\n<p>There&#8217;s no better time than now to get rid of \u201cnoreply\u201d addresses, or worse non-existing From addresses. Receiving email from \u201cNOREPLY@[sender]\u201d has never been great; it feels like you\u2019re being shouted at, rather than being engaged in an open conversation.<\/p>\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<h4 class=\"wp-block-heading\">The non-technical bits<\/h4>\n<p>Removing invalid addresses on a regular basis has been a good idea since the very first mass email was sent. Bounced recipients won\u2019t be opening or clicking, so getting rid of them will make your overall results healthier immediately!<\/p>\n<p>\u201cMake sure your recipients have consented to receive your messages\u201d; GDPR\/PECR ringing any bells?!<\/p>\n<p>\u201cUse accurate subject lines, avoid deceptive headers\u201d; Sneaky tricks like this might make your open rate look healthy, but you bait your audience into opening or clicking on content that\u2019s not what they\u2019re expecting, expect to lose a whole lot of trust!<\/p>\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<h2 class=\"wp-block-heading\">I don\u2019t know if my audience even uses Outlook\u2026<\/h2>\n<p>The good news is it\u2019s easy to check!<\/p>\n<p>Under the \u201cOpens\u201d tab in a <a href=\"https:\/\/spotler.com\/en-gb\/mailplus\" data-type=\"page\" data-id=\"78387\">Spotler Mail+<\/a> Mailing Report, you will see \u201cTop 10 Opens per email client\u201d. One of our recent campaigns looked like this:<\/p>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"700\" height=\"360\" src=\"https:\/\/spotler.com\/wp-content\/uploads\/2025\/04\/blog-outlook-dmarc-guidelines-mailclients.webp\" alt=\"\" class=\"wp-image-162887\" srcset=\"https:\/\/spotler.com\/wp-content\/uploads\/2025\/04\/blog-outlook-dmarc-guidelines-mailclients.webp 700w, https:\/\/spotler.com\/wp-content\/uploads\/2025\/04\/blog-outlook-dmarc-guidelines-mailclients-300x154.webp 300w, https:\/\/spotler.com\/wp-content\/uploads\/2025\/04\/blog-outlook-dmarc-guidelines-mailclients-369x190.webp 369w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><\/figure>\n<p>For this particular audience, Outlook accounts for 49.5% of the Opens across all versions. Microsoft have been clear that Outlook.com is included in this update, so Hotmail.com and live.com are also affected.<\/p>\n<p>Please note that your audience will be different, so it\u2019s important to understand the nuance for how much this update will affect you.<\/p>\n<div style=\"height:50px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<h2 class=\"wp-block-heading\">I found no Outlook users in my audience, can I just ignore this?<\/h2>\n<p>Even if there are no Outlook users in your audience, Outlook is now the third email client to implement these rules (<a href=\"https:\/\/spotler.com\/en-gb\/blog\/yahoo-google-new-dmarc-requirements\" data-type=\"link\" data-id=\"https:\/\/spotler.com\/en-gb\/blog\/under-the-skin-of-the-yahoo-gmail-update-what-you-need-to-do-and-how-to-do-it\">after Yahoo &amp; Google<\/a>), so we can expect the rest of the email world to take a very similar approach, probably sooner than later.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" width=\"718\" height=\"1024\" src=\"https:\/\/spotler.com\/wp-content\/uploads\/2025\/04\/blog-outlook-dmarc-guidelines-clients-718x1024.webp\" alt=\"\" class=\"wp-image-162872\" style=\"width:550px\" srcset=\"https:\/\/spotler.com\/wp-content\/uploads\/2025\/04\/blog-outlook-dmarc-guidelines-clients-718x1024.webp 718w, https:\/\/spotler.com\/wp-content\/uploads\/2025\/04\/blog-outlook-dmarc-guidelines-clients-210x300.webp 210w, https:\/\/spotler.com\/wp-content\/uploads\/2025\/04\/blog-outlook-dmarc-guidelines-clients-768x1096.webp 768w, https:\/\/spotler.com\/wp-content\/uploads\/2025\/04\/blog-outlook-dmarc-guidelines-clients-767x1095.webp 767w, https:\/\/spotler.com\/wp-content\/uploads\/2025\/04\/blog-outlook-dmarc-guidelines-clients-133x190.webp 133w, https:\/\/spotler.com\/wp-content\/uploads\/2025\/04\/blog-outlook-dmarc-guidelines-clients-817x1166.webp 817w, https:\/\/spotler.com\/wp-content\/uploads\/2025\/04\/blog-outlook-dmarc-guidelines-clients.webp 1000w\" sizes=\"(max-width: 718px) 100vw, 718px\" \/><figcaption class=\"wp-element-caption\"><a href=\"https:\/\/www.litmus.com\/email-client-market-share\" data-type=\"link\" data-id=\"https:\/\/www.litmus.com\/email-client-market-share\" target=\"_blank\" rel=\"noreferrer noopener\"><em>Yahoo, Gmail &amp; Outlook account for <span class=\"hide-mobile\"><br \/><\/span>around 38% of the email client market<\/em><\/a><\/figcaption><\/figure>\n<\/div>\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n<p>Follow our 3-step plan to keep on top of this update:<\/p>\n<ol class=\"wp-block-list\">\n<li>Don\u2019t Panic!<\/li>\n<li><span style=\"color: initial;\">Look at how much of your audience open your emails in Outlook<\/span><\/li>\n<li>Get your DMARC set up<\/li>\n<\/ol>\n<div style=\"height:25px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<p>If you take a sensible look at these guidelines, they represent an upgraded set of protections for legitimate senders against bad actors who might try to hijack domains to cause trouble.<\/p>\n<p>If you\u2019re looking for an email platform that has these guidelines built in and makes it easy for you to follow best practices around good subject lines and content, <a href=\"https:\/\/spotler.com\/en-gb\/mailplus\">Spotler Mail+<\/a> is just what you need.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft is changing the sender requirements for bulk senders and will soon require compliance with SPF, DKIM, DMARC.<\/p>\n","protected":false},"author":76,"featured_media":162865,"template":"","cat_industry":[],"cat_topic":[1636,1002],"class_list":["post-162855","blog","type-blog","status-publish","has-post-thumbnail","hentry","cat_topic-deliverability-en-gb","cat_topic-email-marketing-en-gb"],"acf":[],"_links":{"self":[{"href":"https:\/\/spotler.com\/en-gb\/wp-json\/wp\/v2\/blog\/162855","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/spotler.com\/en-gb\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/spotler.com\/en-gb\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/spotler.com\/en-gb\/wp-json\/wp\/v2\/users\/76"}],"version-history":[{"count":5,"href":"https:\/\/spotler.com\/en-gb\/wp-json\/wp\/v2\/blog\/162855\/revisions"}],"predecessor-version":[{"id":229497,"href":"https:\/\/spotler.com\/en-gb\/wp-json\/wp\/v2\/blog\/162855\/revisions\/229497"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/spotler.com\/en-gb\/wp-json\/wp\/v2\/media\/162865"}],"wp:attachment":[{"href":"https:\/\/spotler.com\/en-gb\/wp-json\/wp\/v2\/media?parent=162855"}],"wp:term":[{"taxonomy":"cat_industry","embeddable":true,"href":"https:\/\/spotler.com\/en-gb\/wp-json\/wp\/v2\/cat_industry?post=162855"},{"taxonomy":"cat_topic","embeddable":true,"href":"https:\/\/spotler.com\/en-gb\/wp-json\/wp\/v2\/cat_topic?post=162855"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}